Re: Encrypting symmetric keys

From: Michel Gallant (neutron_at_istar.ca)
Date: 09/16/03


Date: Tue, 16 Sep 2003 10:00:44 -0400


Is RSAPKCS1KeyExchangeFormatter only meant to be used on valid
key lengths? i.e. is the CreateKeyExchange() method only valid for
validated key lengths? (and not IV data?)
   TripleDES key length = 24 bytes
   TripleDES IV length = 8 bytes

I generated a 3DES key, and want to encrypt both the Key and IV values.
No problem encrypting either oTripleDES.Key or oTripleDes.Value using:

   RSACryptoServiceProvider oRSA = new RSACryptoServiceProvider();
   oRSA.ImportParameters(RSAKeyInfo);
   RSAPKCS1KeyExchangeFormatter kex = new RSAPKCS1KeyExchangeFormatter(oRSA) ;
   protectedkey = kex.CreateKeyExchange(keydata);

but when I try to decrypt (after getting RSA csp with private key for same public key of course)
using

  RSAPKCS1KeyExchangeDeformatter kex = new RSAPKCS1KeyExchangeDeformatter(oRSA) ;
  clearkey = kex.DecryptKeyExchange(encdata);

i recover the Key value properly, but get bad data error in trying to decrypt the IV.

Any ideas?
THanks,
 - Mitch

"Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
news:OZ2haHOeDHA.3592@tk2msftngp13.phx.gbl...
> "Michel Gallant" <neutron@istar.ca> wrote in message
> > Apart from the fact that the second class is specialized to RSA asymmetric
> keys, what
> > is the difference in intended usage?
>
> The RSACryptoServiceProvider class should not be used directly -- you should
> use the RSAPKCS1KeyExchangeFormatter, RSAOAEPKeyExchangeFormatter and
> RSAPKCS1SignatureFormatter for encrypting and signing your data.
>
> When designing the .NET class library, Microsoft opted for implementing
> generic EncryptValue and DecryptValue methods in the descendants of the RSA
> class that are not supposed to do any padding. Unfortunately, Microsofts
> CryptoAPI does not support unpadded encryption, so they decided to not
> implement EncryptValue and DecryptValue in the RSACryptoServiceProvider
> [they simply throw NotSupportedExceptions] and implement Encrypt and Decrypt
> instead [Encrypt returns padded data].
> In the RSAPKCS1KeyExchangeFormatter they did something like this:
>
> public byte[] CreateKeyExchange(byte[] data) {
> RSACryptoServiceProvider rsacsp = key as RSACryptoServiceProvider;
> if (rsacsp == null) {
> ret = key.EncryptValue(...);
> do padding...
> } else {
> ret = rsacsp.Encrypt(data, false);
> // bytes are already padded
> }
> }
>
> This means that if you use the RSAPKCS1KeyExchangeFormatter you don't have
> to worry about whether the RSA instance you're using is actually an
> RSACryptoServiceProvider or another implementation [such as mono's
> RSAManaged class].
>
> > For the same private key bytes, the two approaches produce different (but
> identical size)
> > encrypted data.
>
> I think that's a property of RSA. If I encrypt the same bytes with the same
> public key, it always outputs different encrypted bytes.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>