"William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
> Not sure I understand you completely.  If I read the post correctly, he
> wants to encrypt some data on the client and send to some server.  The
> server will have the private key to decrypt the key and iv.  This is a
> normal way to do this type of thing.  If he wants other, then need some more
> detail.  Cheers.
>
> --
> William Stacey, MVP
> http://mvp.support.microsoft.com
>
> "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
> news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
> > Hi William,
> > if encrypt the simmetric-key with rsa public-key means that the customer
> > must have the private-key for the decrypt!
> >
> > this goes well in the normal documents (generic data) but *not* for the
> > applications (absolutely no!) why is possible to gain the public-key from
> > that private-key!
> >
> > in the software applications (as an example in the generation of a serial
> > number) it must be used rsa to the contrary. encrypt with the private key
> > and decrypt with that public-key. in this way I have only the certainty
> that
> > is *not possible* to make a keygen why the private-key lacks!
> >
> > best regards,
> > Marcello
> > www.cantelmosoftware.com
> >
> > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel messaggio
> > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
> > >I would not break into pieces to do rsa encryption.  Just use Rijndael
> > > encryption.   Use something like so:
> > >
> > > public class Doc
> > > {
> > >     public byte[] Key;
> > >     public byte[] IV;
> > >     public byte[] Data
> > > }
> > >
> > > Then just create a Rijndael object that will have a new random key and
> iv.
> > > Encrypt your all your data using rij (say maybe an xml doc with all your
> > > textbox fields as elements) and store in Data.  Then encrypt your key
> and
> > > iv
> > > using the public RSA key.  Then just serialize the Doc class above using
> > > XmlSerializer into an Xml string and send to the receiver.  Receiver
> does
> > > the reverse to get the data.  No clear encryption key stored anywhere
> and
> > > each new run will have different key and iv.  hth.
> > >
> > > --
> > > William Stacey, MVP
> > > http://mvp.support.microsoft.com
> > >
> > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
> > >>
> > >>    March 18, 2005
> > >>
> > >>      Thanks! I have looked for a very long time for those byte length
> > >> numbers! One problem though. :(  If I am right,
> > > Encoding.Unicode.Getbytes()
> > >> converts each character to two bytes.  That means that I cannot evenly
> > > feed
> > >> the bytes to RSA without splitting characters. Will this be a problem,
> > >> and
> > > am
> > >> I right that .GetBytes() converts chars to two bytes? Also do you know
> of
> > > a
> > >> way to split the UnEncrypted() byte array into blocks of 127? Right
> now,
> > >> I
> > >> have tried to input the message into a stringreader and then read back
> > > blocks
> > >> of 50 chars at a time. I then convert the block of chars to bytes and
> > >> feed
> > >> the block of bytes to the encryptor. This works, but I for some reason
> > > cannot
> > >> decrypt it. (I just realized that I encrypted using the private key and
> > > then
> > >> decrypted using the private key. Do I have to create another rsa object
> > > with
> > >> JUST the public key, or can I decrypt using the same RSA since it has
> > >> both
> > >> the private and public key?) I guess I am just really confused and I
> > > Really
> > >> Appreciate your help!
> > >>
> > >>
> > >>                          Joseph MCAD
> > >>
> > >>
> > >>
> > >> "Cantelmo Software" wrote:
> > >>
> > >> > Hi Joseph MCAD,
> > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding. output
> is
> > >> > always 128 byte
> > >> >
> > >> > other details:
> > >> >
> > >
>

> > >> >
> > >> > HTH
> > >> > Marcello
> > >> > www.cantelmosoftware.com
> > >> >
> > >> > try my Goliath.NET obfuscator (pre-release version) & send me your
> > > opinion
> > >> > ;-)
> > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
> > >> >
> > >> >
> > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha scritto nel
> > >> > messaggio news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
> > >> > >
> > >> > > March 18, 2005
> > >> > >
> > >> > >     I am trying to encrypt messages typed in a textbox by
> encrypting
> > > them
> > >> > > using RSACryptoServiceProvider. If the text is shorter than about
> 1/2
> > > a
> > >> > > sentence, then it works fine. If it is longer, say: "This is my
> > > message.
