PandaTech/Pandatech.Cryptov8.0.0

Name: Pandatech.Crypto
Author: Pandatech

.NET 8.0.NET 9.0.NET 10.0

Unified cryptographic wrapper for .NET 8+ providing AES-256-GCM/SIV encryption, Argon2id password hashing, JWE envelope encryption, SHA-2/SHA-3 hashing, GZip compression, secure random generation, and PII masking utilities.

github.com ↗

License

MIT

Deps

Install Size

—

Vulns

✓ 0

Published

Feb 28, 2026

Get Started

$ dotnet add package Pandatech.Crypto

Readme

Pandatech.Crypto

Unified cryptographic wrapper library for .NET 8+ providing AES encryption, password hashing, compression, and secure random generation.

Installation

dotnet add package Pandatech.Crypto

Quick Start

Configuration (ASP.NET Core)

builder.AddAes256Key("your-base64-encoded-256-bit-key");

// Optional: configure Argon2id (defaults shown)
builder.ConfigureArgon2Id(options =>
{
   options.SaltSize = 16;
   options.DegreeOfParallelism = 8;
   options.Iterations = 5;
   options.MemorySize = 128 * 1024; // 128 MB
});

Core Features

AES-256-GCM (Files & Streams)

Authenticated encryption with associated data. Best for files.

// Encrypt
Aes256Gcm.RegisterKey(key);
using var input = File.OpenRead("document.pdf");
using var output = File.Create("document.pdf.enc");
Aes256Gcm.Encrypt(input, output);

// Decrypt
using var encrypted = File.OpenRead("document.pdf.enc");
using var decrypted = File.Create("document.pdf");
Aes256Gcm.Decrypt(encrypted, decrypted);

AES-256-SIV (Deterministic Encryption)

RFC 5297 compliant. Use for PII that needs deterministic matching.

Aes256Siv.RegisterKey(key);

byte[] cipher = Aes256Siv.Encrypt("sensitive-data");
string plain = Aes256Siv.Decrypt(cipher);

Argon2id Password Hashing

byte[] hash = Argon2Id.HashPassword("user-password");
bool valid = Argon2Id.VerifyHash("user-password", hash);

JWE (RSA-OAEP-256 + AES-256-GCM)

Envelope encryption with JWK keys and RFC 7638 thumbprints.

var (publicJwk, privateJwk, kid) = JoseJwe.IssueKeys(bits: 2048);

var jwe = JoseJwe.Encrypt(publicJwk, payload, kid);

if (JoseJwe.TryDecrypt(privateJwk, jwe, out var decrypted))
{
   // use decrypted bytes
}

Secure Random

byte[] randomBytes = Random.GenerateBytes(32);
string aesKey = Random.GenerateAes256KeyString();
string token = Random.GenerateSecureToken(); // 256-bit URL-safe

Password Generation & Validation

string pwd = Password.GenerateRandom(
   length: 16,
   includeUppercase: true,
   includeLowercase: true,
   includeDigits: true,
   includeSpecialChars: true
);

bool valid = Password.Validate(pwd, minLength: 16, 
   requireUppercase: true, requireLowercase: true, 
   requireDigits: true, requireSpecialChars: true);

Hashing

// SHA-2 HMAC
byte[] hmac = Sha2.ComputeHmacSha256(key, "message1", "message2");
string hex = Sha2.GetHmacSha256Hex(key, "message");

// SHA-3
byte[] hash = Sha3.Hash("data");
bool valid = Sha3.VerifyHash("data", hash);

GZip Compression

// String
byte[] compressed = GZip.Compress("data");
string decompressed = Encoding.UTF8.GetString(GZip.Decompress(compressed));

// Streams
GZip.Compress(inputStream, outputStream);
GZip.Decompress(inputStream, outputStream);

Data Masking

string masked = "user@example.com".MaskEmail();     // "us****@example.com"
string masked = "1234567890".MaskPhoneNumber();     // "******7890"

License

MIT

Total Downloads

15.1K

Compatibility

.NET 8.0

.NET 9.0

.NET 10.0

Versions

8.0.0Latest

Feb 28, 2026

Other versions (55)

