β SECURITY UPDATE: This library has been migrated from the vulnerable Grpc.Core to the secure Grpc.Net.Client 2.65.0. All known vulnerabilities (CVE-2023-32731, CVE-2023-33953) have been fixed!
Post-quantum secure gRPC communication made ridiculously easy!
SecureGrpc provides transparent end-to-end encryption for gRPC using state-of-the-art cryptography:
- π‘οΈ ML-KEM (Kyber-768) - Post-quantum secure key encapsulation
- π Diffie-Hellman - Classic perfect forward secrecy
- π AES-256-GCM - Authenticated encryption
dotnet add package SecureGrpcusing SecureGrpc;
// One line to create a secure server!
using var server = Secure.Server(5001)
.OnMessage(data => {
Console.WriteLine($"Received: {Encoding.UTF8.GetString(data)}");
return Encoding.UTF8.GetBytes("Hello from server!");
})
.Start();using SecureGrpc;
// One line to create a secure client!
using var client = Secure.Client("localhost", 5001);
// Send messages - automatically encrypted!
var response = await client.SendAsync("Hello server!");
Console.WriteLine($"Server said: {response}");// Server-side (using ASP.NET Core)
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddGrpc()
.AddSecureGrpc(); // Add this line!
builder.Services.AddSingleton<YourServiceImpl>();
var app = builder.Build();
app.MapGrpcService<YourServiceImpl>();
app.Run();
// Client-side
var channel = GrpcChannel.ForAddress("https://localhost:5001")
.WithEncryption(); // Add this line!
var client = new YourService.YourServiceClient(channel);var channel = "localhost".CreateSecureChannel(5001)
.WithHttpClient()
.Build();β
No Security Vulnerabilities - Using secure Grpc.Net.Client 2.65.0
β
Zero Configuration - Works out of the box
β
Post-Quantum Secure - Resistant to quantum computer attacks
β
Perfect Forward Secrecy - Past sessions remain secure
β
Automatic Key Management - No manual key handling
β
Session Management - Automatic session creation and reuse
β
Cross-Language Compatible - Implement the protocol in any language
- Automatic Key Exchange: Client and server automatically perform a hybrid key exchange using both ML-KEM and Diffie-Hellman
- Session Establishment: A secure session is created with a unique shared secret
- Transparent Encryption: All messages are automatically encrypted with AES-256-GCM
- Zero Trust: Each session uses unique keys derived from the shared secret
- Key Exchange: ~50ms (one-time per session)
- Encryption/Decryption: <1ms per message
- Memory Overhead: ~10KB per session
- Key Exchange: ML-KEM-768 (Kyber) + DH-2048
- Encryption: AES-256-GCM with 128-bit tags
- Key Derivation: HMAC-SHA256
- Random: Cryptographically secure RNG
SecureGrpc protects against:
- π Eavesdropping (including by quantum computers)
- π Man-in-the-middle attacks (with proper certificate validation)
- π Message tampering
- π Replay attacks
var server = Secure.Server(5001)
.OnMessage(async data => {
// Async processing
await ProcessDataAsync(data);
return responseData;
})
.Start();var client1 = Secure.Client("server1", 5001);
var client2 = Secure.Client("server2", 5002);
// Each client maintains its own secure session
await Task.WhenAll(
client1.SendAsync("Hello server 1"),
client2.SendAsync("Hello server 2")
);# Run all tests
dotnet test
# Run with coverage
dotnet test --collect:"XPlat Code Coverage"We welcome contributions! Please see CONTRIBUTING.md for details.
MIT License - see LICENSE for details.
- BouncyCastle for cryptographic implementations
- gRPC for the RPC framework
- NIST for standardizing ML-KEM
Made with β€οΈ for developers who care about security