$ cd ..

> CIP — KEP & e-Correspondence Platform

@ Aizec Yazılım & Bilişim

Jan 2026 - Present

.NET 10C#Clean ArchitecturePostgreSQLRedisSignalREF CoreNext.js 16React 19TypeScriptTailwind CSSRadix UIReact QueryZustandPKCS#11BouncyCastleCAdESDocker

A full-stack enterprise platform for Turkish KEP (Registered Electronic Mail) and e-Yazışma document management. Unifies four different REM providers (TURKKEP, PTTKEP, TNBKEP, EDMKEP) behind a single interface, automates digital signature workflows, and maintains full audit trails for legal compliance.

Backend (.NET 10, Clean Architecture)

  • >Clean Architecture REST API built with Minimal APIs, PostgreSQL 16 and EF Core 10
  • >Integrated 4 REM providers via factory pattern with OAuth 2.0 / legacy authentication
  • >Real-time operation tracking with SignalR hub and Redis-backed state persistence across restarts
  • >JWT + LDAP authentication with 2FA (SMS/Email OTP) and granular per-endpoint rate limiting
  • >AES-256-CBC encryption service with PBKDF2 (100k iterations) and per-domain key isolation for secure credential storage
  • >OTP system with HMAC-SHA256 constant-time verification and progressive lockout
  • >Global exception middleware with RFC 7807 Problem Details and automatic audit logging
  • >REM polling background service: staggered scheduling, concurrent sync, race-condition-safe proof download
  • >Serilog + Seq structured logging and OpenTelemetry + Prometheus + Grafana metrics pipeline
  • >e-Yazışma (EYP) XML package generation with multi-version support (V1.3 / V2.0), compliant with the Turkish national correspondence standard

Frontend (Next.js 16, React 19)

  • >Client-heavy application with TypeScript, Tailwind CSS 4 and Radix UI
  • >State management with TanStack React Query + Zustand (persist); forms with React Hook Form + Zod
  • >Real-time updates via SignalR WebSocket with automatic reconnection (exponential backoff)
  • >Full i18n support (Turkish / English) with i18next and namespace-based translation files
  • >WCAG accessibility with Radix primitives, ARIA attributes, and keyboard navigation
  • >Bulk operations engine (~728 LOC) with abort-signal cancellation, 5-minute polling timeout and per-item error reporting
  • >Multi-phase batch workflow (MIME preparation → signing session → bulk send) with OAuth retry and detailed result aggregation
  • >Next.js middleware with route-based auth guards and open-redirect prevention
  • >EYP viewer with hierarchical tree navigation, signature detail inspection and embedded document preview

CipImza — Desktop Signing App (.NET 10)

  • >PKCS#11 digital signing Windows application for USB tokens and smartcards with auto-detection of installed libraries (Akis, SafeNet, etc.)
  • >Extended HSM support (Thales Luna, Utimaco, SoftHSM) via PKCS#11 for high-volume server-side signing
  • >Custom protocol handler (cipimza://) for seamless browser-to-desktop signing bridge
  • >CAdES-BES cryptographic signatures (BouncyCastle) supporting SHA-256/384/512 and RSA/ECDSA
  • >RFC 3161 timestamping via HTTP timestamp authority for long-term signature validity
  • >Headless signing mode, REST API, API-key authentication and async signing job queue