Rebex Security

XTS-AES and other handy security classes for .NET

Download 30-day free trial Buy from $99
More .NET libraries
// create an encryption/decryption object
var encryptor = new FileEncryption();

// specify a password
encryptor.SetPassword("secret password");

// decrypt a file
encryptor.Decrypt("log.xts", "log.txt");
Show me more code...
Security library for C# and VB.NET developers. Provides XTS-AES encryption wrapper stream, making it easy to add strong encryption capabilities to existing applications.
Also includes simple file encryption/decryption API, essential PKCS #7 objects and a collection of useful cryptographic algorithms.

Why Rebex Security?

Simple file encryption

FileEncryption objects provides a very simple file and stream encryption API that supports:

  • Encryption and decryption of files
  • Encryption and decryption of streams
  • Supports AES, 3DES and Twofish in CBC mode
  • Supports XTS-AES (defined by IEEE P1619)
  • Password-based protection
  • PBKDF2 key derivation

XTS-AES encryption stream

XtsStream object is a transparent wrapper stream that adds encryption/decryption support to any .NET stream object, which makes it simple to integrate it with existing applications.

XtsStream utilizes XTS-AES, a standard sector-based data encryption method defined by IEEE P1619. This makes the stream seekable and capable of both read and write operations.

PKCS #7 (CMS) API with PSS and OAEP support

Rebex Security includes an API for two essential PKCS #7 (CMS) objects, SignedData and EnvelopedData, a standard format for electronic signature and encryption of binary data using X.509 certificates.

Rebex PKCS #7 (CMS) API supports RSASSA-PSS (RSA signatures with PSS padding) and RSAES-OAEP (RSA encryption with OAEP padding) on all platforms, including .NET 2.0 and .NET Compact Framework.

X.509 Certificate API

Rebex Security includes a platform-independent API for X.509 certificates and related structures and operations. This makes it possible to issue a self-signed certificate or create a custom certification authority for testing. Converting certificates and private keys from one format to another is simple as well. The Certificate class supports signing/validation and encryption/decryption functionality as wel.

Cryptographic algorithms

Rebex Security also includes several symmetric key algorithms such as Twofish, Blowfish or ArcFour that are not provided by .NET Framework, legacy hash algorithms and managed implementation of RSA, DSA and Diffie-Hellman. The following objects are available:

  • Twofish symmetric cipher
  • Blowfish symmetric cipher
  • RC2™ * symmetric cipher
  • ArcFour symmetric cipher (compatible with RC4)
  • MD4 legacy hash algorithm
  • MD5 legacy hash algorithm
  • RSA public-key cryptography
  • DSA public-key cryptography
  • Diffie-Hellman key exchange algorithm

(*RC2 is a registered trademark of RSA Security LLC)



8, 7, 6, 5

.NET Framework

3.5 SP1, 4.0-4.8.1

.NET Core



6.0 or higher


13.10 or later


10.1 or later

Learn more about supported standards and platforms.

Legacy platforms

(not included in standard product packages - see more)


.NET Compact Framework


.NET Framework


Featured samples

View all 4 C# and VB.NET samples