Re: Encrypting symmetric keys

From: Michel Gallant (
Date: 09/16/03

Date: Tue, 16 Sep 2003 10:00:44 -0400

Is RSAPKCS1KeyExchangeFormatter only meant to be used on valid
key lengths? i.e. is the CreateKeyExchange() method only valid for
validated key lengths? (and not IV data?)
   TripleDES key length = 24 bytes
   TripleDES IV length = 8 bytes

I generated a 3DES key, and want to encrypt both the Key and IV values.
No problem encrypting either oTripleDES.Key or oTripleDes.Value using:

   RSACryptoServiceProvider oRSA = new RSACryptoServiceProvider();
   RSAPKCS1KeyExchangeFormatter kex = new RSAPKCS1KeyExchangeFormatter(oRSA) ;
   protectedkey = kex.CreateKeyExchange(keydata);

but when I try to decrypt (after getting RSA csp with private key for same public key of course)

  RSAPKCS1KeyExchangeDeformatter kex = new RSAPKCS1KeyExchangeDeformatter(oRSA) ;
  clearkey = kex.DecryptKeyExchange(encdata);

i recover the Key value properly, but get bad data error in trying to decrypt the IV.

Any ideas?
 - Mitch

"Pieter Philippaerts" <> wrote in message
> "Michel Gallant" <> wrote in message
> > Apart from the fact that the second class is specialized to RSA asymmetric
> keys, what
> > is the difference in intended usage?
> The RSACryptoServiceProvider class should not be used directly -- you should
> use the RSAPKCS1KeyExchangeFormatter, RSAOAEPKeyExchangeFormatter and
> RSAPKCS1SignatureFormatter for encrypting and signing your data.
> When designing the .NET class library, Microsoft opted for implementing
> generic EncryptValue and DecryptValue methods in the descendants of the RSA
> class that are not supposed to do any padding. Unfortunately, Microsofts
> CryptoAPI does not support unpadded encryption, so they decided to not
> implement EncryptValue and DecryptValue in the RSACryptoServiceProvider
> [they simply throw NotSupportedExceptions] and implement Encrypt and Decrypt
> instead [Encrypt returns padded data].
> In the RSAPKCS1KeyExchangeFormatter they did something like this:
> public byte[] CreateKeyExchange(byte[] data) {
> RSACryptoServiceProvider rsacsp = key as RSACryptoServiceProvider;
> if (rsacsp == null) {
> ret = key.EncryptValue(...);
> do padding...
> } else {
> ret = rsacsp.Encrypt(data, false);
> // bytes are already padded
> }
> }
> This means that if you use the RSAPKCS1KeyExchangeFormatter you don't have
> to worry about whether the RSA instance you're using is actually an
> RSACryptoServiceProvider or another implementation [such as mono's
> RSAManaged class].
> > For the same private key bytes, the two approaches produce different (but
> identical size)
> > encrypted data.
> I think that's a property of RSA. If I encrypt the same bytes with the same
> public key, it always outputs different encrypted bytes.
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: