Lucinda 1.0.7

.NET 6.0 .NET Standard 2.0 .NET Framework 4.8

dotnet add package Lucinda --version 1.0.7

NuGet\Install-Package Lucinda -Version 1.0.7

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Lucinda" Version="1.0.7" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Lucinda" Version="1.0.7" />
                    

                            Directory.Packages.props

<PackageReference Include="Lucinda" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Lucinda --version 1.0.7

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Lucinda, 1.0.7"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Lucinda@1.0.7

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Lucinda&version=1.0.7
                    

                            Install as a Cake Addin

#tool nuget:?package=Lucinda&version=1.0.7
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Lucinda

A comprehensive end-to-end encryption (E2EE) library for .NET, providing secure cryptographic operations including symmetric/asymmetric encryption, key exchange, digital signatures, and secure key management.

Features

Symmetric Encryption: AES-GCM and AES-CBC with 128, 192, and 256-bit keys
Asymmetric Encryption: RSA with OAEP padding (2048, 3072, 4096-bit)
Hybrid Encryption: RSA + AES-GCM for efficient large data encryption
Key Exchange: ECDH with P-256, P-384, and P-521 curves
Digital Signatures: RSA (PSS/PKCS#1) and ECDSA
Key Derivation: PBKDF2 and HKDF
Secure Key Storage: In-memory storage with secure clearing
Signal Protocol-like Messaging: X3DH + Double Ratchet with forward secrecy
Header Encryption: Protects message metadata from observation
Sender Keys Protocol: Efficient group messaging with GroupSession
Extensibility: ICurve25519 and IEdDSA interfaces for custom providers

Supported Platforms

Platform	Version
.NET Standard	2.0, 2.1
.NET Framework	4.8, 4.8.1
.NET	6.0, 7.0, 8.0, 9.0, 10.0

Note: Full functionality (RSA, ECDSA, ECDH, hybrid encryption) requires .NET Core 3.0+ or .NET 5.0+. Signal Protocol features (SecureMessaging, X3DH, Double Ratchet) require .NET 6.0+. On .NET Framework and .NET Standard, only symmetric encryption, key derivation, and utility functions are available.

Installation

dotnet add package Lucinda

Or via NuGet Package Manager:

Install-Package Lucinda

Quick Start

High-Level API

using Lucinda;

// Create an E2EE instance
using var e2ee = new EndToEndEncryption();

// Generate key pairs for Alice and Bob
var aliceKeyPair = e2ee.GenerateKeyPair();
var bobKeyPair = e2ee.GenerateKeyPair();

// Alice encrypts a message for Bob
var encrypted = e2ee.EncryptMessage("Hello, Bob!", bobKeyPair.Value.PublicKey);

// Bob decrypts the message
var decrypted = e2ee.DecryptMessage(encrypted.Value, bobKeyPair.Value.PrivateKey);
Console.WriteLine(decrypted.Value); // "Hello, Bob!"

Signal Protocol-like Secure Messaging

using Lucinda;

using var alice = new SecureMessaging();
using var bob = new SecureMessaging();

alice.GenerateIdentityKeyPair();
bob.GenerateIdentityKeyPair();
bob.GeneratePreKeyBundle();

var bobBundle = bob.GetPublicPreKeyBundle();
alice.InitializeSession("bob", bobBundle.Value);

var initialMessage = alice.GetInitialMessageData("bob");
bob.CreateSessionFromInitialMessage("alice", initialMessage.Value);

var encrypted = alice.SendMessage("bob", "Hello with forward secrecy!");
var decrypted = bob.ReceiveMessage("alice", encrypted.Value);

Symmetric Encryption (AES-GCM)

using Lucinda.Symmetric;

using var aes = new AesGcmEncryption(256);

var plaintext = "Sensitive data"u8.ToArray();
var encrypted = aes.Encrypt(plaintext);
var decrypted = aes.Decrypt(encrypted.Value);

Hybrid Encryption (RSA + AES)

using Lucinda.Asymmetric;

using var hybrid = new RsaAesHybridEncryption();
var keyPair = hybrid.GenerateKeyPair();

var data = "Large amount of data..."u8.ToArray();
var encrypted = hybrid.Encrypt(data, keyPair.Value.PublicKey);
var decrypted = hybrid.Decrypt(encrypted.Value, keyPair.Value.PrivateKey);

Digital Signatures

using Lucinda.Signatures;

using var signer = new EcdsaSignature();
var keyPair = signer.GenerateKeyPair();

var data = "Data to sign"u8.ToArray();
var signature = signer.Sign(data);
var isValid = signer.Verify(data, signature.Value);

Key Derivation

using Lucinda.KeyDerivation;

using var pbkdf2 = new Pbkdf2KeyDerivation();
var salt = SecureRandom.GenerateSalt(32);
var derivedKey = pbkdf2.DeriveKey("MyPassword", salt, iterations: 600000, derivedKeyLength: 32);

Key Exchange (ECDH)

using Lucinda.KeyExchange;

using var aliceEcdh = new EcdhKeyExchange();
using var bobEcdh = new EcdhKeyExchange();

var alicePublicKey = aliceEcdh.GetPublicKey();
var bobPublicKey = bobEcdh.GetPublicKey();

