Stream based RSA encryption?

[nickdu]

Is there a stream based mechanism for encryption/decryption using the RSA
algorithm? I found CryptoStream but so far I don't see that RSA works with
CryptoStream.
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com

 

[nickdu]

After reading some more in the cryptography section I see that asymetric key
encryption is not meant to be used on large amounts of data. Instead you
should use public key encryption to encrypt a symetric key and
encrypt/decrypt using the symetric key.

That being said, if I want to encrypt data that will be stored, like in a
file or in the DB, I'm thinking I should do it as follows:

1. Create a symetric key.

2. Encrypt the symetric key with a public key.

3. Store the encrypted symetric key in the stream of encrypted data.

4. Encrypt the stream of data with the symetric key.

When I need to decrypt:

5. Decrypt the symetric key with the private key.

6. Decrypt the rest of the stream with the symetric key.
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com

 

[Steven Cheng]

Hi Nick,

Yes, your conclusion is correct. Generally for large amount of data,
symmetric encryption is used due to performance consideration. And the
symmetric encryption key(we call it session key) is further secured via
asymmetric (such as RSA or DSA) encryption. The encrypted session key
itself is attached with the message body(encrypted via session key) just
like a message header(so that it can be decrypted later at receiver side.

Also, start from .NET 2.0, windows encryption (symmetric, asymmetric or
certifcicate based ..) have been much simplified via more OOB classes. You
can

http://www.codeproject.com/KB/security/SimpleEncryption.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).


--------------------

 

[nickdu]

OOB means? Object Oriented Base?
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com

 

[Steven Cheng]

Thanks for your reply Nick,

I'm sorry for the confusion. OOB here means "Out of the box" , just means
those "built-in" ones.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

 

[nickdu]

Is there a standard format for including the encrypted session key in the
body of the message? I encoded it as follows:

byte[] key = asymetric.Encrypt(symetric.Key, false);
byte[] iv = asymetric.Encrypt(symetric.IV, false);

byte[] length = BitConverter.GetBytes((int) key.Length);
output.Write(length, 0, length.Length);
length = BitConverter.GetBytes((int) iv.Length);
output.Write(length, 0, length.Length);
output.Write(key, 0, key.Length);
output.Write(iv, 0, iv.Length);

Which equates to:

1. Write out int value indicating length of key.
2. Write out int value indicating length of iv.
3. Write out key.
4. Write out iv.

Is that reasonable? I assume I need to store the lengths of the key and iv
as those could vary, correct?
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com

 

[Steven Cheng]

Hi Nick,

For standard format, you may look for some network security channel's
implementation. For example, the SSL channel implementation. For .NET
framework, it provide built-in XML encryption implementation. You can have
look at the XML encryption process(via asymmetric key), which also use
asymmetirc key to encrypt symmetirc session key and use session key encrypt
XML data.

#How to: Encrypt XML Elements with Asymmetric Keys
http://msdn.microsoft.com/en-us/library/ms229746.aspx

Also, you can try the XML encrypt code and view its encrypted XML block
which will give you a clear message format(include encrypted message header
and body). Thus, it's specific to XML encryption, the idea can be adopted
into your binary encryption as well.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

--------------------

From: =?Utf-8?B?bmlja2R1?=

Subject: RE: Stream based RSA encryption?
Date: Tue, 13 Jan 2009 13:07:02 -0800

Is there a standard format for including the encrypted session key in the
body of the message? I encoded it as follows:

byte[] key = asymetric.Encrypt(symetric.Key, false);
byte[] iv = asymetric.Encrypt(symetric.IV, false);

byte[] length = BitConverter.GetBytes((int) key.Length);
output.Write(length, 0, length.Length);
length = BitConverter.GetBytes((int) iv.Length);
output.Write(length, 0, length.Length);
output.Write(key, 0, key.Length);
output.Write(iv, 0, iv.Length);

Which equates to:

1. Write out int value indicating length of key.
2. Write out int value indicating length of iv.
3. Write out key.
4. Write out iv.

Is that reasonable? I assume I need to store the lengths of the key and iv
as those could vary, correct?
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com


: