Class CryptoKeyExchange
- Namespace
- LibSodium
- Assembly
- LibSodium.Net.dll
Provides methods for secure, fast, and simple key exchange using libsodium's crypto_kx API. Allows two parties to derive shared session keys securely.
public static class CryptoKeyExchange- Inheritance
-
CryptoKeyExchange
- Inherited Members
Remarks
🧂 Based on libsodium's crypto_kx API: https://doc.libsodium.org/key_exchange
Fields
PublicKeyLen
Length of the public key in bytes (32).
public const int PublicKeyLen = 32Field Value
SecretKeyLen
Length of the secret (private) key in bytes (32).
public const int SecretKeyLen = 32Field Value
SeedLen
Length of the seed used for deterministic key pair generation (32 bytes).
public const int SeedLen = 32Field Value
SessionKeyLen
Length of derived session keys in bytes (32).
public const int SessionKeyLen = 32Field Value
Methods
DeriveClientSessionKeys(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, SecureMemory<byte>, ReadOnlySpan<byte>)
Derives client-side session keys for secure communication with a server. The generated keys allow secure and authenticated data exchange.
public static void DeriveClientSessionKeys(SecureMemory<byte> rx, SecureMemory<byte> tx, ReadOnlySpan<byte> clientPk, SecureMemory<byte> clientSk, ReadOnlySpan<byte> serverPk)Parameters
rxSecureMemory<byte>Buffer to receive the client's receiving key (used to decrypt data from server). Must be exactly 32 bytes.
txSecureMemory<byte>Buffer to receive the client's transmitting key (used to encrypt data sent to server). Must be exactly 32 bytes.
clientPkReadOnlySpan<byte>Client's public key (32 bytes).
clientSkSecureMemory<byte>Client's secret key (32 bytes).
serverPkReadOnlySpan<byte>Server's public key (32 bytes).
Exceptions
- ArgumentException
Thrown if any provided buffer (
rx,tx,clientPk,clientSk,serverPk) is not exactly 32 bytes.- LibSodiumException
Thrown if client-side session key derivation fails internally.
DeriveClientSessionKeys(Span<byte>, Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>)
Derives client-side session keys for secure communication with a server. The generated keys allow secure and authenticated data exchange.
public static void DeriveClientSessionKeys(Span<byte> rx, Span<byte> tx, ReadOnlySpan<byte> clientPk, ReadOnlySpan<byte> clientSk, ReadOnlySpan<byte> serverPk)Parameters
rxSpan<byte>Buffer to receive the client's receiving key (used to decrypt data from server). Must be exactly 32 bytes.
txSpan<byte>Buffer to receive the client's transmitting key (used to encrypt data sent to server). Must be exactly 32 bytes.
clientPkReadOnlySpan<byte>Client's public key (32 bytes).
clientSkReadOnlySpan<byte>Client's secret key (32 bytes).
serverPkReadOnlySpan<byte>Server's public key (32 bytes).
Exceptions
- ArgumentException
Thrown if any provided buffer (
rx,tx,clientPk,clientSk,serverPk) is not exactly 32 bytes.- LibSodiumException
Thrown if client-side session key derivation fails internally.
DeriveServerSessionKeys(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, SecureMemory<byte>, ReadOnlySpan<byte>)
Derives server-side session keys for secure communication with a client. The generated keys allow secure and authenticated data exchange.
public static void DeriveServerSessionKeys(SecureMemory<byte> rx, SecureMemory<byte> tx, ReadOnlySpan<byte> serverPk, SecureMemory<byte> serverSk, ReadOnlySpan<byte> clientPk)Parameters
rxSecureMemory<byte>Buffer to receive the server's receiving key (used to decrypt data from client). Must be exactly 32 bytes.
txSecureMemory<byte>Buffer to receive the server's transmitting key (used to encrypt data sent to client). Must be exactly 32 bytes.
serverPkReadOnlySpan<byte>Server's public key (32 bytes).
serverSkSecureMemory<byte>Server's secret key (32 bytes).
clientPkReadOnlySpan<byte>Client's public key (32 bytes).
