[Mono-dev] Linux/Unix equivalent of RSACryptoServiceProvider

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue May 9 18:06:15 EDT 2006


Hello Dan,

On Tue, 2006-05-09 at 17:01 -0400, Dan Dombrowsky wrote:
> Hey, this isn't exactly a mono question but 

IMO it's enough of a mono question, but anyway it's an interesting
interop question.

> does anyone know of a unix/linux program or library that is compatible
> with the .NET RSACryptoServiceProvider class?

The devil is in the details... most of them should be (e.g. OpenSSL,
NSS) but:

- it's possible some libraries will allows stuff not easily done with
RSACryptoServiceProvider, like directly [en|de]crypting unpadded (raw)
data (there are good reasons not to do that);

- RSA use big numbers and some libraries use them as big or little
numbers (yep, it's not limited to under 64bits integers ;-). Simply
reversing the array normally solves that;

- padding and structures (or lack of) may also vary. It's more a matter
of matching properties and acronyms;

- some only offers the cryptographic primitives and often _look_ much
easier to use. However they are a _lot_harder_ to use securely and,
IMHO, not worth the extra time (as people are supposed to use them for
security, not simplicity ;-);

> Basically I just need to know if I receive a string encrypted with a
> unix library with RSA,

Now you should know that while many people use RSA to (directly) encrypt
data (bad), but it isn't really built for that (i.e. RSA should be used
for key exchange). This is often easy to "fool" but can come back to
haunt you later (e.g. maximum string length wrt to key size and
padding);

>  can I decrypt it with .NET out of the box 

Mono, just like .NET, supports most of current (and older) standards so
you should be able to do just about anything (standard-wise). So yes it
should work out-of-the-box if done correctly.

> or do I need to write a compatibility layer, and if a layer is needed
> then what is involved, etc.  

The most likely issue is the big integer endianess. Other issue can show
up if you don't have a crypto library supporting the same standards (or
don't use the right API, when multiple level are offered).

> I'm hoping someone developing Mono's System.Security.Cryptography
> namespace can help me here...

I hope it helped a bit :)
-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/




More information about the Mono-devel-list mailing list