In my Application project I have INestedRequestObjectEncryptor interface, which is frequently used (in all endpoints), because it's used to decrypt requests and encrypt responses. Where should I put implementation of this interface in Clean Architecture? I think not in Infrastructure, because it's for data access. Also not in Core, because implementation needs to use external NuGet package, and Application layer should contain only Interfaces for other layers, as I read here: https://medium.com/dotnet-hub/clean-architecture-with-dotnet-and-dotnet-core-aspnetcore-overview-introduction-getting-started-ec922e53bb97. So where is the place for implementations like this?
Here is a mental model to consider while getting to the solution:
If I am asked to change the application to have a Command Line Interface, will it cause the application/domain logic to change?
In your case, INestedRequestObjectEncryptor is limited to drive request/response (HTTP interface) only. Even if it is accessing the data (which should be immutable and should be driven by domain logic), the purpose of this interface will strictly be limited to Web/API.
You can think of layering as follows:
UserUserWeb/API are used to make the logic available to users. So they can use read entities, ask to change/update entities and provide the result to the end user(client).As I see this, even if INestedRequestObjectEncryptor is accessing the data, it is limited to enabling the Web/API to work. It is not business logic.
Obviously, I have little to no understanding of what your actual application is, I am only hoping to provide a mental model of thinking about interactions.