Encryption libraries?

Tags: pki encryption c#
By : Gabriel
Source: Stackoverflow.com

I have been tasked with implementing a PKI library in C# for a company project, and have been unable to find a good implementation of it. There appear to be multiple libraries, and many broken links pointing to MSDN libraries that have been removed. I've seen people using Crypt32.dll, people building their own libraries, people using P/Invoke to access system certificate stores, people extending the built-in libraries, examples that simply don't apply to C# (e.g. Java examples), and commercial libraries.

My question is, which implementation/library is most recommended for simple encryption/decryption of data?

As some background for what I plan to do with it, I simply need to encrypt messages using a private key (.pfx), and decrypt with public keys (.cer). Message signing and authentication isn't required at this level of the project, although it may be in future. I have seen reference to encryption lengths which make me uneasy. We need to be able to encrypt any length message (within reason, of course!). Is this something I need to worry about, and if so, is there a way to deal with it?

I would prefer not to store public/private keys in the windows certificate manager if at all possible, but if it makes implementation significantly simpler, so be it.

I realize PKI and encryption is a large and complex subject, but I'm hoping for a relatively simple library anyway... (one can hope, right?)


By : Gabriel


Well, you did not mention that the built-in class doesn't cover your need, so how about System.Security.Cryptography.RSACryptoServiceProvider?

It has a large set qualified ways to asymmetrically encrypt/decrypt streams.

There are several tutorial/guides to take you along the way:



There are countless more to be found through Google.

Update: About the length-restrictments, it's should not be any problems if you just implement the same buffer-algorithm on both sides, encryption and decryption.

Update2: Yes, my example was RSACryptoProvider, but you can use any class that derives from System.Security.Cryptography.AsymmetricAlgorithm, if you want a public/private key-solution. Or build your own... or maybe not :)

Yes, what's wrong with built-in classes?

And if you don't want to use Windows certificate store you can use something like this

RSACryptoServiceProvider rscp = new RSACryptoServiceProvider();
rscp.FromXmlString("<RSAKeyValue><Modulus>key data gere</Modulus><Exponent></Exponent></RSAKeyValue>");

Not sure that this is a good idea for private keys, though.

There's a good tutorial on the subject here

The ? stands fora variable, to be precise, a parameter. The first ? is the return value of the stored prcoedure and the second one is the first parameter of the stored procedure

By : Rob

This video can help you solving your question :)
By: admin