// Both derive the same shared secret
var aliceSharedSecret = aliceEcdh.DeriveSharedSecret(bobPublicKey.Value);
var bobSharedSecret = bobEcdh.DeriveSharedSecret(alicePublicKey.Value);

Error Handling

All operations return a CryptoResult<T> that encapsulates success or failure:

var result = aes.Encrypt(data);

if (result.IsSuccess)
{
    var encrypted = result.Value;
}
else
{
    Console.WriteLine($"Error: {result.Error}");
}

// Or use pattern matching
result.Match(
    onSuccess: data => ProcessData(data),
    onFailure: error => HandleError(error)
);

Main Classes

Class	Description
`EndToEndEncryption`	High-level E2EE operations
`AesGcmEncryption`	AES-GCM authenticated encryption
`AesCbcEncryption`	AES-CBC encryption
`RsaEncryption`	RSA asymmetric encryption
`RsaAesHybridEncryption`	Hybrid RSA+AES encryption
`EcdhKeyExchange`	ECDH key exchange
`RsaSignature`	RSA digital signatures
`EcdsaSignature`	ECDSA digital signatures
`Pbkdf2KeyDerivation`	Password-based key derivation
`HkdfKeyDerivation`	HKDF key derivation
`SecureMessaging`	Signal Protocol-like secure messaging
`X3DHKeyAgreement`	X3DH key agreement
`DoubleRatchet`	Double Ratchet algorithm
`HeaderEncryption`	Header encryption for metadata protection
`GroupSession`	Sender Keys protocol for group messaging

Security Considerations

Always securely store and protect private keys
Uses System.Security.Cryptography.RandomNumberGenerator for secure random numbers
Sensitive data is cleared from memory when possible
Use AES-GCM or enable HMAC with AES-CBC for data integrity
Use at least 2048-bit RSA keys and 256-bit AES keys
Use PBKDF2 with at least 600,000 iterations for passwords

Documentation

For complete documentation, samples, and benchmarks, visit the GitHub repository.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributing

Contributions are welcome! Please visit our GitHub repository to submit issues or pull requests.

Product	Compatible and additional computed target framework versions.
.NET	net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.
.NET Core	netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed.
.NET Standard	netstandard2.0 is compatible. netstandard2.1 is compatible.
.NET Framework	net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 is compatible. net481 is compatible.
MonoAndroid	monoandroid was computed.
MonoMac	monomac was computed.
MonoTouch	monotouch was computed.
Tizen	tizen40 was computed. tizen60 was computed.
Xamarin.iOS	xamarinios was computed.
Xamarin.Mac	xamarinmac was computed.
Xamarin.TVOS	xamarintvos was computed.
Xamarin.WatchOS	xamarinwatchos was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

.NETFramework 4.8
- System.Buffers (>= 4.6.1)
- System.Memory (>= 4.6.3)
.NETFramework 4.8.1
- System.Buffers (>= 4.6.1)
- System.Memory (>= 4.6.3)
.NETStandard 2.0
- System.Buffers (>= 4.6.1)
- System.Memory (>= 4.6.3)
.NETStandard 2.1
- No dependencies.
net10.0
- No dependencies.
net6.0
- No dependencies.
net7.0
- No dependencies.
net8.0
- No dependencies.
net9.0
- No dependencies.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Lucinda:

Package	Downloads
Lucinda.Blazor Lucinda.Blazor provides end-to-end encryption (E2EE) capabilities for Blazor WebAssembly applications using the native Web Crypto API. Key Features: • AES-GCM and AES-CBC symmetric encryption via Web Crypto API • RSA-OAEP asymmetric encryption • ECDH key exchange (P-256/P-384/P-521 curves) • ECDSA digital signatures • HKDF and PBKDF2 key derivation • Secure random number generation • IndexedDB-based secure key storage • Signal Protocol support (X3DH, Double Ratchet, Sender Keys) Advantages: • Zero external dependencies - uses browser's native crypto • Hardware-accelerated encryption (AES-NI) • No timing attacks (native implementation) • Compatible with Lucinda for server-side interop Platform Support: Blazor WebAssembly on .NET 6.0-10.0	318

Package

Downloads

Lucinda.Blazor

Lucinda.Blazor provides end-to-end encryption (E2EE) capabilities for Blazor WebAssembly applications using the native Web Crypto API. Key Features: • AES-GCM and AES-CBC symmetric encryption via Web Crypto API • RSA-OAEP asymmetric encryption • ECDH key exchange (P-256/P-384/P-521 curves) • ECDSA digital signatures • HKDF and PBKDF2 key derivation • Secure random number generation • IndexedDB-based secure key storage • Signal Protocol support (X3DH, Double Ratchet, Sender Keys) Advantages: • Zero external dependencies - uses browser's native crypto • Hardware-accelerated encryption (AES-NI) • No timing attacks (native implementation) • Compatible with Lucinda for server-side interop Platform Support: Blazor WebAssembly on .NET 6.0-10.0

318

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.7	408,175	11/30/2025
1.0.6	128	11/29/2025
1.0.5	90	11/29/2025
1.0.4	88	11/29/2025
1.0.3	87	11/28/2025
1.0.2	99	11/28/2025
1.0.1	117	11/28/2025
1.0.0	141	4/26/2025