[Mono-dev] Linux/Unix equivalent of RSACryptoServiceProvider
Dan Dombrowsky
ddombrow at gmail.com
Tue May 9 19:22:54 EDT 2006
Thanks for the speedy reply.
That helps alot actually.
In my case I am actually encrypting a very trivial amount of data.
Basically I'm exchanging a 10 character identifier over the web and want to
take advantage of the benefits of digital signatures by using a PKI
solution.
"- RSA use big numbers and some libraries use them as big or little
numbers (yep, it's not limited to under 64bits integers ;-). Simply
reversing the array normally solves that;"
That's actually pretty enlightening, I've noticed the unmanaged Windows
crypto libraries require an array reverse before I can work with them in
.NET. Now I have an idea why.
So it seems like interop with .NET can be achieved when using the same
padding and structure standards. That's good to know. it was what I was
hoping for. I will take a closer look at the two libraries you mentioned
(OpenSSL and NSS) and see what I can find. NSS in particular looks like it
supports a wide variety of standards.
Thanks again.
On 5/9/06, Sebastien Pouliot <sebastien.pouliot at gmail.com> wrote:
>
> Hello Dan,
>
> On Tue, 2006-05-09 at 17:01 -0400, Dan Dombrowsky wrote:
> > Hey, this isn't exactly a mono question but
>
> IMO it's enough of a mono question, but anyway it's an interesting
> interop question.
>
> > does anyone know of a unix/linux program or library that is compatible
> > with the .NET RSACryptoServiceProvider class?
>
> The devil is in the details... most of them should be (e.g. OpenSSL,
> NSS) but:
>
> - it's possible some libraries will allows stuff not easily done with
> RSACryptoServiceProvider, like directly [en|de]crypting unpadded (raw)
> data (there are good reasons not to do that);
>
> - RSA use big numbers and some libraries use them as big or little
> numbers (yep, it's not limited to under 64bits integers ;-). Simply
> reversing the array normally solves that;
>
> - padding and structures (or lack of) may also vary. It's more a matter
> of matching properties and acronyms;
>
> - some only offers the cryptographic primitives and often _look_ much
> easier to use. However they are a _lot_harder_ to use securely and,
> IMHO, not worth the extra time (as people are supposed to use them for
> security, not simplicity ;-);
>
> > Basically I just need to know if I receive a string encrypted with a
> > unix library with RSA,
>
> Now you should know that while many people use RSA to (directly) encrypt
> data (bad), but it isn't really built for that (i.e. RSA should be used
> for key exchange). This is often easy to "fool" but can come back to
> haunt you later (e.g. maximum string length wrt to key size and
> padding);
>
> > can I decrypt it with .NET out of the box
>
> Mono, just like .NET, supports most of current (and older) standards so
> you should be able to do just about anything (standard-wise). So yes it
> should work out-of-the-box if done correctly.
>
> > or do I need to write a compatibility layer, and if a layer is needed
> > then what is involved, etc.
>
> The most likely issue is the big integer endianess. Other issue can show
> up if you don't have a crypto library supporting the same standards (or
> don't use the right API, when multiple level are offered).
>
> > I'm hoping someone developing Mono's System.Security.Cryptography
> > namespace can help me here...
>
> I hope it helped a bit :)
> --
> Sebastien Pouliot <sebastien at ximian.com>
> Blog: http://pages.infinit.net/ctech/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20060509/818c2f2d/attachment.html
More information about the Mono-devel-list
mailing list