Namespace: WvdS.System.Security.Cryptography.X509Certificates
Drop-in replacement extensions for X509Chain with post-quantum signature validation. Extends standard chain validation with PQ signature checking in all three crypto modes.
| Method | Description |
|---|---|
Build(certificate, mode) | Builds and validates certificate chain with CryptoMode |
Build(certificate, customTrustStore, mode) | Chain validation with custom trust store |
Build(certificate, trustStore, mode) | Chain validation with PqTrustStore |
BuildWithRevocationCheck(…) | Chain build with CRL/OCSP checking |
BuildWithOfflineCrl(…) | Chain build with offline CRL data |
IsFullyPqProtected() | Checks if entire chain is PQ-protected |
GetChainCryptoModes() | Returns CryptoModes of all chain elements |
GetValidationReport() | Creates detailed validation report |
using var chain = new X509Chain(); var cert = new X509Certificate2("certificate.pfx"); // With explicit CryptoMode bool isValid = chain.Build(cert, CryptoMode.Hybrid); // With default mode from CryptoConfig bool isValid2 = chain.Build(cert, null);
| Mode | Classic Signature | PQ Signature |
|---|---|---|
| Classic | Checked | Ignored |
| Hybrid | Checked | Checked (if present) |
| PostQuantum | Checked (structure) | Required |
using var chain = new X509Chain(); chain.Build(cert, CryptoMode.Hybrid); if (chain.IsFullyPqProtected()) { Console.WriteLine("Entire chain is PQ-protected"); } else { var modes = chain.GetChainCryptoModes(); for (int i = 0; i < modes.Length; i++) { if (modes[i] == CryptoMode.Classic) Console.WriteLine($"Element {i} has no PQ protection"); } }
using var chain = new X509Chain(); chain.Build(cert, CryptoMode.Hybrid); var report = chain.GetValidationReport(); Console.WriteLine($"Valid: {report.IsValid}"); Console.WriteLine($"Chain length: {report.ChainLength}"); Console.WriteLine($"Fully PQ-protected: {report.IsFullyPqProtected}");
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional