Pitasoft.Safety

English | Castellano

---

English

[English]

Pitasoft.Safety is a .NET library providing modern, secure, and easy-to-use cryptographic tools for application security. It includes password generation and validation, secure password hashing (PBKDF2), AEAD encryption (AES-GCM), and multiple hashing/HMAC algorithms.

Features

• Password Generation & Validation: Securely generate and validate passwords based on customizable requirements.
• Secure Password Hashing: PBKDF2 with SHA-256 and configurable iterations.
• AEAD Encryption: Secure authenticated encryption with AES-GCM and PBKDF2 key derivation.
• Hashing: Support for SHA-2, SHA-3, BLAKE2b, BLAKE2s, and BLAKE3.
• HMAC: Keyed hashing using HMAC-SHA2 or BLAKE2b.

API Reference & Examples

1. Password Management (Password & PasswordOption)

Provides methods to generate and validate passwords.

• Password.Generate(PasswordOption? option = null): Generates a cryptographically secure random password.
• Password.IsValid(string? password, PasswordOption? option = null): Validates if a password meets the requirements.

Example:

using Pitasoft.Safety; var options = new PasswordOption { RequiredLength = 12, RequiredUniqueChars = 4, RequireUppercase = true, RequireLowercase = true, RequireDigit = true, RequireNonAlphanumeric = true }; string password = Password.Generate(options); bool isValid = Password.IsValid(password, options);

2. Password Hashing (PasswordHasher)

Secure storage for passwords using PBKDF2.

• PasswordHasher.Create(string password, int iterations = 200000): Creates a secure hash token (pbkdf2-v1$iter$salt$hash).
• PasswordHasher.Verify(string password, string token): Verifies a password against a hash token.

Example:

string hash = PasswordHasher.Create("my-password"); bool verified = PasswordHasher.Verify("my-password", hash);

3. AEAD Encryption (SecureCrypt)

High-level API for AES-GCM encryption with password-based or direct key derivation.

• SecureCrypt.EncryptAead(string plaintext, string password, int iterations = 200000): Encrypts text using a password-derived key (PBKDF2).
• SecureCrypt.DecryptAead(string token, string password): Decrypts a versioned token using a password-derived key.
• SecureCrypt.EncryptAeadWithKey(string plaintext, ReadOnlySpan<byte> key, ReadOnlySpan<byte> salt, int iterations): Encrypts text using a direct cryptographic key and includes salt/iterations in the token for future decryption.
• SecureCrypt.DecryptAeadWithKey(string token, ReadOnlySpan<byte> key): Decrypts a versioned token using a direct cryptographic key.

Example (Password-based):

string token = SecureCrypt.EncryptAead("my secret message", "strong-password"); string decoded = SecureCrypt.DecryptAead(token, "strong-password");

Example (Direct Key):

byte[] key = System.Security.Cryptography.RandomNumberGenerator.GetBytes(32); byte[] salt = System.Security.Cryptography.RandomNumberGenerator.GetBytes(16); string token = SecureCrypt.EncryptAeadWithKey("confidential", key, salt, 200000); string decoded = SecureCrypt.DecryptAeadWithKey(token, key);

4. Extensions (Pitasoft.Safety.Extensions)

Convenient extension methods for strings.

• Extensions.ChangeKey(string key): Sets the global encryption key.
• str.Encrypt() / str.Decrypt(): Encrypts/Decrypts using the global key.
• str.EncryptKey(string key) / str.DecryptKey(string key): Encrypts/Decrypts using a specific key.
• str.Hash(AlgorithmType type, string salt = ""): Generates a hash (SHA2, SHA3, BLAKE2, BLAKE3).
• str.Hmac(HmacAlgorithmType type, byte[] key): Generates an HMAC or keyed hash.

Example:

using Pitasoft.Safety.Extensions; // Hashing string sha512 = "hello".Hash(AlgorithmType.Sha512); string blake3 = "hello".Hash(AlgorithmType.Blake3); // HMAC byte[] key = System.Text.Encoding.UTF8.GetBytes("secret-key"); string hmac = "message".Hmac(HmacAlgorithmType.HmacSha256, key);

---

[Castellano]

Pitasoft.Safety es una librería para .NET que proporciona herramientas criptográficas modernas, seguras y fáciles de usar para la seguridad de aplicaciones. Incluye generación y validación de contraseñas, hash seguro de contraseñas (PBKDF2), cifrado AEAD (AES-GCM) y múltiples algoritmos de Hash/HMAC.

