Implmemented in C# to match up with the Java/Python/C++ Keyczar standard features and will interoperate with them by default, however also has stronger crypto and more flexable features when compatiblity is not necessary. Uses BouncyCastle as backend for most encryption.

• Keyczar-dotnet: http://jbtule.github.io/keyczar-dotnet
• Official keyczar site: http://keyczar.org

KeyczarTool.exe provides the primary mechanism for creating and managing keysets. Calling KeyczarTool.exe from the commandline without flags will display usage.

See Wiki for more info.

• .NET Core 2.1 or later
• .NET Framework 4.5.1 or later

• BouncyCastle 1.8.5 or later
• DotNetZip 1.13.3 later
• Newtonsoft.Json 12.0.2 or later
• Newtonsoft.Json.Bson 12.0.2 or later

• ManyConsole.CommandLineUtils 1.1.6-alpha or later
• McMaster.Extensions.CommandLineUtils 2.3.4 or later

Source code can be obtained with

git clone --recursive https://github.com/jbtule/keyczar-dotnet.git

Source can be built with msbuild 15, Rider, Visual Studio for Mac 7.1, or Visual Studio 2017. More info about building, especially on mono can be found on the wiki.

Windows	Mac	Linux

• Should interoperate with java/python/c++ with offical api how ever the offical versions of keyczar are very behind in crypto algorithms. If you don't need compatiblity I recommend using the unofficial key types.
• Unofficial/incompatible api changes are under the unofficial names space to be clear what is provided that won't interoperate with java/python/c++.
• MutableKeySet is only backward compatible with official keysets stores when reading keys. While it will store the keys differently than official keyczar, it still can produce and decrypt ciphertext compatible with official keyczar.
• Unofficial algorithms included are AES-GCM (KeyType=C#_AES_AEAD), RSA-PSS (KeyType=C#_RSA_SIGN_PRIV),HMAC-SHA2 (KeyType=C#_HMAC_SHA2), and AES-HMAC-SHA2 (KeyType=C#_HMAC_SHA2). To use them use unofficial flag on the KeyczarTool.
• If you have an existing keyset and you didn't create with the --unofficial flag, --force will be required to add an unofficial key type.
• VanillaSigner and VanillaVerifier are feature identical to java/python/c++ UnversionedSigner and UnversionVerifer
• The Functionality of java/python/c++ SessionEncrypter, SessionDecrypter, SignedSessionEncrypter, and SignedSessionDecrypter are provided by the C# SessionCrypter via constructor arguments.
• You can use the AppSetting keyczar.strict_dsa_verification if you don't need java Keyczar compatiblity and need stricter verification of dsa sigs.

Code contribution, reported issues or code reviews welcome! Pull requests are automatically built and tested with Travis CI and AppVeyor.