Indice.Cryptography 8.2.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Indice.Cryptography --version 8.2.0
                    


                    

                
NuGet\Install-Package Indice.Cryptography -Version 8.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Indice.Cryptography" Version="8.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Indice.Cryptography" Version="8.2.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Indice.Cryptography" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Indice.Cryptography --version 8.2.0
                    


                    

                
#r "nuget: Indice.Cryptography, 8.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Indice.Cryptography@8.2.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Indice.Cryptography&version=8.2.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Indice.Cryptography&version=8.2.0
                    


                            Install as a Cake Tool

Indice.Cryptography

A comprehensive .NET cryptography library focused on PSD2 compliance, X.509 certificate management, and HTTP message signing.

Features

  • PSD2 Compliance: Complete support for Payment Services Directive 2 requirements
  • X.509 Certificate Management: Create, validate, and manage certificates with European Qualified Certificate extensions
  • HTTP Message Signing: Implement HTTP signature-based authentication
  • Certificate Authority: Create and manage custom Certificate Authorities
  • ASN.1/DER Encoding: Low-level cryptographic primitives and certificate extensions

Installation

Install the package via NuGet Package Manager:

Install-Package Indice.Cryptography

Or via .NET CLI:

dotnet add package Indice.Cryptography

Quick Start

Creating PSD2 Certificates

using Indice.Cryptography;
using Indice.Cryptography.X509Certificates;

var certificateManager = new CertificateManager();

// Create a PSD2 certificate request
var request = new Psd2CertificateRequest
{
    City = "Athens",
    State = "Attiki", 
    CountryCode = "GR",
    Organization = "Example Bank",
    OrganizationUnit = "IT",
    CommonName = "api.example-bank.com",
    AuthorityId = "BOG",
    AuthorityName = "Bank of Greece",
    AuthorizationNumber = "123456789",
    ValidityInDays = 365,
    Roles = new Psd2CertificateRequest.Psd2RoleFlags
    {
        Aisp = true,  // Account Information Service Provider
        Pisp = true,  // Payment Initiation Service Provider
        Aspsp = true, // Account Servicing Payment Service Provider
        Piisp = false // Payment Instrument Issuer Service Provider
    },
    QcType = QcTypeIdentifiers.Web
};

// Generate the certificate
var certificate = certificateManager.CreateQualifiedCertificate(
    request, 
    "ca.example.com", 
    issuer: null, // Will create CA on-the-fly
    out RSA privateKey
);

HTTP Message Signing

using Indice.Cryptography.Tokens.HttpMessageSigning;

// Configure HTTP signatures
services.AddHttpSignatures(options => {
    options.MapPath("/payments", 
        HeaderFieldNames.RequestTarget, 
        HeaderFieldNames.Created, 
        HttpDigest.HTTPHeaderName, 
        "x-response-id");
})
.AddSigningCredential(certificate);

// Use in your application
app.UseHttpSignatures();

Certificate Validation

using Indice.Cryptography.Validation;

var validator = new Psd2ClientCertificateValidator();
var isValid = await validator.ValidateAsync(certificate, context);

Key Components

Certificate Management

  • CertificateManager: Core class for certificate creation and management
  • Psd2CertificateRequest: Model for PSD2-compliant certificate requests
  • SubjectBuilder: Fluent API for building X.509 certificate subjects

X.509 Extensions

The library includes comprehensive support for European Qualified Certificate extensions:

  • QualifiedCertificateStatementsExtension: QC statements per ETSI EN 319 412-5
  • AuthorityInformationAccessExtension: Authority information access points
  • CRLDistributionPointsExtension: Certificate revocation list distribution
  • CABForumOrganizationIdentifierExtension: Organization identifier extensions
  • CertificatePoliciesExtension: Certificate policy information

PSD2 Specific Features

  • Psd2Attributes: PSD2 role and authority information
  • NCAId: National Competent Authority identifiers
  • QcTypeIdentifiers: Qualified certificate type identifiers (QWAC, QSEAL, etc.)