Características

• Generación y Validación de Contraseñas: Genera y valida contraseñas de forma segura basándose en requisitos personalizables.
• Hash de Contraseñas Seguro: PBKDF2 con SHA-256 e iteraciones configurables.
• Cifrado AEAD: Cifrado autenticado seguro con AES-GCM y derivación de clave PBKDF2.
• Hashing: Soporte para SHA-2, SHA-3, BLAKE2b, BLAKE2s y BLAKE3.
• HMAC: Hashes con clave usando HMAC-SHA2 o BLAKE2b.

Referencia de API y Ejemplos

1. Gestión de Contraseñas (Password y PasswordOption)

Proporciona métodos para generar y validar contraseñas.

• Password.Generate(PasswordOption? option = null): Genera una contraseña aleatoria criptográficamente segura.
• Password.IsValid(string? password, PasswordOption? option = null): Valida si una contraseña cumple con los requisitos.

Ejemplo:

using Pitasoft.Safety; var options = new PasswordOption { RequiredLength = 12, RequiredUniqueChars = 4, RequireUppercase = true, RequireLowercase = true, RequireDigit = true, RequireNonAlphanumeric = true }; string password = Password.Generate(options); bool esValida = Password.IsValid(password, options);

2. Hash de Contraseñas (PasswordHasher)

Almacenamiento seguro de contraseñas mediante PBKDF2.

• PasswordHasher.Create(string password, int iterations = 200000): Crea un token de hash seguro (pbkdf2-v1$iter$salt$hash).
• PasswordHasher.Verify(string password, string token): Verifica una contraseña contra un token de hash.

Ejemplo:

string hash = PasswordHasher.Create("mi-password"); bool verificado = PasswordHasher.Verify("mi-password", hash);

3. Cifrado AEAD (SecureCrypt)

API de alto nivel para cifrado AES-GCM con derivación de clave basada en contraseña o clave directa.

• SecureCrypt.EncryptAead(string plaintext, string password, int iterations = 200000): Cifra texto usando una clave derivada de una contraseña (PBKDF2).
• SecureCrypt.DecryptAead(string token, string password): Descifra un token versionado usando una clave derivada de una contraseña.
• SecureCrypt.EncryptAeadWithKey(string plaintext, ReadOnlySpan<byte> key, ReadOnlySpan<byte> salt, int iterations): Cifra texto usando una clave criptográfica directa e incluye el salt/iteraciones en el token para su posterior descifrado.
• SecureCrypt.DecryptAeadWithKey(string token, ReadOnlySpan<byte> key): Descifra un token versionado usando una clave criptográfica directa.

Ejemplo (Basado en contraseña):

string token = SecureCrypt.EncryptAead("mi mensaje secreto", "password-seguro"); string descifrado = SecureCrypt.DecryptAead(token, "password-seguro");

Ejemplo (Clave Directa):

byte[] key = System.Security.Cryptography.RandomNumberGenerator.GetBytes(32); byte[] salt = System.Security.Cryptography.RandomNumberGenerator.GetBytes(16); string token = SecureCrypt.EncryptAeadWithKey("confidencial", key, salt, 200000); string descifrado = SecureCrypt.DecryptAeadWithKey(token, key);

4. Extensiones (Pitasoft.Safety.Extensions)

Métodos de extensión convenientes para strings.

• Extensions.ChangeKey(string key): Establece la clave de cifrado global.
• str.Encrypt() / str.Decrypt(): Cifra/Descifra usando la clave global.
• str.EncryptKey(string key) / str.DecryptKey(string key): Cifra/Descifra usando una clave específica.
• str.Hash(AlgorithmType type, string salt = ""): Genera un hash (SHA2, SHA3, BLAKE2, BLAKE3).
• str.Hmac(HmacAlgorithmType type, byte[] key): Genera un HMAC o hash con clave.

Ejemplo:

using Pitasoft.Safety.Extensions; // Hashing string sha512 = "hola".Hash(AlgorithmType.Sha512); string blake3 = "hola".Hash(AlgorithmType.Blake3); // HMAC byte[] llave = System.Text.Encoding.UTF8.GetBytes("clave-secreta"); string hmac = "mensaje".Hmac(HmacAlgorithmType.HmacSha256, llave);

Autor

Sebastián Martínez Pérez

License

Copyright © 2019-2026 Pitasoft, S.L. Licensed under the LICENSE.txt provided in this repository.