KNM.CryptoHelper

Production-ready cryptographic library for .NET enterprise applications. Provides AES-256 encryption with HMAC integrity, JWT authentication, API key generation, TOTP MFA, OTP generation, and device fingerprinting.

Installation

Install-Package KNM.CryptoHelper

Single package - OtpNet, QRCoder, UAParser, and JWT libraries included.

Configuration

DI Registration (.NET 10)

builder.Services.AddKnmCryptoCollection(options =>
{
    options.Crypto.CryptoPassword = "YourSecurePassword123!";
    options.Crypto.Iterations = 100_000;
    options.Jwt.JwtSecretKey = "your-jwt-secret-min-32-chars";
    options.Jwt.Issuer = "yourapp.com";
    options.ApiKey.ApiKeySalt = "your-hmac-salt";
    options.Mfa.Digits = 6;
    options.Mfa.Period = 30;
    options.Otp.Length = 6;
    options.Otp.ValidityDurationMinutes = 5;
});

Fluent Override

builder.Services.AddKnmCryptoCollection()
    .WithCrypto(opt =>
    {
        opt.CryptoPassword = "YourSecurePassword123!";
        opt.Iterations = 200_000;
    })
    .WithJwt(opt =>
    {
        opt.JwtSecretKey = "your-jwt-secret-min-32-chars";
        opt.Issuer = "yourapp.com";
        opt.Audience = "yourapp-clients";
        opt.ExpirationMinutes = 60;
    })
    .WithApiKey(opt =>
    {
        opt.ApiKeySalt = "your-hmac-salt";
    })
    .WithMfa(opt =>
    {
        opt.Digits = 6;
        opt.Period = 30;
        opt.Algorithm = MfaTotpHashMode.Sha256;
    })
    .WithOtp(opt =>
    {
        opt.Length = 6;
        opt.ValidityDurationMinutes = 5;
    })
    .WithDeviceFingerprint(opt =>
    {
        opt.Enabled = true;
        opt.SimilarityThreshold = 0.90;
        opt.CacheExpiryDays = 30;
    });

Usage

Inject ICryptoHelper in your services/controllers:

public class AuthService
{
    private readonly ICryptoHelper _crypto;

    public AuthService(ICryptoHelper crypto)
    {
        _crypto = crypto;
    }
}

Text Encryption

string encrypted = _crypto.EncryptText("Sensitive data");
string decrypted = _crypto.DecryptText(encrypted);

API Keys

// Generate
Guid userSalt = Guid.NewGuid();
DateTime expiration = DateTime.UtcNow.AddDays(30);
string apiKey = _crypto.GenerateApiKey(userSalt, expiration);

// Verify
bool isValid = _crypto.VerifyApiKey(userSalt, expiration, apiKey);

JWT Tokens

// Generate
string token = _crypto.GenerateJwtToken(
    userId: "123",
    email: "user@domain.com",
    username: "john.doe"
);

// Validate
var (isValid, jwtToken, expirationDate) = _crypto.JwtTokenIsValid(token);
if (isValid == "Valid")
{
    // Access claims via jwtToken.Claims
}

MFA TOTP

// Setup (registration/profile)
string encryptedSecret = _crypto.GenerateMfaSecret();
// Save encryptedSecret to database

string qrCode = _crypto.GenerateMfaQrCode("user@domain.com", encryptedSecret);
// Display: <img src="@qrCode" />

MfaObject mfaInfo = _crypto.GenerateMfaCode("user@domain.com", encryptedSecret);
// Display mfaInfo.Uri (for Uri), or use mfaInfo.PlainSecret for manual entry or use mfaInfo.QrCodeSvg for QR code visualization

// Verify (login)
bool isValid = _crypto.VerifyMfaCode(user.EncryptedMfaSecret, "123456");

OTP Generation & Verification

// Generate + send
OtpResult otp = crypto.GenerateOtp();
await db.SaveOtpAsync(userId, otp.Code, otp.ExpiryDate);
await email.SendAsync(user.Email, otp.Code);

// Verify
bool valid = crypto.VerifyOtp(storedCode, userCode, storedExpiry);

Device Fingerprinting

// Generate fingerprint
string fingerprint = _crypto.GenerateDeviceFingerprint(context);

// Get device info
DeviceInfo device = _crypto.GetDeviceInfo(context);
// device.Browser, device.OS, device.DeviceType, device.IpAddress

