4.1 Getting Started

Quick start guide for developers integrating WvdS.System.Security.Cryptography.

Installation

dotnet add package EMSR.Crypto

Configuration

Add the following at application startup (Program.cs):

using WvdS.System.Security.Cryptography;
 
// Optional: Set OpenSSL path (if not in system PATH)
CryptoConfig.OpenSslPath = @"C:\OpenSSL\bin";
 
// Activate crypto mode
CryptoConfig.DefaultMode = CryptoMode.Hybrid;

→ API: CryptoConfig¹⁾, CryptoMode²⁾

First Hybrid Certificate

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using WvdS.System.Security.Cryptography;
using WvdS.System.Security.Cryptography.X509Certificates;
 
// Create RSA key
using var rsa = RSA.Create(4096);
 
// Certificate request
var request = new CertificateRequest(
    "CN=MyServer, O=MyCompany",
    rsa,
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1);
 
// Create self-signed certificate
// -> Automatically hybrid (RSA + ML-DSA) when CryptoMode.Hybrid is active
var cert = request.CreateSelfSigned(
    DateTimeOffset.Now,
    DateTimeOffset.Now.AddYears(1));
 
// Check if PQ signature is present
Console.WriteLine($"PQ Signature: {cert.HasPqSignature()}");

→ API: CreateSelfSigned³⁾, HasPqSignature⁴⁾

Crypto Modes

→ Details: Understanding Crypto Modes

Mode	Usage
`CryptoMode.Classic`	RSA/ECDSA only, full backward compatibility
`CryptoMode.Hybrid`	RSA + ML-DSA, recommended for migration
`CryptoMode.PostQuantum`	ML-DSA/ML-KEM only, maximum security

Next Steps

Integration - Platform-specific guides
Migration - From Classic to Hybrid
Examples - PKI setup, CSR scenarios

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

getting-started, installation, quickstart

¹⁾

Complete documentation of configuration options

²⁾

Enum with Classic, Hybrid, PostQuantum

³⁾

Extension for CertificateRequest

⁴⁾

Checks if certificate contains PQ signature

Inhaltsverzeichnis