1

As the title says, I want to be able to use my RSA public key to be able to encrypt customers' data and send it to a server where it will decrypt it using the private key.

As I'm not really familiar with cryptography I'm here to ask for some help.

I want to be able to encrypt/decrypt the data using these keys, like importing them and using them directly in my C# program, I found a way on the internet but it requires some others .dll which I want to avoid.

Is there a way to simply import the keys as plain text and uses them in my program?

Thanks for your help!

Edit :

That's what the pubKey variable looks like

-----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2qokdmz0Vp9HKxPkJaykFwxSAv+5dN Aa5kF1bzxff7bXK/sGcuyby+iPggX4kQdFZHFHDRd9GumEJzSuE4rgkCAwEAAQ==

-----END PUBLIC KEY-----

That's what I have to work with

burnsi
  • 2,169
  • 1
  • 10
  • 20
Ethernet3003
  • 23
  • 6
  • What do you mean by "import the keys"? Reading them from a file? Reading them from a network resource? Reading them from an environment variable? Something else? – MindSwipe May 30 '22 at 06:04
  • @MindSwipe I read them from a PHP api that generate them for me and store them in a string variable, it has to be done that way for security purpose – Ethernet3003 May 30 '22 at 06:06
  • Then from there on it's quite simple using the [`RSACryptoServiceProvider`](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=net-6.0) – MindSwipe May 30 '22 at 06:12
  • @MindSwipe all the tutorial that I've seen either uses XML format either needs other dependencies, so I'm little bit lost, can you maybe point me to the right direction ? – Ethernet3003 May 30 '22 at 06:17
  • Yes, the class I linked has an [example](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=net-6.0#examples), which is pretty easy to adapt to your needs – MindSwipe May 30 '22 at 06:20
  • @MindSwipe with the MSDN that you linked, where should I put my keys, or the string variable that contains it ? – Ethernet3003 May 30 '22 at 06:21
  • `RSA.ImportParameters(RSAKeyInfo)` you can construct the `RSAKeyInfo` by looking at the [`RSAParameters`](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsaparameters?view=net-6.0) struct, especially look at the [summary of fields](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsaparameters?view=net-6.0#summary-of-fields), you'll need to Base64 encode your public key – MindSwipe May 30 '22 at 06:24
  • 2
    The public key is a PEM encoded key in X.509/SPKI format and can be imported directly with [`ImportFromPem()`](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsa.importfrompem?view=net-6.0) as of .NET 5. – Topaco May 30 '22 at 06:51
  • The posted key is a 512 bits RSA key. This size is insecure, nowadays key sizes >= 2048 bits (!) are needed. – Topaco May 30 '22 at 07:00
  • @Topaco can you post a sample of the code with random keys and encrypting/decrypting function or point me to some ressources containing thoses, because I struggle to understand the MSDN that you sent – Ethernet3003 May 30 '22 at 16:51
  • You just have to pass the key, e.g. [here](https://stackoverflow.com/a/251757/9014097) on the example of decryption. For encryption it is analogous (with the public key associated with the private key), s https://dotnetfiddle.net/Vev6yk. – Topaco May 30 '22 at 17:13
  • @Topaco I get an error "Error CS1061 'RSA' does not contain a definition for 'ImportFromPem' and no accessible extension method 'ImportFromPem' accepting a first argument of type 'RSA' could be found (are you missing a using directive or an assembly reference?)" – Ethernet3003 May 30 '22 at 17:45
  • Which .NET version are you running? – Topaco May 30 '22 at 17:47
  • @Topaco I'm using C# 7.3 with .net 4.8 – Ethernet3003 May 30 '22 at 17:51
  • Well, .NET 5 is not .NET Framework 4.8, is it? For .NET Framework the most comfortable option for key import is BouncyCastle. – Topaco May 30 '22 at 17:57
  • @Topaco isn't there a way to avoid using third parties for importing key using .NET framework ? – Ethernet3003 May 30 '22 at 18:16
  • You have to implement the import yourself - with the corresponding effort. Here you can find an example [`DecodeX509PublicKey()`](https://gist.github.com/stormwild/7887264), l. 686. I wouldn't recommend this way. Another approach would be to convert your PEM key online to a supported format, e.g. XML and import it via `FromXmlString()`. – Topaco May 30 '22 at 18:42
  • @Topaco Once I have it into XML format, how can I use it to encrypt/decrypt, I'm really bad at this I really struggle to understand it, do you have any sample as the previous one with "dotnetfiddle.net", btw do you have any external contact where I could message you, I have many other question concerning cryptography, thanks for your time – Ethernet3003 May 30 '22 at 21:27
  • You can find many examples of importing/exporting keys in XML format and RSA encryption/decryption for .NET on the web. Try this and if you get stuck post a question. – Topaco May 31 '22 at 06:43
  • @Topaco I managed to make it works using FromXmlString() ( thanks :) ), now for another project I'm trying to convert PEM format to XML format using PHP, I have posted a question about it, do you have any clue ? – Ethernet3003 May 31 '22 at 22:26

0 Answers0