> > >> > > It
> > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes, False)
> > > fails
> > >> > > with
> > >> > > "Bad Length". I know that RSA is usually used for encrypting small
> > > amounts
> > >> > > of
> > >> > > data, such as symmetric keys, but all the examples I have seen
> > >> > > haven't
> > >> > > mention this. Even Microsoft's Training Kit for their Microsoft
> > > Certified
> > >> > > Professional Exam 70-330 (Implementing Application Security) asks
> you
> > > to
> > >> > > build a program that encrypts entire files using RSA. Can anyone
> > > provide a
> > >> > > definite answer as to whether I can use RSA for what I am doing?
> > > Thanks a
> > >> > > lot
> > >> > > for any response, as I have worked about 10 hours on this!
> > >> > >
> > >> > > dim message as string = "A longer string than an encryption
> > >> > > key.......MessageText"
> > >> > > dim unencryptedbytes() as byte = encoding.unicode.getbytes(message)
> > >> > > dim RSA as new RSACryptoServiceProvider()
> > >> > > RSA.FromXMLString(MyPrivateKey)
> > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes, false)
> > >> > > 'Errors
> > >> > > here
> > >> > >
> > >> > >
> > >> > > Joseph MCAD
> > >> > >
> > >> > >
> > >> >
> > >> >
> > >> >
> > >
> >
> >
>

"Michel Gallant" wrote:

> Typically ... RSA encryption is meant for encryption of small
> amounts of data (like secret symmetric keys).
> The related concept of enveloping (combination of bulk symmetric encryption of
> data, combined with RSA encryption of that secret symmetric keys to recipient(s))
> is described here, with a .NET flavour:
>    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
>
> - Mitch Gallant
>    MVP Security
>
> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
> > Not sure I understand you completely.  If I read the post correctly, he
> > wants to encrypt some data on the client and send to some server.  The
> > server will have the private key to decrypt the key and iv.  This is a
> > normal way to do this type of thing.  If he wants other, then need some more
> > detail.  Cheers.
> >
> > --
> > William Stacey, MVP
> > http://mvp.support.microsoft.com
> >
> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
> > > Hi William,
> > > if encrypt the simmetric-key with rsa public-key means that the customer
> > > must have the private-key for the decrypt!
> > >
> > > this goes well in the normal documents (generic data) but *not* for the
> > > applications (absolutely no!) why is possible to gain the public-key from
> > > that private-key!
> > >
> > > in the software applications (as an example in the generation of a serial
> > > number) it must be used rsa to the contrary. encrypt with the private key
> > > and decrypt with that public-key. in this way I have only the certainty
> > that
> > > is *not possible* to make a keygen why the private-key lacks!
> > >
> > > best regards,
> > > Marcello
> > > www.cantelmosoftware.com
> > >
> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel messaggio
> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
> > > >I would not break into pieces to do rsa encryption.  Just use Rijndael
> > > > encryption.   Use something like so:
> > > >
> > > > public class Doc
> > > > {
> > > >     public byte[] Key;
> > > >     public byte[] IV;
> > > >     public byte[] Data
> > > > }
> > > >
> > > > Then just create a Rijndael object that will have a new random key and
> > iv.
> > > > Encrypt your all your data using rij (say maybe an xml doc with all your
> > > > textbox fields as elements) and store in Data.  Then encrypt your key
> > and
> > > > iv
> > > > using the public RSA key.  Then just serialize the Doc class above using
> > > > XmlSerializer into an Xml string and send to the receiver.  Receiver
> > does
> > > > the reverse to get the data.  No clear encryption key stored anywhere
> > and
> > > > each new run will have different key and iv.  hth.
> > > >
> > > > --
> > > > William Stacey, MVP
> > > > http://mvp.support.microsoft.com
> > > >
> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
> > > >>
> > > >>    March 18, 2005
> > > >>
> > > >>      Thanks! I have looked for a very long time for those byte length
> > > >> numbers! One problem though. :(  If I am right,
> > > > Encoding.Unicode.Getbytes()
> > > >> converts each character to two bytes.  That means that I cannot evenly
> > > > feed
> > > >> the bytes to RSA without splitting characters. Will this be a problem,
> > > >> and
> > > > am
> > > >> I right that .GetBytes() converts chars to two bytes? Also do you know
> > of
> > > > a
> > > >> way to split the UnEncrypted() byte array into blocks of 127? Right
> > now,
> > > >> I
> > > >> have tried to input the message into a stringreader and then read back
> > > > blocks
> > > >> of 50 chars at a time. I then convert the block of chars to bytes and
> > > >> feed
> > > >> the block of bytes to the encryptor. This works, but I for some reason
> > > > cannot
> > > >> decrypt it. (I just realized that I encrypted using the private key and
> > > > then
> > > >> decrypted using the private key. Do I have to create another rsa object
> > > > with
> > > >> JUST the public key, or can I decrypt using the same RSA since it has
> > > >> both
> > > >> the private and public key?) I guess I am just really confused and I
> > > > Really
> > > >> Appreciate your help!