// Compare fingerprints
double similarity = _crypto.CalculateFingerprintSimilarity(fp1, fp2, threshold: 0.90);
bool isSameDevice = similarity >= 0.90;

// Inject device context (middleware)
await _crypto.InjectDeviceContextAsync(context, userId);
// Sets context.Items["DeviceInfo"], context.Items["DeviceFingerprint"], context.Items["MFARequired"]

OTP Generation

OtpResult otp = _crypto.GenerateOtp();
// otp.Code (6 digits default), otp.ExpiryDate
// Save to database, send via email/SMS

Configuration Options

public class Options
{
    public CryptoOptions Crypto { get; set; }
    public JwtOptions Jwt { get; set; }
    public ApiKeyOptions ApiKey { get; set; }
    public MfaOptions Mfa { get; set; }
    public OtpOptions Otp { get; set; }
    public DeviceFingerprintOptions DeviceFingerprint { get; set; }
}

CryptoOptions

CryptoPassword: AES encryption password
SaltSize: Salt bytes (default 32)
IvSize: IV bytes (default 16)
KeySize: Key bytes (default 32)
Iterations: PBKDF2 iterations (default 100,000)

JwtOptions

JwtSecretKey: HMAC-SHA256 secret (min 32 chars)
Issuer: Token issuer
Audience: Token audience
ExpirationMinutes: Token lifetime (default 60)

MfaOptions

Digits: TOTP code length (default 6)
Period: Time step seconds (default 30)
Algorithm: Hash mode (SHA1/SHA256/SHA512)
VerificationWindow: Time tolerance (default ±1 step)
DefaultIssuer: QR code issuer name

OtpOptions

Length: OTP digits (1-10, default 6)
ValidityDurationMinutes: Expiration time (default 5)

DeviceFingerprintOptions

Enabled: Enable device tracking (default true)
SimilarityThreshold: Match threshold 0.0-1.0 (default 0.90)
CacheExpiryDays: Trusted device cache duration (default 30)
MaskLevel: 32, 24, 20, 16 (default 20)

Technical Details

Feature	Algorithm	Format
Encryption	AES-256-CBC + HMAC-SHA256	Base64
API Keys	HMAC-SHA256	Base64
JWT	HMAC-SHA256	RFC 7519
MFA	TOTP RFC 6238	Base32 secret
Fingerprint	SHA-256	32-char hex

License

Proprietary - KoNiMa Software & More

Showing the top 20 packages that depend on KNM.CryptoHelper.

Packages	Downloads
KNM.LicenseValidator Hybrid offline/online license validation library for .NET 10 with multilanguage support (IT/EN). Features RSA, AES, and HMAC security with database storage and API integration.	0
KNM.LicenseValidator Hybrid offline/online license validation library for .NET 9 with multilanguage support (IT/EN). Features RSA, AES, and HMAC security with database storage and API integration.	0
KNM.LicenseValidator Hybrid offline/online license validation library for .NET 9 with multilanguage support (IT/EN). Features RSA, AES, and HMAC security with database storage and API integration.	1
KNM.LicenseValidator Hybrid offline/online license validation library for .NET 9 with multilanguage support (IT/EN). Features RSA, AES, and HMAC security with database storage and API integration.	2

.NET 10.0

Microsoft.AspNetCore.Http (>= 2.3.9)
Microsoft.Extensions.Caching.Memory (>= 10.0.3)
Microsoft.Extensions.Configuration.Abstractions (>= 10.0.3)
Otp.NET (>= 1.4.1)
QRCoder (>= 1.7.0)
System.IdentityModel.Tokens.Jwt (>= 8.16.0)
UAParser (>= 3.1.47)

Version	Downloads	Last updated
1.6.0	4	26/03/2026
1.5.1	4	25/03/2026
1.5.0	0	25/03/2026
1.4.9	4	05/03/2026
1.4.8	0	05/03/2026
1.4.7	2	24/02/2026
1.4.6	1	24/02/2026
1.4.5	1	23/02/2026
1.3.9	4	09/01/2026
1.3.8	1	08/01/2026
1.3.7	1	08/01/2026
1.3.6	1	08/01/2026
1.3.5	1	08/01/2026
1.2.9	2	08/01/2026
1.2.8	1	08/01/2026
1.2.7	1	08/01/2026
1.2.6	1	08/01/2026
1.2.5	4	08/01/2026