RSA Encryption

If you aren’t opposed to using the built in crypto libraries that are part of
..NET, I’d suggest looking at
http://ryanscook.com/adminsBlog/2005...ion-class.html

Brendan
"no game" wrote:

Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.

Any sample code would be appreciated.

Thanks

no game <xi********@hotmail.com> wrote:

Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.

Any sample code would be appreciated.

I don't see why not - why would more than 117 bytes be a problem?

See RSACryptoServiceProvider for some sample code. (I haven't checked
how good it is.)

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

I think the problem with that solution is that the client and us only
exchange certificate (public key) created by RSA 1024 algorithm, and
the data could be hundreds of bytes. We don't share our algorithm, try
to do everything in standard encryption which the client ask us to do,
we can not tell them there will be a IV and Key to be extracted first
and then do a symmetric decryption.

I know in java, we just need to share our own public key then we can
encrypt and decrypt data.

In C# I have another problem of create a certificate and I can get the
private key into RSAParameter class.

Thanks

Brendan Grant wrote:

If you aren't opposed to using the built in crypto libraries that are part of
.NET, I'd suggest looking at
http://ryanscook.com/adminsBlog/2005...ion-class.html

Brendan
"no game" wrote:

Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.

Any sample code would be appreciated.

Thanks

The return byte array of encrypt method is 128 bytes, and there are
also padding, so the longest data is only 117 bytes.

Jon wrote:

no game <xi********@hotmail.com> wrote:

Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.

Any sample code would be appreciated.

I don't see why not - why would more than 117 bytes be a problem?

See RSACryptoServiceProvider for some sample code. (I haven't checked
how good it is.)

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

The 117 byte limit is related to the size of the Asymetric key size. You
can only encrypt in block of something < key size depending on what padding
is being used. However, most use a faster symmetric algo like AES
(Rijindael) then encrypt the key and IV with an RSA symmetric key.
--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...

Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.

Any sample code would be appreciated.

Thanks

Before we go any farther here, please outline the steps again. What is the
config. Who is the client, who is the server, or is it peer-to-peer?. Is
A always pulling data from B or both ways? Little more background will
help. Also, as you may know, you don't need certs to use RSA key pairs.

--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11*********************@g43g2000cwa.googlegro ups.com...

I think the problem with that solution is that the client and us only
exchange certificate (public key) created by RSA 1024 algorithm, and
the data could be hundreds of bytes. We don't share our algorithm, try
to do everything in standard encryption which the client ask us to do,
we can not tell them there will be a IV and Key to be extracted first
and then do a symmetric decryption.

I know in java, we just need to share our own public key then we can
encrypt and decrypt data.

In C# I have another problem of create a certificate and I can get the
private key into RSAParameter class.

Thanks

Brendan Grant wrote:

If you aren't opposed to using the built in crypto libraries that are
part of
.NET, I'd suggest looking at
http://ryanscook.com/adminsBlog/2005...ion-class.html

Brendan
"no game" wrote:

> Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
> Crypto API libraries) using RSA 1024 bit.
>
> Any sample code would be appreciated.
>
> Thanks
>
>

The client will send us data encrypted using our public key, which use
RSA 1024bit algorithm, we use our own private key to decrypt the
message, the data send to us will be over 200 bytes, and we also need
to send reply data use their private key too, the data could be 300 or
more bytes. The configuration doesn't include any IV keys and symmetric
algorithm.

Thanks

no game <xi********@hotmail.com> wrote:

The return byte array of encrypt method is 128 bytes, and there are
also padding, so the longest data is only 117 bytes.

Don't use the Encrypt method - use a CryptoStream.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Normally how this works is:
1) Client has your public key only.
2) You have Client's public key only.
3) Client encrypts data with public key and sends (optionally signs hash of
encrypted data using clients private key)
4) You verify signature using clients' public key.
5) You decrypt data using your private key.
6) You encrypt reply using client's public key (optionally sign hash of
encrypted data using your private key)

However asymmetric keys are normally only used to encrypt small amounts of
data like symmetric keys and sign and verify signatures. That is because
asymmetric encryption is many times slower then symmetric encryptions like
AES/Rijndale. So create a new random symmetric key for each request/reply
and encrypt it as above using the RSA keys. Then encrypt the data/payload
with AES and send both the encrypted data and the encrypted key to the other
party. The other party decrypts the symmetric key using its' private RSA
key and decrypts the payload using the session key. The reply can use the
same session key for the encrypted AES reply or start a new.

--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com...

The client will send us data encrypted using our public key, which use
RSA 1024bit algorithm, we use our own private key to decrypt the
message, the data send to us will be over 200 bytes, and we also need
to send reply data use their private key too, the data could be 300 or
more bytes. The configuration doesn't include any IV keys and symmetric
algorithm.

Thanks

For RSA 1024 bit encryption,

Is it mean the output number of byte is always 128 bytes, and you can
not encrypt more than 128 bytes of data.

Thanks

William Stacey [MVP] wrote:

The 117 byte limit is related to the size of the Asymetric key size. You
can only encrypt in block of something < key size depending on what padding
is being used. However, most use a faster symmetric algo like AES
(Rijindael) then encrypt the key and IV with an RSA symmetric key.
--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...

Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.

Any sample code would be appreciated.

Thanks

That is what I was saying. You can't actually encrypt 128 because of the
padding. Maybe you can if no padding is used, but not sure. It is key size
related, so a larger key can encrypt more bytes. But normally you will want
a symmetric encryption for large amounts of data.

--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11*********************@g14g2000cwa.googlegro ups.com...

For RSA 1024 bit encryption,

Is it mean the output number of byte is always 128 bytes, and you can
not encrypt more than 128 bytes of data.

Thanks

William Stacey [MVP] wrote:

The 117 byte limit is related to the size of the Asymetric key size. You
can only encrypt in block of something < key size depending on what
padding
is being used. However, most use a faster symmetric algo like AES
(Rijindael) then encrypt the key and IV with an RSA symmetric key.
--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...

> Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
> Crypto API libraries) using RSA 1024 bit.
>
> Any sample code would be appreciated.
>
> Thanks
>

Just to confirm, this 128 byte limit is not the limit of C# or .net,
this is a limit set by the RSA 1024 bit algorithm. Am I making the
right statement here?
Thanks

William Stacey [MVP] wrote:

That is what I was saying. You can't actually encrypt 128 because of the
padding. Maybe you can if no padding is used, but not sure. It is key size
related, so a larger key can encrypt more bytes. But normally you will want
a symmetric encryption for large amounts of data.

--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11*********************@g14g2000cwa.googlegro ups.com...

For RSA 1024 bit encryption,

Is it mean the output number of byte is always 128 bytes, and you can
not encrypt more than 128 bytes of data.

Thanks

William Stacey [MVP] wrote:

The 117 byte limit is related to the size of the Asymetric key size. You
can only encrypt in block of something < key size depending on what
padding
is being used. However, most use a faster symmetric algo like AES
(Rijindael) then encrypt the key and IV with an RSA symmetric key.
--
William Stacey [MVP]

"no game" <xi********@hotmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
> Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
> Crypto API libraries) using RSA 1024 bit.
>
> Any sample code would be appreciated.
>
> Thanks
>

Do you know is there any official document out there that talking about
RSA 1024 means output data is 128 bytes, and RSA 2048 means output data
is 256 bytes etc.

Thanks