VOOZH about

URL: https://www.nuget.org/packages/Indice.Cryptography/

⇱ NuGet Gallery | Indice.Cryptography 8.4.0



👁 Image
 Indice.Cryptography 8.4.0 

dotnet add package Indice.Cryptography --version 8.4.0
 
 
NuGet\Install-Package Indice.Cryptography -Version 8.4.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Indice.Cryptography" Version="8.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Indice.Cryptography" Version="8.4.0" />
 


 Directory.Packages.props
 

 

 
<PackageReference Include="Indice.Cryptography" />
 


 Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Indice.Cryptography --version 8.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support. 
#r "nuget: Indice.Cryptography, 8.4.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Indice.Cryptography@8.4.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Indice.Cryptography&version=8.4.0
 


 Install as a Cake Addin
 

 

 
#tool nuget:?package=Indice.Cryptography&version=8.4.0
 


 Install as a Cake Tool
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Indice.Cryptography

A comprehensive .NET cryptography library focused on PSD2 compliance, X.509 certificate management, and HTTP message signing.

Features

  • PSD2 Compliance: Complete support for Payment Services Directive 2 requirements
  • X.509 Certificate Management: Create, validate, and manage certificates with European Qualified Certificate extensions
  • HTTP Message Signing: Implement HTTP signature-based authentication
  • Certificate Authority: Create and manage custom Certificate Authorities
  • ASN.1/DER Encoding: Low-level cryptographic primitives and certificate extensions

Installation

Install the package via NuGet Package Manager:

Install-Package Indice.Cryptography

Or via .NET CLI:

dotnet add package Indice.Cryptography

Quick Start

Creating PSD2 Certificates

using Indice.Cryptography;
using Indice.Cryptography.X509Certificates;

var certificateManager = new CertificateManager();

// Create a PSD2 certificate request
var request = new Psd2CertificateRequest
{
 City = "Athens",
 State = "Attiki", 
 CountryCode = "GR",
 Organization = "Example Bank",
 OrganizationUnit = "IT",
 CommonName = "api.example-bank.com",
 AuthorityId = "BOG",
 AuthorityName = "Bank of Greece",
 AuthorizationNumber = "123456789",
 ValidityInDays = 365,
 Roles = new Psd2CertificateRequest.Psd2RoleFlags
 {
 Aisp = true, // Account Information Service Provider
 Pisp = true, // Payment Initiation Service Provider
 Aspsp = true, // Account Servicing Payment Service Provider
 Piisp = false // Payment Instrument Issuer Service Provider
 },
 QcType = QcTypeIdentifiers.Web
};

// Generate the certificate
var certificate = certificateManager.CreateQualifiedCertificate(
 request, 
 "ca.example.com", 
 issuer: null, // Will create CA on-the-fly
 out RSA privateKey
);

HTTP Message Signing

using Indice.Cryptography.Tokens.HttpMessageSigning;

// Configure HTTP signatures
services.AddHttpSignatures(options => {
 options.MapPath("/payments", 
 HeaderFieldNames.RequestTarget, 
 HeaderFieldNames.Created, 
 HttpDigest.HTTPHeaderName, 
 "x-response-id");
})
.AddSigningCredential(certificate);

// Use in your application
app.UseHttpSignatures();

Certificate Validation

using Indice.Cryptography.Validation;

var validator = new Psd2ClientCertificateValidator();
var isValid = await validator.ValidateAsync(certificate, context);

Key Components

Certificate Management

  • CertificateManager: Core class for certificate creation and management
  • Psd2CertificateRequest: Model for PSD2-compliant certificate requests
  • SubjectBuilder: Fluent API for building X.509 certificate subjects

X.509 Extensions

The library includes comprehensive support for European Qualified Certificate extensions:

  • QualifiedCertificateStatementsExtension: QC statements per ETSI EN 319 412-5
  • AuthorityInformationAccessExtension: Authority information access points
  • CRLDistributionPointsExtension: Certificate revocation list distribution
  • CABForumOrganizationIdentifierExtension: Organization identifier extensions
  • CertificatePoliciesExtension: Certificate policy information

PSD2 Specific Features

  • Psd2Attributes: PSD2 role and authority information
  • NCAId: National Competent Authority identifiers
  • QcTypeIdentifiers: Qualified certificate type identifiers (QWAC, QSEAL, etc.)

HTTP Message Signing

  • HttpSignature: HTTP signature generation and validation
  • HttpDigest: HTTP digest calculation for message integrity
  • HttpSignatureDelegatingHandler: HTTP client handler for automatic signing
  • HttpSignatureSecurityToken: Security token for HTTP signatures

Configuration Examples

ASP.NET Core Integration

// In Program.cs or Startup.cs
services.AddCertificateServer(environment, options => {
 options.IssuerDomain = "ca.example.com";
 options.AddEntityFrameworkStore(sqlOptions => {
 sqlOptions.ConfigureDbContext = builder => {
 builder.UseSqlServer(connectionString);
 };
 });
});

// Configure HTTP signatures for specific endpoints
services.AddHttpSignatures(options => {
 options.MapPath("/api/payments/*", 
 HeaderFieldNames.RequestTarget,
 HeaderFieldNames.Created,
 HttpDigest.HTTPHeaderName);
})
.AddSigningCredential(certificate);

Creating Custom Certificate Authorities

var certificateManager = new CertificateManager();