> > > >>
> > > >>
> > > >>                          Joseph MCAD
> > > >>
> > > >>
> > > >>
> > > >> "Cantelmo Software" wrote:
> > > >>
> > > >> > Hi Joseph MCAD,
> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding. output
> > is
> > > >> > always 128 byte
> > > >> >
> > > >> > other details:
> > > >> >
> > > >
> >
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityCryptographyRSACryptoServiceProviderClassEncryptTopic.asp
> > > >> >
> > > >> > HTH
> > > >> > Marcello
> > > >> > www.cantelmosoftware.com
> > > >> >
> > > >> > try my Goliath.NET obfuscator (pre-release version) & send me your
> > > > opinion
> > > >> > ;-)
> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
> > > >> >
> > > >> >
> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha scritto nel
> > > >> > messaggio news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
> > > >> > >
> > > >> > > March 18, 2005
> > > >> > >
> > > >> > >     I am trying to encrypt messages typed in a textbox by
> > encrypting
> > > > them
> > > >> > > using RSACryptoServiceProvider. If the text is shorter than about
> > 1/2
> > > > a
> > > >> > > sentence, then it works fine. If it is longer, say: "This is my
> > > > message.
> > > >> > > It
> > > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes, False)
> > > > fails
> > > >> > > with
> > > >> > > "Bad Length". I know that RSA is usually used for encrypting small
> > > > amounts
> > > >> > > of
> > > >> > > data, such as symmetric keys, but all the examples I have seen
> > > >> > > haven't
> > > >> > > mention this. Even Microsoft's Training Kit for their Microsoft
> > > > Certified
> > > >> > > Professional Exam 70-330 (Implementing Application Security) asks
> > you
> > > > to
> > > >> > > build a program that encrypts entire files using RSA. Can anyone
> > > > provide a
> > > >> > > definite answer as to whether I can use RSA for what I am doing?
> > > > Thanks a
> > > >> > > lot
> > > >> > > for any response, as I have worked about 10 hours on this!
> > > >> > >
> > > >> > > dim message as string = "A longer string than an encryption
> > > >> > > key.......MessageText"
> > > >> > > dim unencryptedbytes() as byte = encoding.unicode.getbytes(message)
> > > >> > > dim RSA as new RSACryptoServiceProvider()
> > > >> > > RSA.FromXMLString(MyPrivateKey)
> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes, false)
> > > >> > > 'Errors
> > > >> > > here
> > > >> > >
> > > >> > >
> > > >> > > Joseph MCAD
> > > >> > >
> > > >> > >
> > > >> >
> > > >> >
> > > >> >
> > > >
> > >
> > >
> >
>
>
>

"Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
news:AF912100-9386-46DA-9D6C-E2CDC327CB9A@microsoft.com...
>
>    March 19, 2005
>
>     Thanks for everyone's help! I realize that you can exchange symmetric
> keys with RSA and then send file to each other using the symmetric
> algorithm.
> I just wanted to make sure that you can't encrypt whole files using RSA
> like
> the examples I have seen. (The examples sure don't work when using long
> strings! :-) ) Now that that is taken care of, I have another question. :)
> I
> will try to make it clear. I have three computers (Computer A which has
> the
> symmetric key, Computer B, and Computer C) which have to send files or
> messages amoungst themselves, and they have to use a symmetric key. To
> initially send B and C the key from the central computer (Computer A) I
> want
> to use RSA to encrypt the key. I have to assume that everyone in the
> universe
> has the public key. This means I cannot encrypt the key with a private key
> on
> A, because then everyone can decrypt the key with the public key and have
> the
> symmetric key. This means that I will have to encrypt it with the public
> key,
> and then have B and C have the private key to decrypt it. I don't trust
> them
> with the private key, however which creates the problem. What I am
> thinking I
> will do is this... I will have a unique key pair on each computer.