HTTP Message Signing

  • HttpSignature: HTTP signature generation and validation
  • HttpDigest: HTTP digest calculation for message integrity
  • HttpSignatureDelegatingHandler: HTTP client handler for automatic signing
  • HttpSignatureSecurityToken: Security token for HTTP signatures

Configuration Examples

ASP.NET Core Integration

// In Program.cs or Startup.cs
services.AddCertificateServer(environment, options => {
    options.IssuerDomain = "ca.example.com";
    options.AddEntityFrameworkStore(sqlOptions => {
        sqlOptions.ConfigureDbContext = builder => {
            builder.UseSqlServer(connectionString);
        };
    });
});

// Configure HTTP signatures for specific endpoints
services.AddHttpSignatures(options => {
    options.MapPath("/api/payments/*", 
        HeaderFieldNames.RequestTarget,
        HeaderFieldNames.Created,
        HttpDigest.HTTPHeaderName);
})
.AddSigningCredential(certificate);

Creating Custom Certificate Authorities

var certificateManager = new CertificateManager();

// Create a root CA certificate
var rootCA = certificateManager.CreateRootCACertificate(
    "Root CA Example", 
    diagnostics: null
);

// Use the CA to sign other certificates
var clientCertificate = certificateManager.CreateQualifiedCertificate(
    request, 
    issuerDomain: "ca.example.com",
    issuer: rootCA,
    out RSA privateKey
);

Certificate Extensions

Qualified Certificate Statements

var qcStatements = new QualifiedCertificateStatementsExtension(
    isCompliant: true,
    limit: new QcMonetaryValue { CurrencyCode = "EUR", Value = 500000 },
    retentionPeriod: 7,
    isQSCD: true,
    pdsLocations: new[] { 
        new PdsLocation { 
            Language = "EN", 
            Url = "https://example.com/pds" 
        } 
    },
    type: QcTypeIdentifiers.Web,
    psd2: new Psd2Attributes
    {
        AuthorityName = "National Bank",
        AuthorizationId = new NCAId("PSD", "GR", "NBG", "123456"),
        HasAccountInformation = true,
        HasPaymentInitiation = true
    },
    critical: false
);

Authority Information Access

var authorityInfo = new AuthorityInformationAccessExtension(new[] {
    new AccessDescription
    {
        AccessMethod = AccessDescription.AccessMethodType.CertificationAuthorityIssuer,
        AccessLocation = "http://ca.example.com/ca.cer"
    },
    new AccessDescription
    {
        AccessMethod = AccessDescription.AccessMethodType.OnlineCertificateStatusProtocol,
        AccessLocation = "http://ocsp.example.com"
    }
}, critical: false);

PSD2 Role Mapping

The library supports all PSD2 payment service provider roles:

Role Code Description Property
PSP_AS Account Servicing HasAccountServicing
PSP_PI Payment Initiation HasPaymentInitiation
PSP_AI Account Information HasAccountInformation
PSP_IC Payment Instrument Issuing HasIssuingOfCardBasedPaymentInstruments

HTTP Signature Algorithm

The library implements the HTTP Signatures draft specification for securing HTTP messages:

// Signature string format
var signatureString = $"{HeaderFieldNames.RequestTarget}: post /payments\n" +
                     $"{HeaderFieldNames.Created}: 1618302811\n" +
                     $"{HttpDigest.HTTPHeaderName}: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=";

// Generate signature
var signature = HttpSignature.GenerateSignature(signatureString, privateKey);

Advanced Usage

Custom Subject Building

var subject = new SubjectBuilder()
    .AddCommonName("api.bank.com")
    .AddOrganization("Example Bank", "IT Department")
    .AddLocation("GR", "Attiki", "Athens")
    .AddEmail("admin@bank.com")
    .AddOrganizationIdentifier(new NCAId("PSD", "GR", "BOG", "123456"))
    .Build();

Certificate Revocation Lists

var crlExtension = new CRLDistributionPointsExtension(new[] {
    new CRLDistributionPoint 
    { 
        FullName = new[] { "http://crl.example.com/revoked.crl" } 
    }
}, critical: false);

Dependencies

  • .NET 8.0 or later
  • DerConverter - ASN.1 DER encoding/decoding
  • PemUtils - PEM format utilities
  • System.IdentityModel.Tokens.Jwt - JWT token handling
  • System.Security.Cryptography.* - Core cryptography APIs

Standards Compliance

This library implements the following standards:

  • RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • RFC 3739 - Internet X.509 Public Key Infrastructure: Qualified Certificates Profile
  • ETSI EN 319 412-5 - Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements in certificates
  • ETSI TS 119 495 - Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; PSD2 sector requirements for eIDAS certificates
  • PSD2 Directive (EU) 2015/2366 - Payment Services Directive 2
  • HTTP Signatures Draft - Signing HTTP Messages

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the terms specified in the project license file (MIT).

Support

For questions and support, please check the project's issue tracker or contact the maintainers.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on Indice.Cryptography:

Package Downloads
Indice.Cryptography.AspNetCore

Package Description
Indice.IdentityServer.Psd2

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
8.2.0 386 10/16/2025
8.1.0 193 10/16/2025
8.0.0 204 10/13/2025

Expose header name.