views:

1212

answers:

4

I am working on a solution that needs to decrypt PKCS#7 encrypted data, preferably in C#. As far as I can see, the .NET api has support for this through the System.Security.Cryptography.Pkcs namespace. However it seems that the implementation can only work on byte arrays. So what do I do when I have a large encrypted file that does not fit into the memory?

Am I missing something here, or is there another way to do this on a Stream level instead of using bytearrays?

+1  A: 

I found an example of how to decrypt PKCS#7 in C#. It may be enough to get you started.

Lucas McCoy
The only problem is that your example seems to operate on the file, rather than decrypting a stream.
James Black
Also, Chilkat is commercial but BouncyCastle is open source and free.
Johnny Egeland
A: 

Do you have the option to change to using the BouncyCastle API, from http://www.bouncycastle.org/csharp/, as it uses streams for decryption.

But, I don't believe it can use PKCS#7 encrypted data, so you would need to use BouncyCastle for the encryption side also.

Here is an example of using this API: http://elian.co.uk/post/2009/07/29/Bouncy-Castle-CSharp.aspx

If you want to use the .NET stuff this may be useful: http://www.geekpedia.com/tutorial227_Encrypting-and-Decrypting-Files-with-Csharp.html

James Black
Bouncy Castle for C# can indeed both encrypt and decrypt using the PKCS#7 scheme. However they call it CMS (Cryptographic Messaging Syntax), which is what PKCS#7 defines. So using Bouncy Castle to solve this problem worked perfectly.
Johnny Egeland
@Johnny Egeland - Thank you, I didn't realize that PKCS#7 == CMS
James Black
+2  A: 

The .NET framework has only rudimentary support for PKCS#7/CMS, so it does not support streaming the data.

You need a 3rd party library. As others have mentioned, BouncyCastle is an excellent choice. It does support PKCS#7 (PKCS#7 is also known as CMS).

Their tests are probably a good place to look for sample code: EnvelopedDataStreamTest.cs.

Rasmus Faber
Ah, i didn't know about the c# version. Have used it in Java some years ago, and I know it supported PKCS#7 in that version. Strange I did not find this when Googling. However, thanks for pointing it out :-)
Johnny Egeland
A: 

.Net Framework from 2.0 provided pkcs namespace that helps us to do sign/encrypt/decrypt in pkcs#7 standard. Please refer here for the overview http://msdn.microsoft.com/en-us/library/bb885086.aspx and here for a good example http:**msdn.microsoft.com/en-us/library/bb924565.aspx.

Ngoc N. Truong