====== Cifratura ======

Esempi compatti per la cifratura. → **Dettagli:** [[..:verschluesselung:start|Scenari cifratura]]

----

===== ML-KEM Key Encapsulation =====

<code csharp>
// Destinatario: Generare coppia di chiavi
using var mlKem = MlKem.Create(MlKemParameterSet.MlKem768);
byte[] publicKey = mlKem.ExportPublicKey();

// Mittente: Incapsulare Shared Secret
var encap = MlKem.Encapsulate(publicKey);
byte[] ciphertext = encap.Ciphertext;
byte[] senderSecret = encap.SharedSecret;

// Destinatario: Decapsulare Shared Secret
byte[] receiverSecret = mlKem.Decapsulate(ciphertext);
// senderSecret == receiverSecret
</code>

→ **Dettagli:** [[..:verschluesselung:key_encapsulation|Key Encapsulation]]

----

===== Hybrid Key Exchange =====

<code csharp>
// ECDH + ML-KEM combinati
using var hybrid = HybridKeyExchange.Create(
    ECCurve.NamedCurves.nistP384,
    MlKemParameterSet.MlKem768);

byte[] publicKey = hybrid.ExportPublicKey();

// Mittente
var encap = HybridKeyExchange.Encapsulate(publicKey);
byte[] sharedSecret = encap.SharedSecret; // 64 Bytes (32 ECDH + 32 ML-KEM)
</code>

→ **Dettagli:** [[..:verschluesselung:hybrid_encryption|Cifratura ibrida]]

----

===== AES-256-GCM =====

<code csharp>
// Derivare chiave da Shared Secret
byte[] aesKey = KeyDerivationExtensions.DeriveKey(
    sharedSecret, outputLength: 32,
    info: Encoding.UTF8.GetBytes("AES-256-GCM"));

// Cifrare
using var aes = new OpenSslAesGcm(aesKey);
byte[] nonce = RandomNumberGenerator.GetBytes(12);
byte[] ciphertext = new byte[plaintext.Length];
byte[] tag = new byte[16];

aes.Encrypt(nonce, plaintext, ciphertext, tag);

// Decifrare
byte[] decrypted = new byte[ciphertext.Length];
aes.Decrypt(nonce, ciphertext, tag, decrypted);
</code>

→ **Dettagli:** [[..:verschluesselung:file_encryption|Cifratura file]]

----

===== Workflow completo =====

<code csharp>
// 1. Key Exchange
using var mlKem = MlKem.Create(MlKemParameterSet.MlKem768);
var encap = MlKem.Encapsulate(mlKem.ExportPublicKey());

// 2. Key Derivation
byte[] key = KeyDerivationExtensions.DeriveKey(
    encap.SharedSecret, 32, info: "encryption"u8.ToArray());

// 3. Encryption
using var aes = new OpenSslAesGcm(key);
// ... cifrare
</code>

----

===== Algoritmi =====

^  Algoritmo  ^  Chiave  ^  Sicurezza  ^
| ML-KEM-512 | 800 B pub / 1632 B priv | Livello 1 |
| ML-KEM-768 | 1184 B pub / 2400 B priv | Livello 3 |
| ML-KEM-1024 | 1568 B pub / 3168 B priv | Livello 5 |
| AES-256-GCM | 256 Bit | 256 Bit |

----

<< [[.:start|← Riferimento rapido]] | [[..:verschluesselung:start|→ Scenari cifratura (Dettagli)]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>kurzreferenz verschluesselung ml-kem aes-gcm hybrid}}