Re: Encrypting symmetric keys

From: Michel Gallant (neutron_at_istar.ca)
Date: 09/16/03


Date: Tue, 16 Sep 2003 10:00:44 -0400


Is RSAPKCS1KeyExchangeFormatter only meant to be used on valid
key lengths? i.e. is the CreateKeyExchange() method only valid for
validated key lengths? (and not IV data?)
   TripleDES key length = 24 bytes
   TripleDES IV length = 8 bytes

I generated a 3DES key, and want to encrypt both the Key and IV values.
No problem encrypting either oTripleDES.Key or oTripleDes.Value using:

   RSACryptoServiceProvider oRSA = new RSACryptoServiceProvider();
   oRSA.ImportParameters(RSAKeyInfo);
   RSAPKCS1KeyExchangeFormatter kex = new RSAPKCS1KeyExchangeFormatter(oRSA) ;
   protectedkey = kex.CreateKeyExchange(keydata);

but when I try to decrypt (after getting RSA csp with private key for same public key of course)
using

  RSAPKCS1KeyExchangeDeformatter kex = new RSAPKCS1KeyExchangeDeformatter(oRSA) ;
  clearkey = kex.DecryptKeyExchange(encdata);

i recover the Key value properly, but get bad data error in trying to decrypt the IV.

Any ideas?
THanks,
 - Mitch

"Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
news:OZ2haHOeDHA.3592@tk2msftngp13.phx.gbl...
> "Michel Gallant" <neutron@istar.ca> wrote in message
> > Apart from the fact that the second class is specialized to RSA asymmetric
> keys, what
> > is the difference in intended usage?
>
> The RSACryptoServiceProvider class should not be used directly -- you should
> use the RSAPKCS1KeyExchangeFormatter, RSAOAEPKeyExchangeFormatter and
> RSAPKCS1SignatureFormatter for encrypting and signing your data.
>
> When designing the .NET class library, Microsoft opted for implementing
> generic EncryptValue and DecryptValue methods in the descendants of the RSA
> class that are not supposed to do any padding. Unfortunately, Microsofts
> CryptoAPI does not support unpadded encryption, so they decided to not
> implement EncryptValue and DecryptValue in the RSACryptoServiceProvider
> [they simply throw NotSupportedExceptions] and implement Encrypt and Decrypt
> instead [Encrypt returns padded data].
> In the RSAPKCS1KeyExchangeFormatter they did something like this:
>
> public byte[] CreateKeyExchange(byte[] data) {
> RSACryptoServiceProvider rsacsp = key as RSACryptoServiceProvider;
> if (rsacsp == null) {
> ret = key.EncryptValue(...);
> do padding...
> } else {
> ret = rsacsp.Encrypt(data, false);
> // bytes are already padded
> }
> }
>
> This means that if you use the RSAPKCS1KeyExchangeFormatter you don't have
> to worry about whether the RSA instance you're using is actually an
> RSACryptoServiceProvider or another implementation [such as mono's
> RSAManaged class].
>
> > For the same private key bytes, the two approaches produce different (but
> identical size)
> > encrypted data.
>
> I think that's a property of RSA. If I encrypt the same bytes with the same
> public key, it always outputs different encrypted bytes.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>



Relevant Pages

  • Re: Decrypt RSA using D
    ... We are planning on using RSA with WSE, so it only uses RSA to encrypt the symmetric key used for the SOAP body--the same scenario you outlined below. ... owner of the private key can decrypt it. ... always embedded inside the CSP key container and never passed out into the ...
    (microsoft.public.dotnet.framework)
  • Re: rsa encryption with stonybrook modula
    ... > can't wait to get a solution - thank you for the insides and your ... RSA cannot know what the destination ... Encrypt that. ... When you decrypt take the last byte and if the buffer bytes are not the ...
    (comp.lang.modula2)
  • Re: Converting SSH2-RSA key to RSA numbers
    ... What I have in hand is a basic RSA ... the world can decrypt your messages. ... to encrypt and only you decrypt. ... >the key in an OpenSSH SSH2 RSA private key file into the aforementioned ...
    (comp.security.ssh)
  • Re: Encrypting symmetric keys
    ... The RSACryptoServiceProvider class should not be used directly -- you should ... generic EncryptValue and DecryptValue methods in the descendants of the RSA ... instead [Encrypt returns padded data]. ... In the RSAPKCS1KeyExchangeFormatter they did something like this: ...
    (microsoft.public.dotnet.security)
  • Re: RSA - Public vs. Private Keys
    ... machine, and have it decrypted on another machine (say, the target ... My idea was to take a message, encrypt it using RSA, and dumping the ... Public Key and Decrypt with a Private key. ...
    (microsoft.public.dotnet.security)