The attribute plugin is not available, 2fa disabled

4.1 Getting Started

Quick start guide for developers integrating WvdS.System.Security.Cryptography.


Installation

dotnet add package EMSR.Crypto

Configuration

Add the following at application startup (Program.cs):

using WvdS.System.Security.Cryptography;
 
// Optional: Set OpenSSL path (if not in system PATH)
CryptoConfig.OpenSslPath = @"C:\OpenSSL\bin";
 
// Activate crypto mode
CryptoConfig.DefaultMode = CryptoMode.Hybrid;

API: CryptoConfig1), CryptoMode2)


First Hybrid Certificate

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using WvdS.System.Security.Cryptography;
using WvdS.System.Security.Cryptography.X509Certificates;
 
// Create RSA key
using var rsa = RSA.Create(4096);
 
// Certificate request
var request = new CertificateRequest(
    "CN=MyServer, O=MyCompany",
    rsa,
    HashAlgorithmName.SHA256,
    RSASignaturePadding.Pkcs1);
 
// Create self-signed certificate
// -> Automatically hybrid (RSA + ML-DSA) when CryptoMode.Hybrid is active
var cert = request.CreateSelfSigned(
    DateTimeOffset.Now,
    DateTimeOffset.Now.AddYears(1));
 
// Check if PQ signature is present
Console.WriteLine($"PQ Signature: {cert.HasPqSignature()}");

API: CreateSelfSigned3), HasPqSignature4)


Crypto Modes

→ Details: Understanding Crypto Modes

Mode Usage
CryptoMode.Classic RSA/ECDSA only, full backward compatibility
CryptoMode.Hybrid RSA + ML-DSA, recommended for migration
CryptoMode.PostQuantum ML-DSA/ML-KEM only, maximum security

Next Steps


Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

1)
Complete documentation of configuration options
2)
Enum with Classic, Hybrid, PostQuantum
3)
Extension for CertificateRequest
4)
Checks if certificate contains PQ signature
Zuletzt geändert: on 2026/01/29 at 11:33 PM