Skip to content

mervick/aes-bridge-dotnet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.github/workflows
.github/workflows
 
 
Cli
Cli
 
 
Tests
Tests
 
 
src/AesBridge
src/AesBridge
 
 
AesBridge.csproj
AesBridge.csproj
 
 
AesBridge.sln
AesBridge.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AesBridge .NET

NuGet Version Build Status

AesBridge is a modern, secure, and cross-language AES encryption library. It offers a unified interface for encrypting and decrypting data across multiple programming languages. Supports GCM, CBC, and legacy AES Everywhere modes.

This is the .NET implementation of the core project.
👉 Main repository: https://github.com/mervick/aes-bridge

Features

  • 🔐 AES-256 encryption in GCM (recommended) and CBC modes
  • 🌍 Unified cross-language design
  • 📦 Compact binary format or Base64 output
  • HMAC Integrity: CBC mode includes HMAC verification
  • 🔄 Backward Compatible: Supports legacy AES Everywhere format

Installation

Install the package via NuGet Package Manager Console:

Install-Package AesBridge

or via .NET CLI:

dotnet add package AesBridge

Usage

using AesBridge;

// AES-GCM (recommended)
string gcmCiphertext = AesBridge.Gcm.Encrypt("My secret data", "MyStrongPass");
byte[] gcmPlaintext = AesBridge.Gcm.Decrypt(gcmCiphertext, "MyStrongPass");

// AES-CBC with HMAC validation
string cbcCiphertext = AesBridge.Cbc.Encrypt("My secret data", "MyStrongPass");
byte[] cbcPlaintext = AesBridge.Cbc.Decrypt(cbcCiphertext, "MyStrongPass");

API Reference

All core functions are available through the module AesBridge namespase.

GCM Mode

Galois/Counter Mode - AES 256 with Tag

AesBridge.Gcm.Encrypt (data, passphrase)

Encrypts data using a given passphrase, returning the encrypted result as a base64-encoded string

Parameters:

  • data: string or byte[] - Data to encrypt
  • passphrase: string or byte[] - Encryption passphrase

Returns: string - the encrypted data as a Base64-encoded string.

AesBridge.Gcm.EncryptBin (data, passphrase)

Encrypts data using a given passphrase, returning binary encrypted data

Parameters:

  • data: string or byte[] - Data to encrypt
  • passphrase: string or byte[] - Encryption passphrase

Returns: byte[] - encrypted data in binary format: salt + nonce + ciphertext + tag

AesBridge.Gcm.Decrypt (data, passphrase)

Decrypts Base64-encoded data using a given passphrase

Parameters:

  • data: string or byte[] - Data to decrypt in base64-encoded format
  • passphrase: string or byte[] - Encryption passphrase

Returns: byte[] - decrypted data

AesBridge.Gcm.DecryptBin (data, passphrase)

Decrypts binary data using a given passphrase

Parameters:

  • data: byte[] - Data to decrypt in binary format: salt + nonce + ciphertext + tag
  • passphrase: string or byte[] - Encryption passphrase

Returns: byte[] – decrypted data in binary form.

CBC Mode

Cipher Block Chaining with HMAC Verification - AES 256

AesBridge.Cbc.Encrypt (data, passphrase)

Encrypts data using a given passphrase, returning the encrypted result as a base64-encoded string

Parameters:

  • data: string or byte[] - Data to encrypt
  • passphrase: string or byte[] - Encryption passphrase

Returns: string - the encrypted data as a Base64-encoded string.

AesBridge.Cbc.EncryptBin (data, passphrase)

Encrypts data using a given passphrase, returning binary encrypted data

Parameters:

  • data: string or byte[] - Data to encrypt
  • passphrase: string or byte[] - Encryption passphrase

Returns: byte[] - encrypted data in binary format: salt + nonce + ciphertext + tag

AesBridge.Cbc.Decrypt (data, passphrase)

Decrypts Base64-encoded data using a given passphrase

Parameters:

  • data: string or byte[] - Data to decrypt in base64-encoded format
  • passphrase: string or byte[] - Encryption passphrase

Returns: byte[] - decrypted data

AesBridge.Cbc.DecryptBin (data, passphrase)

Decrypts binary data using a given passphrase

Parameters:

  • data: byte[] - Data to decrypt in binary format: salt + nonce + ciphertext + tag
  • passphrase: string or byte[] - Encryption passphrase

Returns: byte[] – decrypted data in binary form.

Legacy mode

⚠️ These functions are maintained solely for compatibility with older systems. While they remain fully compatible with the legacy AES Everywhere implementation, their use is strongly discouraged in new applications due to potential security limitations compared to GCM or CBC with HMAC.

AesBridge.Legacy.Encrypt (data, passphrase)

Encrypts data using a given passphrase.

Parameters:

  • data: string or byte[] - Data to encrypt.
  • passphrase: string or byte[] - Encryption passphrase.

Returns: string - Encrypted data.

AesBridge.Legacy.Decrypt (data, passphrase)

Decrypts string data using a given passphrase.

Parameters:

  • data: string or byte[] - Data to decrypt in base64-encoded format
  • passphrase: string or byte[] - Encryption passphrase.

Returns: string - Decrypted data.

AesBridge.Legacy.DecryptToBytes (data, passphrase)

Decrypts string data to a byte array using a given passphrase.

Parameters:

  • data: string or byte[]- Data to decrypt in base64-encoded format
  • passphrase: string or byte[] - Encryption passphrase.

Returns: byte[] - Decrypted data as a byte array.

About

AesBridge .NET implementation of cross-language AES encryption library

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v2.0.0 Latest
Jul 20, 2025

Contributors

Languages