473,703 Members | 2,690 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

X509 Certificates and Riijndael encryption

Hi
I would like to encrypt data using AES (Rijndael) algorithm, providing
as the key the key from a given certificate. Just for testing I'm using
the public key..

Shouldn't I use the private key instead of the public one?

Is there a way to get it or to use such algorithm with a specified
private key from a certificate (which may eventually be on a regular file)?

--
About the public key I did the following to get an appropriate key length:

private byte[] getKey() {
X509Certificate cer =
X509Certificate .CreateFromCert File(@"c:\tmp\c ertificates\mat tia.cer");
byte[] certKey = cer.GetPublicKe y();
byte[] theKey = new byte[keySize / 8];
for (int i = 0; i < (keySize / 8) && i < certKey.Length; i++) {
theKey[i] = certKey[i];
}

return theKey;
}

BTW I think it's not the right way to solve the problem, I can't simply
truncate the key to the needed length.
Nov 16 '05 #1
6 9212
I managed to use the following code:

Microsoft.Web.S ervices.Securit y.X509.X509Cert ificateStore st =
Microsoft.Web.S ervices.Securit y.X509.X509Cert ificateStore.Cu rrentUserStore( Microsoft.Web.S ervices.Securit y.X509.X509Cert ificateStore.My Store);

st.OpenRead();

MessageBox.Show (st.Certificate s.Count.ToStrin g());

if (st.Certificate s.Count > 0) {
Microsoft.Web.S ervices.Securit y.X509.X509Cert ificate c1 =
st.Certificates[0];
MessageBox.Show (c1.GetIssuerNa me());
MessageBox.Show ("" + c1.Key.KeySize) ;
}

The KeySize is 1024, how to use it in conjunction with AES? Is that
object the real private key?

Mattia Saccotelli wrote:
Hi
I would like to encrypt data using AES (Rijndael) algorithm, providing
as the key the key from a given certificate. Just for testing I'm using
the public key..

Shouldn't I use the private key instead of the public one?

Is there a way to get it or to use such algorithm with a specified
private key from a certificate (which may eventually be on a regular file)?

Nov 16 '05 #2
I managed to use the following code:

Microsoft.Web.S ervices.Securit y.X509.X509Cert ificateStore st =
Microsoft.Web.S ervices.Securit y.X509.X509Cert ificateStore.Cu rrentUserStore( Microsoft.Web.S ervices.Securit y.X509.X509Cert ificateStore.My Store);

st.OpenRead();

MessageBox.Show (st.Certificate s.Count.ToStrin g());

if (st.Certificate s.Count > 0) {
Microsoft.Web.S ervices.Securit y.X509.X509Cert ificate c1 =
st.Certificates[0];
MessageBox.Show (c1.GetIssuerNa me());
MessageBox.Show ("" + c1.Key.KeySize) ;
}

The KeySize is 1024, how to use it in conjunction with AES? Is that
object the real private key?

Mattia Saccotelli wrote:
Hi
I would like to encrypt data using AES (Rijndael) algorithm, providing
as the key the key from a given certificate. Just for testing I'm using
the public key..

Shouldn't I use the private key instead of the public one?

Is there a way to get it or to use such algorithm with a specified
private key from a certificate (which may eventually be on a regular file)?

Nov 16 '05 #3
Mattia,

I don't think that what you are doing to get a key of the appropriate
length is the right way. You are just copying bytes, and that can lead to
using duplicate keys (given the right keys). If anything, set the key
length of the Rijnadel algorithm to the max (256 bits), and then perform a
hash on the public key that for that number of bits.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"Mattia Saccotelli" <"m.saccotell i [AT] gruppostratos [DOT] com"> wrote in
message news:eZ******** ******@TK2MSFTN GP09.phx.gbl...
Hi
I would like to encrypt data using AES (Rijndael) algorithm, providing as
the key the key from a given certificate. Just for testing I'm using the
public key..

Shouldn't I use the private key instead of the public one?

Is there a way to get it or to use such algorithm with a specified private
key from a certificate (which may eventually be on a regular file)?

--
About the public key I did the following to get an appropriate key length:

private byte[] getKey() {
X509Certificate cer =
X509Certificate .CreateFromCert File(@"c:\tmp\c ertificates\mat tia.cer");
byte[] certKey = cer.GetPublicKe y();
byte[] theKey = new byte[keySize / 8];
for (int i = 0; i < (keySize / 8) && i < certKey.Length; i++) {
theKey[i] = certKey[i];
}

return theKey;
}

BTW I think it's not the right way to solve the problem, I can't simply
truncate the key to the needed length.

Nov 16 '05 #4
Like SHA-256 ?

Thank you for the response

Nicholas Paldino [.NET/C# MVP] wrote:
Mattia,

I don't think that what you are doing to get a key of the appropriate
length is the right way. You are just copying bytes, and that can lead to
using duplicate keys (given the right keys). If anything, set the key
length of the Rijnadel algorithm to the max (256 bits), and then perform a
hash on the public key that for that number of bits.

Hope this helps.

Nov 16 '05 #5
Mattia,

Something like that. There are a number of hash algorithms that you can
use. Look for any class that derives from the HashAlgorithm class in the
System.Security .Cryptography namespace.
Also, you might want to consider RC2 for your encyrption algorithm, as
it allows a key size of 1024 bits. It might be enough to handle the size of
your public key from your X.509 certificate.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"Mattia Saccotelli" <"m.saccotell i [AT] gruppostratos [DOT] com"> wrote in
message news:ug******** ******@TK2MSFTN GP14.phx.gbl...
Like SHA-256 ?

Thank you for the response

Nicholas Paldino [.NET/C# MVP] wrote:
Mattia,

I don't think that what you are doing to get a key of the appropriate
length is the right way. You are just copying bytes, and that can lead
to using duplicate keys (given the right keys). If anything, set the key
length of the Rijnadel algorithm to the max (256 bits), and then perform
a hash on the public key that for that number of bits.

Hope this helps.


Nov 16 '05 #6
I modified the code:

private byte[] getKey() {
X509Certificate cer =
X509Certificate .CreateFromCert File(@"c:\tmp\c ertificates\mat tia.cer");

byte[] certKey = cer.GetPublicKe y();

PasswordDeriveB ytes p = new PasswordDeriveB ytes(
cer.GetPublicKe yString(),
Encoding.ASCII. GetBytes(cer.Ge tCertHashString ()),
"SHA256",
2);

return p.GetBytes(keyS ize / 8);
}

does it make sense? (it works fine btw)

I would use AES because it's supposed to be a standard.

Thanks

----------------------------------

Here there are the encrypt / decrypt functions (if somebody is interested):

private byte[] Encrypt(string plainText) {
MemoryStream mStream = new MemoryStream();
SymmetricAlgori thm sAlg = SymmetricAlgori thm.Create("Rij ndael");
sAlg.BlockSize = blockSize;
sAlg.KeySize = keySize;
sAlg.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTran = sAlg.CreateEncr yptor(this.getK ey(),
this.getIVector ());
CryptoStream cStream = new CryptoStream(mS tream, cTran,
CryptoStreamMod e.Write);
StreamWriter sWriter = new StreamWriter(cS tream);
sWriter.Write(p lainText);
sWriter.Flush() ;
cStream.FlushFi nalBlock();

byte[] bEncoded = new byte[mStream.Length];
mStream.Positio n = 0;
mStream.Read(bE ncoded, 0, (int)mStream.Le ngth);

return bEncoded;
}

private string Decrypt(byte[] cipherText) {
MemoryStream mStream = new MemoryStream();
mStream.Write(c ipherText, 0, cipherText.Leng th);
mStream.Positio n = 0;

SymmetricAlgori thm sAlg = SymmetricAlgori thm.Create("Rij ndael");
sAlg.BlockSize = blockSize;
sAlg.KeySize = keySize;
sAlg.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTran = sAlg.CreateDecr yptor(this.getK ey(),
this.getIVector ());
CryptoStream cStream = new CryptoStream(mS tream, cTran,
CryptoStreamMod e.Read);
StreamReader sReader = new StreamReader(cS tream);
string s = sReader.ReadToE nd();
cStream.Close() ;
sReader.Close() ;

return s;
}

// just for testing
private void button1_Click(o bject sender, System.EventArg s e) {
txtData.Text = Convert.ToBase6 4String(this.En crypt(txtData.T ext));
}

private void button2_Click(o bject sender, System.EventArg s e) {
txtData.Text = this.Decrypt(Co nvert.FromBase6 4String(txtData .Text));
}

Nicholas Paldino [.NET/C# MVP] wrote:
Mattia,

Something like that. There are a number of hash algorithms that you can
use. Look for any class that derives from the HashAlgorithm class in the
System.Security .Cryptography namespace.
Also, you might want to consider RC2 for your encyrption algorithm, as
it allows a key size of 1024 bits. It might be enough to handle the size of
your public key from your X.509 certificate.

Nov 16 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
3575
by: Sergiu | last post by:
Hi PHP folks, Does anybody know a way to read the extension fields from a x509 certificate? Maybe there is a better PHP module than openssl. Until a better sollution came up, I did some changes to the openssl PHP module, I added the following lines, but here is still more to work (I hope some developer from PHP hear me and give me a help):
1
12969
by: Gustavo Quinteros | last post by:
I'm trying to sign a XML with a X509 Certificate (Like an email), and store it in a database. I want to include the certificate in the XML in order to display the certificate properties (like click in the red insignia in a signed email message) for this purpose I'm using Visual Basic .Net 2003 with WSE 2.0 preview edition I succefully signed the XML with a certificate installed in my repository
0
1590
by: Carlos Guzmán Álvarez | last post by:
Hello: I want to know if there are any class on the .NET Framework for allow validation of X509 certificates. Thanks in advance.
1
3095
by: KlassifiedBBS | last post by:
Does anyone know if there is any sample code to create a x509 certificate out there - I'll buy a book if it has the code in it. I have spent a couple of days digging around in the System.Security.Cryptography namespace, and the RSACryptoServiceProvider class. I can create key pairs, sign, and do most of the crypto things I need to do. However nowhere is there code to save the created keypairs to a x509 certificate file.
1
1848
by: rds | last post by:
We are developing a smart client application which consumes web services. The web services are being secured with X509 certificates. During the development/testing phase we have been using the X509 certificates which ship with the WSE 2 install. I am interested in knowing from where one purchases these Client/Servier certificates for commercial use, and pricing options for the same. Our initial research into CA vendors e.g. Verisign,...
0
1098
by: WhyOhWhy | last post by:
Hi There, I need to be able to pull a certificate out of an Active Directory Certificate store, rather than a local file-based store (such as Local Machine or Current User), With .NET 2.0 and WSE 3.0. I am using the System.Security.Cryptography.X509Certificates namespace, but the only enumerated values for StoreLocation are CurrentUser and LocalMachine.
2
9183
by: David G | last post by:
My company has a Webservice that is currently running in production. It is secured using SSL and clients are authenticated using X509 certificates. I am able to consume the Webservice methods in a Framework 2.0 c# Forms based application where I instantiate the X509 Certificate by pointing to the certificate file and passing the password: //==================== X509Certificate cert = new X509Certificate(this.tbCertFilePath.Text,...
0
1117
by: Chaz Ginger | last post by:
I have been looking for a server application as an example of how to use TLSLite or PyOpenSSL X509 certificates for authentication. Does any one have a pointer or two? Peace, Chaz
0
8750
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9244
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9111
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9004
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
1
6585
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5922
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4679
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3114
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2058
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.