7.1.0Jan 26, 2026

7.0.0Dec 28, 2025

6.1.1Sep 22, 2025

6.1.0Sep 17, 2025

6.0.0Sep 2, 2025

5.0.3Aug 7, 2025

5.0.2Jun 1, 2025

5.0.1May 1, 2025

5.0.0Apr 11, 2025

4.1.2Feb 17, 2025

4.1.1Nov 28, 2024

4.1.0Nov 26, 2024

4.0.0Nov 21, 2024

3.0.0Oct 28, 2024

2.6.1Oct 19, 2024

2.6.0Oct 19, 2024

2.5.1Oct 18, 2024

2.5.0Jun 21, 2024

2.4.1Jun 14, 2024

2.4.0Jun 13, 2024

2.3.2May 9, 2024

2.3.1Mar 6, 2024

2.3.0Mar 6, 2024

2.2.11Mar 6, 2024

2.2.10Mar 1, 2024

2.2.9Feb 17, 2024

2.2.8Feb 17, 2024

2.2.7Feb 12, 2024

2.2.6Jan 23, 2024

2.2.5Jan 23, 2024

2.2.4Jan 19, 2024

2.2.3Nov 29, 2023

2.2.2Nov 29, 2023

2.2.1Nov 23, 2023

2.2.0Nov 21, 2023

2.1.10Nov 11, 2023

2.1.9Nov 9, 2023

2.1.8Nov 7, 2023

2.1.7Nov 6, 2023

2.1.6Nov 3, 2023

2.1.5Nov 2, 2023

2.1.4Nov 1, 2023

2.1.3Nov 1, 2023

2.1.2Oct 31, 2023

2.1.1Oct 31, 2023

2.1.0Oct 31, 2023

2.0.0Oct 30, 2023

1.1.6Oct 30, 2023

1.1.5Oct 27, 2023

1.1.4Oct 27, 2023

1.1.3Oct 27, 2023

1.1.2Oct 16, 2023

1.1.1Oct 14, 2023

1.1.0Oct 14, 2023

1.0.0Oct 13, 2023

Pandatech.Crypto

Unified cryptographic wrapper library for .NET 8+ providing AES encryption, password hashing, compression, and secure random generation.

Installation

dotnet add package Pandatech.Crypto

Quick Start

Configuration (ASP.NET Core)

builder.AddAes256Key("your-base64-encoded-256-bit-key");

// Optional: configure Argon2id (defaults shown)
builder.ConfigureArgon2Id(options =>
{
   options.SaltSize = 16;
   options.DegreeOfParallelism = 8;
   options.Iterations = 5;
   options.MemorySize = 128 * 1024; // 128 MB
});

Core Features

AES-256-GCM (Files & Streams)

Authenticated encryption with associated data. Best for files.

// Encrypt
Aes256Gcm.RegisterKey(key);
using var input = File.OpenRead("document.pdf");
using var output = File.Create("document.pdf.enc");
Aes256Gcm.Encrypt(input, output);

// Decrypt
using var encrypted = File.OpenRead("document.pdf.enc");
using var decrypted = File.Create("document.pdf");
Aes256Gcm.Decrypt(encrypted, decrypted);

AES-256-SIV (Deterministic Encryption)

RFC 5297 compliant. Use for PII that needs deterministic matching.

Aes256Siv.RegisterKey(key);

byte[] cipher = Aes256Siv.Encrypt("sensitive-data");
string plain = Aes256Siv.Decrypt(cipher);

Argon2id Password Hashing

byte[] hash = Argon2Id.HashPassword("user-password");
bool valid = Argon2Id.VerifyHash("user-password", hash);

JWE (RSA-OAEP-256 + AES-256-GCM)

Envelope encryption with JWK keys and RFC 7638 thumbprints.

var (publicJwk, privateJwk, kid) = JoseJwe.IssueKeys(bits: 2048);

var jwe = JoseJwe.Encrypt(publicJwk, payload, kid);

if (JoseJwe.TryDecrypt(privateJwk, jwe, out var decrypted))
{
   // use decrypted bytes
}

Secure Random

byte[] randomBytes = Random.GenerateBytes(32);
string aesKey = Random.GenerateAes256KeyString();
string token = Random.GenerateSecureToken(); // 256-bit URL-safe

Password Generation & Validation

string pwd = Password.GenerateRandom(
   length: 16,
   includeUppercase: true,
   includeLowercase: true,
   includeDigits: true,
   includeSpecialChars: true
);

bool valid = Password.Validate(pwd, minLength: 16, 
   requireUppercase: true, requireLowercase: true, 
   requireDigits: true, requireSpecialChars: true);

Hashing

// SHA-2 HMAC
byte[] hmac = Sha2.ComputeHmacSha256(key, "message1", "message2");
string hex = Sha2.GetHmacSha256Hex(key, "message");

// SHA-3
byte[] hash = Sha3.Hash("data");
bool valid = Sha3.VerifyHash("data", hash);

GZip Compression

// String
byte[] compressed = GZip.Compress("data");
string decompressed = Encoding.UTF8.GetString(GZip.Decompress(compressed));

// Streams
GZip.Compress(inputStream, outputStream);
GZip.Decompress(inputStream, outputStream);

Data Masking

string masked = "user@example.com".MaskEmail();     // "us****@example.com"
string masked = "1234567890".MaskPhoneNumber();     // "******7890"

License

MIT