NativeCryptoProvider

Prostor imena: WvdS.System.Security.Cryptography.Providers

P/Invoke-temeljeni kripto-provider za posluziteljske i desktop aplikacije. Komunicira izravno s OpenSSL 3.6 putem Platform Invocation Services.

Pregled

NativeCryptoProvider je standardni provider za:

Blazor Server
ASP.NET Core
Desktop aplikacije (Windows, Linux, macOS)
Konzolne aplikacije
Windows servise / Linux daemone

Svojstva

Svojstvo	Tip	Opis
`Name`	string	`"Native (P/Invoke)"`
`IsAvailable`	bool	`true` ako je OpenSSL 3.6 dostupan

Inicijalizacija

using WvdS.System.Security.Cryptography.Providers;
 
// Kreiranje providera
var provider = new NativeCryptoProvider();
 
// Inicijalizacija (ucitava OpenSSL)
await provider.InitializeAsync();
 
// Provjera dostupnosti
if (provider.IsAvailable)
{
    Console.WriteLine($"Provider: {provider.Name}");
    Console.WriteLine($"OpenSSL: {provider.GetOpenSslVersion()}");
}

ML-DSA operacije

GenerateMlDsaKeyPairAsync

Generira ML-DSA par kljuceva.

var (publicKey, privateKey) = await provider.GenerateMlDsaKeyPairAsync("ML-DSA-65");
 
// Podrzani algoritmi:
// - "ML-DSA-44" (NIST razina 1)
// - "ML-DSA-65" (NIST razina 3, preporuceno)
// - "ML-DSA-87" (NIST razina 5)

SignMlDsaAsync / VerifyMlDsaAsync

byte[] data = Encoding.UTF8.GetBytes("Vazni podaci");
byte[] signature = await provider.SignMlDsaAsync(data, privateKey);
bool isValid = await provider.VerifyMlDsaAsync(data, signature, publicKey);

ML-KEM operacije

GenerateMlKemKeyPairAsync

var (publicKey, privateKey) = await provider.GenerateMlKemKeyPairAsync("ML-KEM-768");
 
// Podrzani algoritmi:
// - "ML-KEM-512" (NIST razina 1)
// - "ML-KEM-768" (NIST razina 3, preporuceno)
// - "ML-KEM-1024" (NIST razina 5)

EncapsulateAsync / DecapsulateAsync

var (sharedSecret, ciphertext) = await provider.EncapsulateAsync(recipientPublicKey);
byte[] sharedSecret = await provider.DecapsulateAsync(ciphertext, privateKey);

Pregled metoda

Metoda	Parametri	Povratna vrijednost
`InitializeAsync()`	-	Task
`GetOpenSslVersion()`	-	string
`GenerateMlDsaKeyPairAsync`	string algorithm	Task<(byte[], byte[])>
`SignMlDsaAsync`	byte[] data, byte[] privateKey	Task<byte[]>
`VerifyMlDsaAsync`	byte[] data, byte[] signature, byte[] publicKey	Task<bool>
`GenerateMlKemKeyPairAsync`	string algorithm	Task<(byte[], byte[])>
`EncapsulateAsync`	byte[] publicKey	Task<(byte[], byte[])>
`DecapsulateAsync`	byte[] ciphertext, byte[] privateKey	Task<byte[]>
`CreateEphemeralCertificateAsync`	string subject, TimeSpan validity, byte[] privateKey	Task<byte[]>
`SignCertificateAsync`	byte[] tbsCertificate, byte[] privateKey	Task<byte[]>

Konfiguracija putanje OpenSSL-a

// Postavite putanju prije InitializeAsync()
CryptoConfig.OpenSslPath = @"C:\OpenSSL\bin";
 
var provider = new NativeCryptoProvider();
await provider.InitializeAsync();

Standardne putanje pretrazivanja:

Operativni sustav	Putanje
Windows	`.\`, `C:\OpenSSL\bin`, `PATH`
Linux	`/usr/local/lib64`, `/usr/lib/x86_64-linux-gnu`
macOS	`/opt/homebrew/lib`, `/usr/local/lib`

Sigurnosne napomene

Zahtijeva OpenSSL 3.6.0 ili noviji s PQ algoritmima
Privatni kljucevi se drze u memoriji procesa
Za najvisu sigurnost: eksplicitno obrisite kljuceve s CryptographicOperations.ZeroMemory

Vidi takoder

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional