tags:

views:

601

answers:

2

I have been tasked with implementing a PKI library in C# for a company project, and have been unable to find a good implementation of it. There appear to be multiple libraries, and many broken links pointing to MSDN libraries that have been removed. I've seen people using Crypt32.dll, people building their own libraries, people using P/Invoke to access system certificate stores, people extending the built-in libraries, examples that simply don't apply to C# (e.g. Java examples), and commercial libraries.

My question is, which implementation/library is most recommended for simple encryption/decryption of data?

As some background for what I plan to do with it, I simply need to encrypt messages using a private key (.pfx), and decrypt with public keys (.cer). Message signing and authentication isn't required at this level of the project, although it may be in future. I have seen reference to encryption lengths which make me uneasy. We need to be able to encrypt any length message (within reason, of course!). Is this something I need to worry about, and if so, is there a way to deal with it?

I would prefer not to store public/private keys in the windows certificate manager if at all possible, but if it makes implementation significantly simpler, so be it.

I realize PKI and encryption is a large and complex subject, but I'm hoping for a relatively simple library anyway... (one can hope, right?)

Thanks!

+7  A: 

Well, you did not mention that the built-in class doesn't cover your need, so how about System.Security.Cryptography.RSACryptoServiceProvider?

It has a large set qualified ways to asymmetrically encrypt/decrypt streams.

There are several tutorial/guides to take you along the way:

http://www.codeproject.com/KB/security/RSACryptoPad.aspx

http://www.eggheadcafe.com/articles/20020630.asp

There are countless more to be found through Google.

Update: About the length-restrictments, it's should not be any problems if you just implement the same buffer-algorithm on both sides, encryption and decryption.

Update2: Yes, my example was RSACryptoProvider, but you can use any class that derives from System.Security.Cryptography.AsymmetricAlgorithm, if you want a public/private key-solution. Or build your own... or maybe not :)

Seb Nilsson
In fact, the whole of the System.Security.Cryptography namespace applies. It should contain all the primitives required for most cryptosystems.
Nick Johnson
Could you clarify on the buffer algorithm?Additonally, I'm wondering if this is standard with RSA decryption/encryption.. Some of this encryption will be sent to clients, and I can't guarantee they will be using the same buffer algorithm I decide to go with. Is this likely to be a problem, or not?
Gabriel
A: 

Yes, what's wrong with built-in classes?

And if you don't want to use Windows certificate store you can use something like this

RSACryptoServiceProvider rscp = new RSACryptoServiceProvider();
rscp.FromXmlString("<RSAKeyValue><Modulus>key data gere</Modulus><Exponent></Exponent></RSAKeyValue>");

Not sure that this is a good idea for private keys, though.

There's a good tutorial on the subject here

Alan Mendelevich