Krypteia.Abstractions 0.1.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package Krypteia.Abstractions --version 0.1.0
                    


                    

                
NuGet\Install-Package Krypteia.Abstractions -Version 0.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Krypteia.Abstractions" Version="0.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Krypteia.Abstractions" Version="0.1.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Krypteia.Abstractions" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Krypteia.Abstractions --version 0.1.0
                    


                    

                
#r "nuget: Krypteia.Abstractions, 0.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Krypteia.Abstractions@0.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Krypteia.Abstractions&version=0.1.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Krypteia.Abstractions&version=0.1.0
                    


                            Install as a Cake Tool

Krypteia

Zero-knowledge encryption for .NET with user-recoverable keys.

Build NuGet License: MIT .NET 10.0

Krypteia is a .NET library for protecting sensitive user data with RSA-based asymmetric encryption. It is designed for applications where even the application administrators and database operators must not be able to read user data — a stronger privacy posture than typical "encryption at rest" provides.

The library also solves a practical problem that often blocks adoption of zero-knowledge encryption: what happens when a user loses their private key? Krypteia provides a secure, audit-friendly reset flow built around one-time email tokens and automatic data re-encryption.

Why Krypteia?

Most encryption-at-rest schemes give the database server the keys to decrypt the data. A compromised database — or a curious DBA — can read everything. Krypteia takes a different approach:

  • Private keys live with the user, not on the server
  • The server stores only public keys (used to encrypt) and encrypted backups of private keys
  • Even with full database access, an attacker cannot decrypt user data without also compromising a key vault
  • When a user loses their private key, an email-verified reset flow generates a new key pair and re-encrypts the user's existing data

Key features

  • 🔒 RSA-2048 with OAEP-SHA256 — NIST-recommended defaults, no custom crypto
  • 🔑 User-controlled keys — private keys never stored on the server in plaintext
  • 📧 Secure reset flow — email-verified, one-time tokens with configurable TTL
  • 📋 Audit-ready — structured logs for every operation, designed for CMMC Level 2 / HIPAA / PCI-DSS
  • 🧩 Composable — install only the packages you need (Core, KeyReset, AspNetCore, EntityFrameworkCore)
  • Modern .NET — built for .NET 10 LTS, uses native System.Security.Cryptography primitives

Installation

dotnet add package Krypteia.Core
dotnet add package Krypteia.AspNetCore        # optional: ASP.NET Core DI helpers
dotnet add package Krypteia.KeyReset          # optional: private key reset flow
dotnet add package Krypteia.Audit             # optional: audit logging
dotnet add package Krypteia.EntityFrameworkCore # optional: EF Core integration

Quick start

using Krypteia;
using Krypteia.Abstractions;

// Generate a key pair for a user
KeyPair keys = RsaKeyPairGenerator.Generate();

// Server-side: store the public key only
await keyManagementService.StorePublicKeyAsync(userId, keys.PublicKey);

// Client-side: store the private key securely (keychain, secure storage, etc.)
SaveOnUserDevice(keys.PrivateKey);

// Encrypt sensitive data using the user's public key
var encryption = new RsaEncryptionService();
string ciphertext = await encryption.EncryptAsync("SSN: 123-45-6789", keys.PublicKey);

// Later, decrypt using the user's private key
string plaintext = await encryption.DecryptAsync(ciphertext, keys.PrivateKey);

See the samples folder for a complete ASP.NET Core Web API example.

Compliance posture

Krypteia is designed to be compatible with major compliance frameworks. The library itself cannot certify your organization — compliance always rests with the operator — but Krypteia provides the cryptographic and audit primitives most frameworks require.

Framework What Krypteia provides
CMMC Level 2 Audit log schema, NIST-approved crypto, key management plumbing
HIPAA Technical Safeguards (encryption + audit controls)
PCI-DSS 4.0 Strong cryptography (Req 3.5, 3.6)
GDPR Right-to-erasure via key destruction
SOC 2 Type II Audit logging supports CC6.1, CC6.7

See docs/COMPLIANCE-CMMC.md for the detailed CMMC Level 2 control mapping.

Security

Found a vulnerability? Please do not open a public issue. See SECURITY.md for the disclosure process.

Contributing

Contributions are welcome. Please read CONTRIBUTING.md before opening a pull request, and review the Code of Conduct.

License

Released under the MIT License.

Disclaimer

Cryptographic libraries carry real risk if misused. Read the documentation carefully, test thoroughly, and consider an independent security review before deploying to production. The Krypteia maintainers provide this library AS IS, without warranty of any kind.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

NuGet packages (6)

Showing the top 5 NuGet packages that depend on Krypteia.Abstractions:

Package Downloads
Krypteia.Core

Default RSA-2048 implementation of the Krypteia zero-knowledge encryption library. Uses .NET's built-in cryptographic primitives with secure defaults (OAEP-SHA256 padding, FIPS-validated providers).
Krypteia.KeyReset

Email-based private key recovery flow for Krypteia. Provides one-time tokens with configurable TTL, hashed token storage, and automated data re-encryption when keys are rotated.
Krypteia.EntityFrameworkCore

Entity Framework Core integration for Krypteia. Provides value converters and conventions for transparently encrypting and decrypting sensitive properties on EF Core entities.
Krypteia.Audit

Audit logging for Krypteia operations. Captures all encryption, decryption, and key management events with the detail required for CMMC Level 2 and similar compliance frameworks.
Krypteia.AspNetCore

ASP.NET Core integration for Krypteia. Provides dependency injection extensions, options binding, and ready-to-use middleware for the key reset HTTP flow.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.0 154 5/20/2026