tags:

views:

601

answers:

2
+2  Q: 

Encryption libraries?

I have been tasked with implementing a PKI library in C# for a company project, and have been unable to find a good implementation of it. There appear to be multiple libraries, and many broken links pointing to MSDN libraries that have been removed. I've seen people using Crypt32.dll, people building their own libraries, people using P/Invoke to access system certificate stores, people extending the built-in libraries, examples that simply don't apply to C# (e.g. Java examples), and commercial libraries.

My question is, which implementation/library is most recommended for simple encryption/decryption of data?

As some background for what I plan to do with it, I simply need to encrypt messages using a private key (.pfx), and decrypt with public keys (.cer). Message signing and authentication isn't required at this level of the project, although it may be in future. I have seen reference to encryption lengths which make me uneasy. We need to be able to encrypt any length message (within reason, of course!). Is this something I need to worry about, and if so, is there a way to deal with it?

I would prefer not to store public/private keys in the windows certificate manager if at all possible, but if it makes implementation significantly simpler, so be it.

I realize PKI and encryption is a large and complex subject, but I'm hoping for a relatively simple library anyway... (one can hope, right?)

Thanks!

+7  A: 

Well, you did not mention that the built-in class doesn't cover your need, so how about System.Security.Cryptography.RSACryptoServiceProvider?

It has a large set qualified ways to asymmetrically encrypt/decrypt streams.

There are several tutorial/guides to take you along the way:

http://www.codeproject.com/KB/security/RSACryptoPad.aspx

http://www.eggheadcafe.com/articles/20020630.asp

There are countless more to be found through Google.

Update: About the length-restrictments, it's should not be any problems if you just implement the same buffer-algorithm on both sides, encryption and decryption.

Update2: Yes, my example was RSACryptoProvider, but you can use any class that derives from System.Security.Cryptography.AsymmetricAlgorithm, if you want a public/private key-solution. Or build your own... or maybe not :)

Seb Nilsson  2008-09-23 10:01:11
In fact, the whole of the System.Security.Cryptography namespace applies. It should contain all the primitives required for most cryptosystems.
Nick Johnson  2008-09-23 10:35:17
Could you clarify on the buffer algorithm?Additonally, I'm wondering if this is standard with RSA decryption/encryption.. Some of this encryption will be sent to clients, and I can't guarantee they will be using the same buffer algorithm I decide to go with. Is this likely to be a problem, or not?
Gabriel  2008-09-23 13:29:58
A: 

Yes, what's wrong with built-in classes?

And if you don't want to use Windows certificate store you can use something like this

RSACryptoServiceProvider rscp = new RSACryptoServiceProvider();
rscp.FromXmlString("<RSAKeyValue><Modulus>key data gere</Modulus><Exponent></Exponent></RSAKeyValue>");

Not sure that this is a good idea for private keys, though.

There's a good tutorial on the subject here

Alan Mendelevich  2008-09-23 10:27:34

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?