Exceptions
- ArgumentException
Thrown if any provided buffer (
rx,tx,serverPk,serverSk,clientPk) is not exactly 32 bytes.- LibSodiumException
Thrown if server-side session key derivation fails internally.
DeriveServerSessionKeys(Span<byte>, Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>)
Derives server-side session keys for secure communication with a client. The generated keys allow secure and authenticated data exchange.
public static void DeriveServerSessionKeys(Span<byte> rx, Span<byte> tx, ReadOnlySpan<byte> serverPk, ReadOnlySpan<byte> serverSk, ReadOnlySpan<byte> clientPk)Parameters
rxSpan<byte>Buffer to receive the server's receiving key (used to decrypt data from client). Must be exactly 32 bytes.
txSpan<byte>Buffer to receive the server's transmitting key (used to encrypt data sent to client). Must be exactly 32 bytes.
serverPkReadOnlySpan<byte>Server's public key (32 bytes).
serverSkReadOnlySpan<byte>Server's secret key (32 bytes).
clientPkReadOnlySpan<byte>Client's public key (32 bytes).
Exceptions
- ArgumentException
Thrown if any provided buffer (
rx,tx,serverPk,serverSk,clientPk) is not exactly 32 bytes.- LibSodiumException
Thrown if server-side session key derivation fails internally.
GenerateKeyPair(Span<byte>, SecureMemory<byte>)
Generates a new random key pair suitable for key exchange (crypto_kx).
public static void GenerateKeyPair(Span<byte> publicKey, SecureMemory<byte> secretKey)Parameters
publicKeySpan<byte>Buffer to receive the generated public key. Must be exactly 32 bytes.
secretKeySecureMemory<byte>Buffer to receive the generated secret key. Must be exactly 32 bytes.
Exceptions
- ArgumentException
Thrown if
publicKeyorsecretKeyare not exactly 32 bytes.- LibSodiumException
Thrown if key pair generation fails internally.
GenerateKeyPair(Span<byte>, Span<byte>)
Generates a new random key pair suitable for key exchange (crypto_kx).
public static void GenerateKeyPair(Span<byte> publicKey, Span<byte> secretKey)Parameters
publicKeySpan<byte>Buffer to receive the generated public key. Must be exactly 32 bytes.
secretKeySpan<byte>Buffer to receive the generated secret key. Must be exactly 32 bytes.
Exceptions
- ArgumentException
Thrown if
publicKeyorsecretKeyare not exactly 32 bytes.- LibSodiumException
Thrown if key pair generation fails internally.
GenerateKeyPairDeterministically(Span<byte>, SecureMemory<byte>, SecureMemory<byte>)
Deterministically generates a key pair from a provided seed. This method always produces the same key pair for the same seed.
public static void GenerateKeyPairDeterministically(Span<byte> publicKey, SecureMemory<byte> secretKey, SecureMemory<byte> seed)Parameters
publicKeySpan<byte>Buffer to receive the derived public key. Must be exactly 32 bytes.
secretKeySecureMemory<byte>Buffer to receive the derived secret key. Must be exactly 32 bytes.
seedSecureMemory<byte>Seed used for deterministic generation. Must be exactly 32 bytes.
Exceptions
- ArgumentException
Thrown if
publicKey,secretKey, orseedare not exactly 32 bytes.- LibSodiumException
Thrown if deterministic key pair generation fails internally.
GenerateKeyPairDeterministically(Span<byte>, Span<byte>, ReadOnlySpan<byte>)
Deterministically generates a key pair from a provided seed. This method always produces the same key pair for the same seed.
public static void GenerateKeyPairDeterministically(Span<byte> publicKey, Span<byte> secretKey, ReadOnlySpan<byte> seed)Parameters
publicKeySpan<byte>Buffer to receive the derived public key. Must be exactly 32 bytes.
secretKeySpan<byte>Buffer to receive the derived secret key. Must be exactly 32 bytes.
seedReadOnlySpan<byte>Seed used for deterministic generation. Must be exactly 32 bytes.
Exceptions
- ArgumentException
Thrown if
publicKey,secretKey, orseedare not exactly 32 bytes.- LibSodiumException
Thrown if deterministic key pair generation fails internally.