Skip to content

Releases: systemslibrarian/PostQuantum.KeyManagement

PostQuantum.KeyManagement 1.0.1

Choose a tag to compare

@systemslibrarian systemslibrarian released this 30 Jun 10:26

Patch release — defensive-copy hardening. No wire-format or public-API change; a drop-in over 1.0.0.

Fixed

  • LocalContentKeyProvider.ActiveSalt now returns a defensive copy of the active KEK salt instead of a ReadOnlyMemory<byte> view over the internal array. The previous view could be unwrapped via MemoryMarshal.TryGetArray and written through, mutating the active salt so that a later ExportMetadata() / Import() failed key-id re-derivation and permanently locked the keyring. Not an eavesdropping vector (the DEK is never exposed) — an availability hazard, now closed. Added a regression test.

Found via an external code review. 87 tests pass.

dotnet add package PostQuantum.KeyManagement --version 1.0.1

To God be the glory — 1 Corinthians 10:31.

PostQuantum.KeyManagement 1.0.0

Choose a tag to compare

@systemslibrarian systemslibrarian released this 30 Jun 09:58

Envelope encryption + key rotation for .NET, with a secure local KEK provider (Argon2id + AES-256-GCM) and first-class DI integration. 1.0 freezes the public API and the keyring/token wire formats — SemVer is now in force.

No crypto-logic changes since 0.4.0-preview.2: the AES-256-GCM content-key wrap, Argon2id KEK derivation, the HMAC-SHA256 keyring verifier, and memory zeroing are byte-for-byte identical. 1.0 is the stability commitment plus one supply-chain fix.

Fixed

  • Supply chain: the EfCore.Sample moved to EF Core 10 + the patched SQLitePCLRaw 3.0.x, clearing the high-severity advisory GHSA-2m69-gcr7-jv3q that the transitive 2.1.x native bundle carried. (Samples are not shipped in the package.)

Changed

  • Version 0.4.0-preview.21.0.0; AssemblyVersion 1.0.0.0. Preview framing removed from the README, KNOWN-GAPS, and roadmap.

Honest limitations carried into 1.0 (documented, not blockers)

  • The post-quantum property here is symmetric-by-key-size only (AES-256-GCM + Argon2id, ~128-bit post-quantum strength under Grover). No asymmetric KEM ships in this package.
  • Not yet independently audited — written with care, RFC 9106 Argon2id KATs, hostile-input tests, and a published threat model; a third-party review is on the roadmap.
  • Cloud KMS providers are an extension point, not yet shipped as packages.

Install

dotnet add package PostQuantum.KeyManagement

Targets net8.0 / net9.0 / net10.0. Deterministic builds, SourceLink, symbol packages, AOT-compatible. 86 tests pass.

To God be the glory — 1 Corinthians 10:31.