AWS Cryptographic Material Providers Library for .NET

Important Development of this project has moved from a per language repository to a monorepo here: https://github.com/aws/aws-cryptographic-material-providers-library

The AWS Cryptographic Material Providers Library abstracts lower level cryptographic materials management of encryption and decryption materials. It uses cryptographic best practices to protect the data keys that protect your data. The data key is protected with a key encryption key called a wrapping key. The encryption method returns the data key and one or more encrypted data keys. Supported libraries use this information to perform envelope encryption. The data key is used to protect your data, and the encrypted data keys are stored alongside your data so you don’t need to keep track of the data keys separately. You can use AWS KMS keys in AWS Key Management Service(AWS KMS) as wrapping keys. The AWS Cryptographic Material Providers Library also provides APIs to define and use wrapping keys from other key providers.

The AWS Cryptographic Material Providers Library for .NET provides methods for encrypting and decrypting cryptographic materials used in higher level client side encryption libraries.

Security

If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our vulnerability reporting page. Please do not create a public GitHub issue.

Getting Started

Required Prerequisites

To use the AWS Cryptographic Material Providers Library for .NET you must have:

• A .NET Framework 6.0 development environment

  If you do not have it installed, you can find installation instructions here.

• Bouncy Castle

  The AWS Cryptographic Material Providers Library for .NET uses Bouncy Castle for the underlying cryptography and to serialize and deserialize cryptographic objects.

  If you do not have Bouncy Castle, go to https://www.bouncycastle.org/csharp/ to learn more. You can also download it from NuGet

    <PackageReference Include="BouncyCastle.Cryptography" Version="2.2.1" />

Optional Prerequisites

AWS Integration

You don’t need an Amazon Web Services (AWS) account to use the AWS Cryptographic Material Providers Library, but some APIs require an AWS account, an AWS KMS key, or an AWS DynamoDB Table. However, all APIs require the AWS SDK for .NET V3.

Note that Async AmazonKeyManagementServiceClient and Async DynamoDBAsyncClient methods are not supported, only the synchronous methods.

• To create an AWS account, go to Sign In or Create an AWS Account and then choose I am a new user. Follow the instructions to create an AWS account.

• To create a KMS key in AWS KMS, see Creating Keys.

• To download and install the AWS SDK for .NET 3.x, see Installing the AWS SDK for .NET 3.x.

Download the AWS Cryptographic Material Providers Library for .NET

The AWS Cryptographic Material Providers Library for .NET is available on NuGet and can be referenced from an existing .csproj.

Using the dotnet CLI:

dotnet add <your-project-name>.csproj package AWS.Cryptography.MaterialProviders

Alternatively, you may directly modify the .csproj and add the AWS Cryptographic Material Providers Library to PackageReference ItemGroup:

<PackageReference Include="AWS.Cryptography.MaterialProviders" />

The AWS Cryptographic Material Providers Library targets .NET Framework 6.0.

Additional setup for macOS only

If you are using macOS then you must install OpenSSL 1.1, and the OpenSSL 1.1 lib directory must be on the dynamic linker path at runtime. Also, if using an M1-based Mac, you must install OpenSSL and the .NET SDK for x86-64. Please refer to this wiki for detailed instructions.

License

This library is licensed under the Apache 2.0 License.