Static configuration class for global PQ crypto settings.
namespace WvdS.System.Security.Cryptography public static class CryptoConfig
| Name | Type | Description |
|---|---|---|
| DefaultMode | CryptoMode | Global crypto mode for all operations. Default: CryptoMode.Classic |
| OpenSslPath | string? | Optional path to OpenSSL 3.6 library |
Gets or sets the global crypto mode.
public static CryptoMode DefaultMode { get; set; }
| Type | CryptoMode |
| Default Value | CryptoMode.Classic |
This property determines the default behavior of all extension methods when no explicit CryptoMode is passed.
| Value | Behavior |
|---|---|
| Classic | No PQ extensions |
| Hybrid | RSA/ECDSA + ML-DSA |
| PostQuantum | ML-DSA/ML-KEM only |
Example:
// At application startup CryptoConfig.DefaultMode = CryptoMode.Hybrid; // All subsequent operations use Hybrid var cert = request.CreateSelfSigned(notBefore, notAfter); // cert.HasPqSignature() == true
Gets or sets the path to the OpenSSL library.
public static string? OpenSslPath { get; set; }
| Type | string? |
| Default Value | null (automatic search) |
When null, the library automatically searches for OpenSSL:
| Platform | Search Paths |
|---|---|
| Windows x64 | libcrypto-3-x64.dll in application directory, PATH |
| Linux | libcrypto.so.3 in LD_LIBRARY_PATH, /usr/lib |
| macOS | libcrypto.3.dylib in DYLD_LIBRARY_PATH, /opt/homebrew/lib |
OpenSSL 3.6.0 or higher is required for ML-DSA and ML-KEM support.
Platform Examples:
// Windows CryptoConfig.OpenSslPath = @"C:\OpenSSL-3.6\bin\libcrypto-3-x64.dll"; // Linux CryptoConfig.OpenSslPath = "/opt/openssl-3.6/lib64/libcrypto.so.3"; // macOS CryptoConfig.OpenSslPath = "/opt/homebrew/opt/openssl@3/lib/libcrypto.3.dylib";
| Name | Description |
|---|---|
| EnablePostQuantum(CryptoMode) | Enables PQ cryptography and initializes OpenSSL |
Enables post-quantum cryptography and initializes the OpenSSL interop.
public static void EnablePostQuantum(CryptoMode mode = CryptoMode.Hybrid)
Parameters:
| Name | Type | Description |
|---|---|---|
| mode | CryptoMode | The mode to enable. Default: CryptoMode.Hybrid |
This method is a convenience function that:
DefaultMode to the specified valueEquivalent to:
CryptoConfig.DefaultMode = mode; CryptoProviderFactory.GetProvider().Initialize();
Examples:
// Enables Hybrid mode (default) CryptoConfig.EnablePostQuantum(); // Only for fully PQ-capable environments CryptoConfig.EnablePostQuantum(CryptoMode.PostQuantum);
Exceptions:
| DllNotFoundException | OpenSSL library not found |
| InvalidOperationException | OpenSSL version < 3.6 or PQ algorithms not available |
Changes to DefaultMode and OpenSslPath are thread-safe. Ideally, change these values only at application startup.
CryptoConfig is the central configuration point for the entire library. Settings apply globally to all threads.
// Recommended initialization in Program.cs or Startup CryptoConfig.DefaultMode = CryptoMode.Hybrid; CryptoConfig.OpenSslPath = @"C:\OpenSSL\bin\libcrypto-3-x64.dll";
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional