Re: Use my your own HashAlgorithm Class

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 03/23/04


Date: Tue, 23 Mar 2004 20:47:23 GMT

I see what you're trying to do. Rather than use the EncryptValue / DecryptValue methods (which RSACryptoServiceProvider doesn't support), use
the Encrypt and Decrypt methods.

For instance:

byte[] data = new byte[] { 0, 1, 2, 3, 4, 5 };
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] encrypted = rsa.Encrypt(data, false);

byte[] decrypted = rsa.Decrypt(encrypted, false);

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>Date: Tue, 23 Mar 2004 16:46:13 +0100
>From: meno abels <meno.abels@adviser.com>
>User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>Subject: Re: Use my your own HashAlgorithm Class
>References: <OvJn7Y$DEHA.3412@TK2MSFTNGP10.phx.gbl> <dZzONeHEEHA.756@cpmsftngxa06.phx.gbl>
>In-Reply-To: <dZzONeHEEHA.756@cpmsftngxa06.phx.gbl>
>Content-Type: text/plain; charset=us-ascii; format=flowed
>Content-Transfer-Encoding: 7bit
>Message-ID: <umOd23OEEHA.2640@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: p213.54.80.1.tisdip.tiscali.de 213.54.80.1
>Lines: 1         
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5506
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Hi Shawn,
>
>thanks for your answer it sounds like a hard way to reach the target. My idea to
>provide an very simple HashAlogrithm was that i want use the private key to encrypt
>a small amount of data which i can only decrypt with the publickey. Implicit this
>is done by SignHash, but I can't control the data which is encrypt by signhash it
>is every time a hash value but i want to put something different in it. With openssl
>there is no problem to encrypt any small data with the private key.
>I tried first to provide the private key to EncryptData and use the public key for
>DecryptData but this didn't worked. Is there an other possiblity to get any small data
>encrypted with the private key?
>
>Meno
>> Hi Meno,
>> 
>> 	Since you've gotten as far as the OID exception, I assume you already figured out how to setup machine.config so that the Crypto APIs 
>> recognize your algorithm.  You may have even figured out how to map new OIDs in machine.config.  However, the problem is a little deeper 
than 
>> that.  The RSACryptoServiceProvider class provides a thin wrapper around the RSA implementation provided by the crypto service provider 
>> (CSP) built into Windows.  Almost every method call you make to RSACryptoServiceProvider will translate into a call into Windows crypto API 
>> (CAPI), which results in a call into the CSP to do the actual work.
>> 	SignHash is one of those wrappers.  It doesn't actually do the work, CAPI does.  Since machine.config only affects .NET crypto, CAPI 
>> doesn't know about your new algorithm.  Assuming that you set up the OID mapping for your algorithm properly, RSACryptoServiceProvider 
gets 
>> as far as mapping your algorithm name into whichever OID you specify.  But CAPI doesn't work with OIDs directly, instead it works with algorithm 
>> identifiers.  Since CAPI will be doing the actual signing, RSACryptoServiceProvider goes ahead and asks CAPI for the algorithm identifier for 
the 
>> OID it got for your algorithm.  CAPI has no idea what this algorithm is, so it returns an error code, resulting in the exception you just mentioned.
>> 	CAPI does provide a way for you to extend its built in algorithms however.  You can call CryptRegisterOIDInfo (and CryptUnregisterOIDInfo 
>> to get rid of the mapping), to register an OID with CAPI.  Once you accomplish this, you're going to have to provide an algorithm id for this OID to 
>> map to.  Providing a new algorithm ID involves writing a custom CSP and plugging it into CAPI.
>> 	All in all there's quite a bit of work to get a custom hash algorithm to work with the CryptoServiceProvider classes.  If you're still interested in 
>> trying this all out, I'd start by looking up information on writing a custom CSP on MSDN.
>>  
>> -Shawn
>> http://blogs.msdn.com/shawnfa
>> 
>


Relevant Pages

  • Re: Use my your own HashAlgorithm Class
    ... provide an very simple HashAlogrithm was that i want use the private key to encrypt ... > doesn't know about your new algorithm. ... Assuming that you set up the OID mapping for your algorithm properly, ... But CAPI doesn't work with OIDs directly, ...
    (microsoft.public.dotnet.security)
  • RE: Use my your own HashAlgorithm Class
    ... Almost every method call you make to RSACryptoServiceProvider will translate into a call into Windows crypto API ... doesn't know about your new algorithm. ... Assuming that you set up the OID mapping for your algorithm properly, ... But CAPI doesn't work with OIDs directly, ...
    (microsoft.public.dotnet.security)
  • Re: What is exponent?
    ... For simple description of RSA algorithm ... I also have the receiver's certificate (public key only). ... Use RSA to encrypt the session key ...
    (microsoft.public.dotnet.security)
  • RE: Password encryption
    ... I'm not looking to encrypt a password. ... Because we usually don't need to use symmetric algorithm to ... we just store the hash of the ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework)
  • RSA Encryption: Saving keys as files, and size of encrypted data
    ... Could I ask for some help with RSACryptoServiceProvider class. ... files, and the other 2 apps encrypt and decrypt, using those xml strings. ... Dim RSA As RSACryptoServiceProvider = New ... Dim PubKey as string = RSA.ToXmlString ...
    (microsoft.public.dotnet.security)