[Mono-list] Question about RSACryptoServiceProvider...

Sebastien Pouliot spouliot@videotron.ca
Sun, 07 Sep 2003 09:21:20 -0400


Gius,

> OK, so to use an existing public key to encrypt data, I should
> write something like this, isn't it?
>
> RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
>
> RSAParameters keyInfo = new RSAParameters();
> keyInfo.Modulus = publicKey;
> keyInfo.Exponent = {1, 0, 1}

Exponent may not always be 65537. You shouldn't hardcode this value inside
your application.
The two easiest ways would be to:
(a) serialize the keyInfo to/from disk - RSAParameters is [Serializable];
(b) keep the RSA keypair in XML (To/FromXml).

> rsa.ImportParameters(keyInfo);
> rsa.Encrypt(data);

> That's clear to me... but how can I use an existing private
> key do decrypt data? Which member of the RSAParameters
> structure should I modify?

You need at least parameter D to decrypt.
But it's a lot faster when DP, DQ, InverseQ, P and Q are available because
Mono/MS can then use the CRT (Chinese Remainder Theorem) algorithm.

> This is my very last question... sorry for boring you!

No problem ;-)

Sebastien Pouliot
Security Architect, Motus Technologies, http://www.motus.com/
work: spouliot@motus.com
home: spouliot@videotron.ca


-----Original Message-----
From: Giuseppe Greco [mailto:giuseppe.greco@agamura.com]
Sent: 6 septembre 2003 10:30
To: spouliot@videotron.ca
Cc: Mono
Subject: RE: [Mono-list] Question about RSACryptoServiceProvider...


On Sat, 2003-09-06 at 15:30, Sebastien Pouliot wrote:
> Gius,
>
> > If I've well understood, the following code generates the
> > public/private key pair:
> >
> > RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
>
> Right this will generate a new keypair with the default key size (normally
> 1024 bits).
>
> > Then, the following code retrieves the public key:
> >
> > RSAParamters publicKey = rsa.ExportParameters(false);
>
> Yes. This will return the public key.

OK, so to use an existing public key to encrypt data, I should
write something like this, isn't it?

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

RSAParameters keyInfo = new RSAParameters();
keyInfo.Modulus = publicKey;
keyInfo.Exponent = {1, 0, 1}

rsa.ImportParameters(keyInfo);
rsa.Encrypt(data);

That's clear to me... but how can I use an existing private
key do decrypt data? Which member of the RSAParameters
structure should I modify?

This is my very last question... sorry for boring you!

Thanks,
Gius_.

>
> > and the following code retrieves the private key:
> >
> > RSAParametes privateKey = rsa.ExportParamters(true);
>
> Not exactly. This returns the keypair - including the private key.
>
> > Well, the question is: How does the Encrypt/Decrypt
> > method know which key to use?
>
> This is automatic (by design). Encrypt uses the public key. Decrypt
requires
> the private key.
>
> > In my specific case, sometime I need to Encrypt with
> > the private key and Decrypt with the public key, and
> > sometime I need to Encrypt with the public key and
> > Decrypt with the private key...
>
> Encrypting with the private key isn't (by design) supported in the .NET
> framework (nor by Mono or me!).
> While this is technically possible you wont find much support on most
crypto
> librairies (there are very good reason for that).
> Most time (98%) people comes up with such a idea when there is a flaw in
> their (security) design and they are trying to fix it at the wrong end.
>
> If you REALLY need this (2%) then I suggest that you look at the
> RSAManaged.cs file (in /mcs/class/corlib/Mono.Security.Cryptography/) and
> implement your own "InversedRSA" class using the BigInteger classes
> (available in /mcs/class/corlib/Mono.Math/).
>
> > Could somebody explain me this point one time for ever?
> > I've give a look at the msdn documentation, but it is
> > a little bit unclear, since it doesn't explain this
> > issue.
>
> MSDN isn't the best source to learn about cryptography. The article are
(a)
> very basic or (b) API that requires solid crypto knowledge (as there are
not
> much warning about potential pitfalls).
>
> I suggest getting a good book on cryptography (like cryptography applied).
> The RSA FAQ (http://www.rsasecurity.com/rsalabs/faq/index.html) is also a
> good source of information.
>
> Good luck,
>
> Sebastien Pouliot
> Security Architect, Motus Technologies, http://www.motus.com/
> work: spouliot@motus.com
> home: spouliot@videotron.ca
>
>
> -----Original Message-----
> From: mono-list-admin@lists.ximian.com
> [mailto:mono-list-admin@lists.ximian.com]On Behalf Of Giuseppe Greco
> Sent: 6 septembre 2003 02:05
> To: Mono
> Subject: [Mono-list] Question about RSACryptoServiceProvider...
>
>
> Hi all,
>
> I'm trying to understand how RSACryptoServiceProvider works.
>
> If I've well understood, the following code generates the
> public/private key pair:
>
> RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
>
> Then, the following code retrieves the public key:
>
> RSAParamters publicKey = rsa.ExportParameters(false);
>
> and the following code retrieves the private key:
>
> RSAParametes privateKey = rsa.ExportParamters(true);
>
> Well, the question is: How does the Encrypt/Decrypt
> method know which key to use?
>
> In my specific case, sometime I need to Encrypt with
> the private key and Decrypt with the public key, and
> sometime I need to Encrypt with the public key and
> Decrypt with the private key...
>
> Could somebody explain me this point one time for ever?
> I've give a look at the msdn documentation, but it is
> a little bit unclear, since it doesn't explain this
> issue.
>
> Thanks a lot,
> Gius_.
>
> --
> ----------------------------------------
> Giuseppe Greco
>
> ::agamura::
>
> phone:  +41 (0)91 604 67 65
> mobile: +41 (0)76 390 60 32
> email:  giuseppe.greco@agamura.com
> web:    www.agamura.com
> ----------------------------------------
>
> _______________________________________________
> Mono-list maillist  -  Mono-list@lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>
> _______________________________________________
> Mono-list maillist  -  Mono-list@lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
--
----------------------------------------
Giuseppe Greco

::agamura::

phone:  +41 (0)91 604 67 65
mobile: +41 (0)76 390 60 32
email:  giuseppe.greco@agamura.com
web:    www.agamura.com
----------------------------------------