// Create a root CA certificate
var rootCA = certificateManager.CreateRootCACertificate(
 "Root CA Example", 
 diagnostics: null
);

// Use the CA to sign other certificates
var clientCertificate = certificateManager.CreateQualifiedCertificate(
 request, 
 issuerDomain: "ca.example.com",
 issuer: rootCA,
 out RSA privateKey
);

Certificate Extensions

Qualified Certificate Statements

var qcStatements = new QualifiedCertificateStatementsExtension(
 isCompliant: true,
 limit: new QcMonetaryValue { CurrencyCode = "EUR", Value = 500000 },
 retentionPeriod: 7,
 isQSCD: true,
 pdsLocations: new[] { 
 new PdsLocation { 
 Language = "EN", 
 Url = "https://example.com/pds" 
 } 
 },
 type: QcTypeIdentifiers.Web,
 psd2: new Psd2Attributes
 {
 AuthorityName = "National Bank",
 AuthorizationId = new NCAId("PSD", "GR", "NBG", "123456"),
 HasAccountInformation = true,
 HasPaymentInitiation = true
 },
 critical: false
);

Authority Information Access

var authorityInfo = new AuthorityInformationAccessExtension(new[] {
 new AccessDescription
 {
 AccessMethod = AccessDescription.AccessMethodType.CertificationAuthorityIssuer,
 AccessLocation = "http://ca.example.com/ca.cer"
 },
 new AccessDescription
 {
 AccessMethod = AccessDescription.AccessMethodType.OnlineCertificateStatusProtocol,
 AccessLocation = "http://ocsp.example.com"
 }
}, critical: false);

PSD2 Role Mapping

The library supports all PSD2 payment service provider roles:

Role Code Description Property
PSP_AS Account Servicing HasAccountServicing
PSP_PI Payment Initiation HasPaymentInitiation
PSP_AI Account Information HasAccountInformation
PSP_IC Payment Instrument Issuing HasIssuingOfCardBasedPaymentInstruments

HTTP Signature Algorithm

The library implements the HTTP Signatures draft specification for securing HTTP messages:

// Signature string format
var signatureString = $"{HeaderFieldNames.RequestTarget}: post /payments\n" +
 $"{HeaderFieldNames.Created}: 1618302811\n" +
 $"{HttpDigest.HTTPHeaderName}: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=";

// Generate signature
var signature = HttpSignature.GenerateSignature(signatureString, privateKey);

Advanced Usage

Custom Subject Building

var subject = new SubjectBuilder()
 .AddCommonName("api.bank.com")
 .AddOrganization("Example Bank", "IT Department")
 .AddLocation("GR", "Attiki", "Athens")
 .AddEmail("admin@bank.com")
 .AddOrganizationIdentifier(new NCAId("PSD", "GR", "BOG", "123456"))
 .Build();

Certificate Revocation Lists

var crlExtension = new CRLDistributionPointsExtension(new[] {
 new CRLDistributionPoint 
 { 
 FullName = new[] { "http://crl.example.com/revoked.crl" } 
 }
}, critical: false);

Dependencies

  • .NET 8.0 or later
  • System.Formats.Asn1 - ASN.1 DER encoding/decoding
  • System.IdentityModel.Tokens.Jwt - JWT token handling
  • System.Security.Cryptography.* - Core cryptography APIs

Standards Compliance

This library implements the following standards:

  • RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • RFC 3739 - Internet X.509 Public Key Infrastructure: Qualified Certificates Profile
  • ETSI EN 319 412-5 - Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements in certificates
  • ETSI TS 119 495 - Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; PSD2 sector requirements for eIDAS certificates
  • PSD2 Directive (EU) 2015/2366 - Payment Services Directive 2
  • HTTP Signatures Draft - Signing HTTP Messages

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the terms specified in the project license file (MIT).

Support

For questions and support, please check the project's issue tracker or contact the maintainers.

Product Versions Compatible and additional computed target framework versions.
.NET net8.0 net8.0 is compatible.  net8.0-android net8.0-android was computed.  net8.0-browser net8.0-browser was computed.  net8.0-ios net8.0-ios was computed.  net8.0-maccatalyst net8.0-maccatalyst was computed.  net8.0-macos net8.0-macos was computed.  net8.0-tvos net8.0-tvos was computed.  net8.0-windows net8.0-windows was computed.  net9.0 net9.0 is compatible.  net9.0-android net9.0-android was computed.  net9.0-browser net9.0-browser was computed.  net9.0-ios net9.0-ios was computed.  net9.0-maccatalyst net9.0-maccatalyst was computed.  net9.0-macos net9.0-macos was computed.  net9.0-tvos net9.0-tvos was computed.  net9.0-windows net9.0-windows was computed.  net10.0 net10.0 is compatible.  net10.0-android net10.0-android was computed.  net10.0-browser net10.0-browser was computed.  net10.0-ios net10.0-ios was computed.  net10.0-maccatalyst net10.0-maccatalyst was computed.  net10.0-macos net10.0-macos was computed.  net10.0-tvos net10.0-tvos was computed.  net10.0-windows net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on Indice.Cryptography:

Package Downloads
Indice.Cryptography.AspNetCore

Package Description
Indice.IdentityServer.Psd2

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
8.4.0 181 4/6/2026
8.3.0 138 4/6/2026
8.2.0 1,359 10/16/2025
8.1.0 244 10/16/2025
8.0.0 258 10/13/2025

Expose header name.