RSACryptoServiceProvider Question

J

John Wright

I have a x509Certificate that I exported and I am using for testing called
wsTest.cer.pfx. I want to use this cert to send a public key to anyone who
requests it, and then use the private key to decrypt any incoming messages.
In the code below you can see I can grab the publickey string from this cert
and pass it back to the client. I can also create a
RSACryptoServiceProvider from the cert.private key. This is all good and
fine. What I am trying to do, is write the client code that could
encrypt/decrypt messages from the server using the public key, and write
code that would encrypt/decrypt using the private key. Anyone have code
that would do this. I have looked on google with little success.

John

Dim cert As New X509Certificate2("[cert location]", "password")

Dim rsa As RSACryptoServiceProvider = CType(cert.PrivateKey,
RSACryptoServiceProvider)

With cert

TextBox4.Text = .GetKeyAlgorithm

TextBox6.Text = .GetCertHashString & vbCrLf

TextBox5.Text = .PrivateKey.ToString

TextBox6.Text &= .GetPublicKeyString

TextBox5.Text = .GetRawCertDataString

MsgBox(.HasPrivateKey)

End With
 
T

The Frog

Hi John,

If I understand you correctly, you want to take the certificate,
distribute the public key, and then use asymmetric encryption for the
safeguarding of transferred information.

Can I make a suggestion? I would approach the problem just a little
differently. Asymmetric encryption is very processor intensive, and as
such slower to encrypt and decrypt than symmetric. To achieve the same
levels of encryption / safety you also would need much larger keys for
asymmetric than you would for symmetric. So what I would suggest is
this:

1/ Distribute your public key far and wide - or use a service as sa
key provider to get around the key distribution problem.

2/ Settle on a standard of Symmetric encyption to use for the actual
data payload

3/ Generate a unique (one-time) passphrase and temporarily store it
(in memory not on the hard drive)

4/ Use the appropriate key (if you are the source then the private
key) to encrypt a copy of the one-time passphrase and store this
encrypted passphrase in memory (again not on the hard drive)

5/ Take you message that you wish to transfer, and encrypt it with a
symmetric algorithm, such as AES, with the passphrase (unencrypted
version of the passphrase)

6/ Store the encrypted message somewhere (hard drive is okay for this)

7/ Attach the encrypted passphrase to the message, in a way that you
are able to separate out the encrypted key later for retreival.

8/ I would also suggest generating an MD5 hash for the unencrypted
message so that you can verify that the message is decrypted properly
at the other end, and attach this to the encrypted message as well in
such a way that it can be separated.

9/ Send the encypted message + encrypted passphrase + MD5 to the
recipient

10/ At the other end reverse the process (ie/ use public key to
decrypt the passphrase, then use passphrase to decrypt the message,
then check the message against the MD5 hash to see that it is correct.

You can find a simple and clean example of .net cryptography for the
AES algorithm here:

http://www.codeproject.com/dotnet/EncryptFile.asp

It should give you most all of what you need to get the job done.

I hope this points you in the right direction

Cheers

The Frog
 
J

John Wright

What I am trying to do is similar to what you suggest. The only reason to
use the Public Key is for the client to encrypt the password and
intitialization vector for a symmetric encryption and pass it back with the
encrypted payload to the server. The server would then decrypt the password
and IV with the private key and use the password and IV to decrypt the
payload. The problem I am having is getting the server to decrypt the
encrypted passwords with the private key.

John
 
J

John Wright

I figured our the problem. Skipping the certificates and just using the
rsaCryptoProvider. I pass the public key to the client via a web service
call, the client encrypts its symmetric password with the key and passes the
encrypted key and data to the server which decrypts the password then uses
this password to decrypt the payload.

John
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top