Keyczar high level encryption toolkit in C#

View project onGitHub

Keyczar dotnet Nugut Install

Implmemented in C# 4 to match up with the Java/Python/C++ Keyczar standard features and will interoperate with them by default. Uses BouncyCastle as backend for most encryption.

  • Keyczar-dotnet:
  • Official keyczar site:


KeyczarTool.exe provides the primary mechanism for creating and managing keysets. Calling KeyczarTool.exe from the commandline without flags will display usage.

See Wiki for more info.


  • .net 4.0 or mono v2.10



Source & Build

Source code can be obtained with

git clone --recursive

Source can be built with msbuild 15, Rider, Visual Studio for Mac 7.1, or Visual Studio 2017. More info about building, especially on mono can be found on the wiki.

Windows Mac Linux
Build Status Build Status Build Status


  • Should interoperate with java/python/c++ with standard api
  • All unofficial/incompatible api changes are under the unofficial names space to be clear what is provided that won’t interoperate with java/python/c++.
  • Unofficial algorithms included are AES-GCM (KeyType=C#_AES_AEAD) and RSA-PSS (KeyType=C#_RSA_SIGN_PRIV) use the unofficial flag on the KeyczarTool.
  • VanillaSigner and VanillaVerifier are feature identical to java/python/c++ UnversionedSigner and UnversionVerifer
  • The Functionality of java/python/c++ SessionEncrypter, SessionDecrypter, SignedSessionEncrypter, and SignedSessionDecrypter are provided by the C# SessionCrypter via constructor arguments.
  • You can use the AppSetting keyczar.strict_dsa_verification if you don’t need java Keyczar compatiblity and need stricter verification of dsa sigs.


Code contribution, reported issues or code reviews welcome! Pull requests are automatically built and tested with Travis CI and AppVeyor.