Lucinda.Blazor provides end-to-end encryption (E2EE) capabilities for Blazor WebAssembly applications using the native Web Crypto API. Key Features: • AES-GCM and AES-CBC symmetric encryption via Web Crypto API • RSA-OAEP asymmetric encryption • ECDH key exchange (P-256/P-384/P-521 curves) • ECDSA digital signatures • HKDF and PBKDF2 key derivation • Secure random number generation • IndexedDB-based secure key storage • Signal Protocol support (X3DH, Double Ratchet, Sender Keys) Advantages: • Zero external dependencies - uses browser's native crypto • Hardware-accelerated encryption (AES-NI) • No timing attacks (native implementation) • Compatible with Lucinda for server-side interop Platform Support: Blazor WebAssembly on .NET 6.0-10.0
Get Started
$ dotnet add package Lucinda.BlazorReadme
Lucinda.Blazor
Blazor WebAssembly crypto library using the browser's native Web Crypto API. Part of the Lucinda end-to-end encryption library ecosystem.
Features
- AES-GCM & AES-CBC - Symmetric encryption with authenticated encryption support
- RSA-OAEP - Asymmetric encryption for key wrapping and small data
- ECDH - Elliptic curve Diffie-Hellman key exchange (P-256, P-384, P-521)
- ECDSA & RSA-PSS - Digital signatures
- HKDF & PBKDF2 - Key derivation functions
- SHA-256/384/512 - Hashing and HMAC
Installation
dotnet add package Lucinda.Blazor
Quick Start
1. Register Services
// Program.cs
using Lucinda.Blazor;
builder.Services.AddLucindaBlazor();
2. Configure Options (Optional)
builder.Services.AddLucindaBlazor(options =>
{
options.AesKeySize = 256;
options.UseAesGcm = true;
options.EcdhCurve = "P-256";
options.Pbkdf2Iterations = 600000;
});
3. Use in Components
@inject IBlazorSymmetricEncryption SymmetricEncryption
@inject IBlazorKeyExchange KeyExchange
@inject IBlazorSecureRandom SecureRandom
@code {
private async Task EncryptData()
{
// Generate a key
var keyResult = await SymmetricEncryption.GenerateKeyAsync();
if (!keyResult.IsSuccess) return;
var key = keyResult.Value;
// Encrypt data
var plaintext = Encoding.UTF8.GetBytes("Hello, World!");
var encryptResult = await SymmetricEncryption.EncryptAsync(plaintext, key);
if (encryptResult.IsSuccess)
{
var ciphertext = encryptResult.Value;
// Use encrypted data...
}
}
}
Selective Service Registration
You can register only the services you need:
// Only AES-GCM
builder.Services.AddLucindaAesGcm(keySize: 256);
// Only ECDH
builder.Services.AddLucindaEcdh(curve: "P-256");
// Only ECDSA
builder.Services.AddLucindaEcdsa(curve: "P-256", hashAlgorithm: "SHA-256");
// Only PBKDF2
builder.Services.AddLucindaPbkdf2(iterations: 600000);