OpenSSL is closer to Java than C# or Crypto++. So where you see Java, thisnk OpenSSL.
Cryptographic Interoperability: Keys http://www.codeproject.com/KB/security/CryptoInteropKeys.aspx Cryptographic Interoperability: Digital Signatures http://www.codeproject.com/KB/security/CryptoInteropSign.aspx On Sun, May 23, 2010 at 10:06 PM, Chuck Pareto <chuckda...@gmail.com> wrote: > Hi, > I'm a newbie when it comes to RSA, the last time I learned it was in school > over 7 years ago in one lecture. > Maybe I'm missing something but I will try to explain my problem again. > A former co worker generated a public and private key for our group. (I > think he used PGP but not sure). > So I have the 2 .pem files he created. So far so good.. > Now, he's using openssl rsautl to encrypt and decrypt strings for our group. > So far so good.. > He's calling openssl rsautl from a c# script to encrypt and decrypt these > strings. So far so good.. > Now here is what I want to do. I want to use c#'s built in rsa class to > encrypt and decrypt these strings instead of having the c# script call > openssl rsautl. So far so good.. > On this link below there is an example of c# calling and ecrypting with a > public key, you don't have to go to this link..just for reference. > http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.encrypt.aspx > Now in this script before the encrypt function is called there are two lines > of code: > > byte[] Exponent = {1,0,1}; > > RSAKeyInfo.Exponent = Exponent; > > If I try to remove this it throws an error. So I am guessing that a exponent > needs to > > be defined in order to encrypt a message????Yes, no, I'm missing something.. > > In your response to my first email, you said e and n are needed for > encrypting. If there is no e being passed in as an argument to openssl > rsautl, what is the default e? and what is the default n? > > > On Sun, May 23, 2010 at 6:11 PM, Dave Thompson <dthomp...@prinpay.com> > wrote: >> >> > From: owner-openssl-us...@openssl.org On Behalf Of Pareto, Charles >> > Sent: Friday, 21 May, 2010 17:14 >> >> > I'm trying to get the same result with the c# >> RSACryptoServiceProvider class >> > that 'openssl.exe rsautl ' gives me. >> > >> > The c# class wants more properties set before you can encrypt a >> message. >> >> I can't help with C#, but this borders on an abstract crypto issue. >> >> > How can I obtain the parameters that 'openssl.exe rsautl' >> implements. >> > For example the exponent, q parameters, p parameters, dp, dq parameters, >> etc. >> > These are optional arguments for the c# class. >> > Ex. Exponent = {1,0,1} >> >> d,p,q,dP,dQ,qInv are the components of an RSA private key that are not >> in the public key. And except for the first, only in the CRT (Chinese >> Remainder Theorem) form, which is used widely including by openssl. >> If that 'exponent' is notated in bytes, it would be 65537 aka 'F4', >> a commonly used value for the public exponent e. The private exponent >> d must be much larger, and for usual e will appear random. >> >> > > openssl.exe rsautl -encrypt -inkey dir\\public.pem -pubin -in >> filename -out encryptedfilename >> >> Aside: unless you're using a Unixoid shell glomped onto Windows, >> like mingw, you usually don't need to specify .exe to find an >> executable and don't need to double backslashes in pathnames. >> >> RSA encrypt, or verify, uses and should need only the public key, >> which substantively consists only of e and n (where n = p * q). >> The private key fields are needed, and generally should be used, >> only for decrypt, or sign. That's the way public-key crypto works, >> and provides certain (we hope useful!) security features. >> You can see public.pem does not contain and this command can't use >> private bits with openssl rsa -in public.pem -pubin -noout -text >> (Note however that rsautl -decrypt does need the private key.) >> >> If some part of C# really demands a private key to RSA *encrypt*, >> it is hopelessly broken and could never provide useful security. >> Although M$ certainly makes mistakes from time to time, I would >> be very surprised if they made such a basic and obvious one, so >> I suspect your understanding is actually wrong. Perhaps you aren't >> (correctly) doing something needed to tell it to be in encrypt mode, >> or (more abstractly) to use a public rather than private RSA key. >> >> >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
