Is Double Encryption in possible in C#/.NET

[viduras]

Hi,

Is there any way in .NET/C# where double encryption can be used in
exchanging a symmetric key ?

If I ellaborate it further, say in a client server application, the
symmetric key that would be used for encryption-decryption would be
generated. The server and client has already exchanged public keys. The
server encrypts the symmetric key first using its private key and then
encrypts it using the public key of the client.

The client public key encryption at the server ensures that only the
client can decrypt the message, further more the private key encryption
by the server confirms that its the proper server that has sent the
secret key to the client.

Is this possible in .NET/C# and if so, whats the best method to go
about doing this.

Your early response to this will be very much appreciated,

Thanks,

Vidura

 

[Nicholas Paldino [.NET/C# MVP]]

Vidura,

Have you checked out the System.Security.Cryptography namespace?
Specifically, any class deriving from AsymmetricAlgorithm should do exactly
what you want.

Hope this helps.

 

[viduras]

Hi Nicholas,

Thanks for the reply. Yes I've checked the namespace and I've played
around with a few ways which I thought would lead to possible double
encryption.

I tried using RSAOAEPKeyExchangeFormatter, through which it is possible
to send a secret with the key exchange. However this only encrypts the
secret using the public key of the recipient. Therefore this is not
exactly double encryption.

I also tried using RSACryptoServiceProvider together with
RijndaelManaged, but that wasn't successful either. Although here, I
simply tried to use the Encrypt methods direction on the Rijndael Key.
The first step of encryption yielded in a 128 bit byte array. And in
the second encryption call it gives an exception saying Bad Length.
This is due to limitation with RSA I thought.

Is there any other way that I could try to get this done..?

Thanks again...!

Vidura

 

[Rodger Constandse]

Hi,

Yes this can be done.

The RSACryptoServiceProvider (or any other equivalent AsymmetricAlgorithm)
class in the System.Security.Cryptography namespace contains everything that you
need.

Instead of encrypting the symmetric key twice, what you are looking for is
called a digital signature. Here is how it would work:

Assuming client/server have already exchanged public keys, when the server sends
a message to the client it:

1) Generates the symmetric encyption key
2) Server encrypts the symmetric key using the client's public key
3) Server digitally signs the encrypted key using its private key

The server sends the encrypted key + digital signature + encrypted message to
client. Instead of encrypting the symmetric key twice, you send two pieces of
data to the client: encrypted key and digital signature.

When the client receives the information it can:

1) Use the digital signature to verify that the encrypted key was created by the
server (using the server's public key to verify)
2) Decrypt the symmetric key using its private key
3) Decrypt the message using the decrypted symmetric key

Use the SignData and VerifyData methods of RSACryptoServiceProvider with
SHA1Managed as the hash algorithm.

If you want, you could even digitally sign the entire message instead of just
the encrypted key: encrypted key + encrypted message + digital signature

Best regards,

Rodger

Achieve Planner - Track your projects/tasks and schedule them in your calendar
<http://www.effexis.com/achieve/planner.htm>

Sequence Diagram Editor - Draw sequence diagrams faster
<http://www.SequenceDiagramEditor.com>

 

[viduras]

Hi Rodger,

Extremely sorry for the very late reply on this. I've tried your
approach and it works very well. Thanks a lot for your help.

Best Regards,

Vidura