Cryptography¶
Nalix ships several cryptography primitives in Nalix.Codec.Security, but they are easier to read as separate topics than as one long page.
Source mapping¶
src/Nalix.Codec/Security/Asymmetricsrc/Nalix.Codec/Security/Hashingsrc/Nalix.Codec/Security/Symmetricsrc/Nalix.Codec/Security/Aeadsrc/Nalix.Codec/Security/Enginesrc/Nalix.Abstractions/Primitivessrc/Nalix.Codec/Security/Hashing/HmacKeccak256.cssrc/Nalix.Codec/Security/Hashing/Pbkdf2.cssrc/Nalix.Codec/Security/EnvelopeCipher.cssrc/Nalix.Codec/Security/HandshakeX25519.cssrc/Nalix.Abstractions/Security/CipherSuiteType.cssrc/Nalix.Abstractions/Security/DropPolicy.cs
What is in this package¶
| Topic | Main types | Read next |
|---|---|---|
| Hashing and MAC | Keccak256, HmacKeccak256, Poly1305, Pbkdf2 |
Hashing and MAC |
| AEAD and envelope encryption | ChaCha20Poly1305, Salsa20Poly1305, EnvelopeCipher |
AEAD and Envelope |
| Handshake protocol | HandshakeHandlers, X25519 |
Handshake Protocol |
| Security enums | CipherSuiteType, DropPolicy |
Quick guidance¶
- use
X25519for session key agreement - use
Keccak256for transcript hashing and proofs - use
EnvelopeCipherwhen you want the high-level transport-facing encryption entry point - use
Pbkdf2for credential hashing helpers - use
Csprngwhen you need secure random bytes, nonces, or unbiased random integers
Quick example¶
var keys = X25519.GenerateKeyPair();
byte[] digest = Keccak256.HashData(payload);
Pbkdf2.Hash("secret", out byte[] salt, out byte[] hash);
Randomness helper¶
Nalix also ships Csprng in Nalix.Framework.Random:
src/Nalix.Environment/Random/Csprng.cs
Use it for:
- secure byte generation with
GetBytes(...)orFill(...) - nonce generation with
CreateNonce(...) - unbiased integer sampling with
GetInt32(...) - strict cryptographic randomness only; if the operating system CSPRNG cannot be initialized, Nalix throws instead of downgrading to a non-cryptographic fallback
Quick example¶
byte[] key = Csprng.GetBytes(32);
byte[] nonce = Csprng.CreateNonce();
int shard = Csprng.GetInt32(0, 8);