views:

1615

answers:

4

I want to use RSA public key encryption, and I'm wondering what is the best way to store or retrieve private and public key. Is XML a good idea here?

How to get the keys?

RSAParameters privateKey = RSA.ExportParameters(true);
RSAParameters publicKey = RSA.ExportParameters(false);

Because RSAParameters have the following members: D, DP, DQ, Exponent, InverseQ, Modulus, P, Q

Which one is the key?

A: 

The public key is identified by Modulus and Exponent. The private key is identified by the other members.

Tommy Carlier
+1  A: 

Use a existing standard format, like PEM. Your crypto library should provide functions to load and save keys from files in PEM format.

Exponent and Modulus are the Public key. D and Modulus are the Private key. The other values allow faster computation for the holder of the Private key.

caf
so public-key = exponent + modulus (concatenated together?)
ala
Exponent and Modulus as two independent values, stored in whatever way makes sense. The PEM format uses ASN1 to store these values (defined in the PKCS#1 standard as the "SubjectPublicKeyInfo" format), then base64 encodes the result.
caf
+2  A: 

What I have done successfully is to store the keys as XML. There are two methods in RSACryptoServiceProvider: ToXMLString and FromXMlString . The ToXMLString will return an XML string containing either just the public key data or both the public and private key data depending on how you set it's parameter. The FromXMLString method will populate the RSACryptoServiceProvider with the appropriate key data when provided an XML string containing either just the public key data or both the public and private key data.

Joe Kuemerle
A: 

I am just wondering whether is it safe to store private keys in XML file?

Normally Private keys are stored in HSM's/smart card. This provides a good security.

Raj
you're probably right, but I need to implement private/public key using software, what do you think is the best way is?
ala
This is one of the requirements for my future project. In my current one, we used HSM. My initial readings shows that MS has secure stores to store keys. You can access keys from these secure stores. Other alternatives to MS are [Link][1] [1]: http://trac.opendnssec.org/wiki/HSM/SoftTokens
Raj