> (KeyPair#1
> on A, #2 on B, and #3 on C )
>
> Computer B & C                                             Computer A
>            <<<------------------------------------------------        Step
> 1
>            ------------------------------------------------>>>        Step
> 2
>            <<<-----------------------------------------------         Step
> 3
>            <<<------------------------------------------->>>       Step 4
> Step 1: Send public key#1 to computer B or C
> Step 2: Send public key#2 or #3 (depending on computer) encrypted with
> public key#1
> Step 3: Decrypt public key#2 or #3 with private key#1 and then send
> symmetric key encrypted by public key#2 or #3
> Step 4: Send messages or files using symmetric key
>
> This seems right to me. If all of you would just validate that I
> understand
> it right, I would greatly appreciate it and then I can start building the
> application!
>
>
>                   Thanks again!
>
>                   Joseph MCAD
>
>
> "Michel Gallant" wrote:
>
>> Typically ... RSA encryption is meant for encryption of small
>> amounts of data (like secret symmetric keys).
>> The related concept of enveloping (combination of bulk symmetric
>> encryption of
>> data, combined with RSA encryption of that secret symmetric keys to
>> recipient(s))
>> is described here, with a .NET flavour:
>>
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
>>
>> - Mitch Gallant
>>    MVP Security
>>
>> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message
>> news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
>> > Not sure I understand you completely.  If I read the post correctly, he
>> > wants to encrypt some data on the client and send to some server.  The
>> > server will have the private key to decrypt the key and iv.  This is a
>> > normal way to do this type of thing.  If he wants other, then need some
>> > more
>> > detail.  Cheers.
>> >
>> > --
>> > William Stacey, MVP
>> > http://mvp.support.microsoft.com
>> >
>> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
>> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
>> > > Hi William,
>> > > if encrypt the simmetric-key with rsa public-key means that the
>> > > customer
>> > > must have the private-key for the decrypt!
>> > >
>> > > this goes well in the normal documents (generic data) but *not* for
>> > > the
>> > > applications (absolutely no!) why is possible to gain the public-key
>> > > from
>> > > that private-key!
>> > >
>> > > in the software applications (as an example in the generation of a
>> > > serial
>> > > number) it must be used rsa to the contrary. encrypt with the private
>> > > key
>> > > and decrypt with that public-key. in this way I have only the
>> > > certainty
>> > that
>> > > is *not possible* to make a keygen why the private-key lacks!
>> > >
>> > > best regards,
>> > > Marcello
>> > > www.cantelmosoftware.com
>> > >
>> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel
>> > > messaggio
>> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
>> > > >I would not break into pieces to do rsa encryption.  Just use
>> > > >Rijndael
>> > > > encryption.   Use something like so:
>> > > >
>> > > > public class Doc
>> > > > {
>> > > >     public byte[] Key;
>> > > >     public byte[] IV;
>> > > >     public byte[] Data
>> > > > }
>> > > >
>> > > > Then just create a Rijndael object that will have a new random key
>> > > > and
>> > iv.
>> > > > Encrypt your all your data using rij (say maybe an xml doc with all
>> > > > your
>> > > > textbox fields as elements) and store in Data.  Then encrypt your
>> > > > key
>> > and
>> > > > iv
>> > > > using the public RSA key.  Then just serialize the Doc class above
>> > > > using
>> > > > XmlSerializer into an Xml string and send to the receiver.
>> > > > Receiver
>> > does
>> > > > the reverse to get the data.  No clear encryption key stored
>> > > > anywhere
>> > and
>> > > > each new run will have different key and iv.  hth.
>> > > >
>> > > > --
>> > > > William Stacey, MVP
>> > > > http://mvp.support.microsoft.com
>> > > >
>> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in
>> > > > message
>> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
>> > > >>
>> > > >>    March 18, 2005
>> > > >>
>> > > >>      Thanks! I have looked for a very long time for those byte
>> > > >> length
>> > > >> numbers! One problem though. :(  If I am right,
>> > > > Encoding.Unicode.Getbytes()
>> > > >> converts each character to two bytes.  That means that I cannot
>> > > >> evenly
>> > > > feed
>> > > >> the bytes to RSA without splitting characters. Will this be a
>> > > >> problem,
>> > > >> and
>> > > > am
>> > > >> I right that .GetBytes() converts chars to two bytes? Also do you
>> > > >> know
>> > of
>> > > > a
>> > > >> way to split the UnEncrypted() byte array into blocks of 127?
>> > > >> Right
>> > now,
>> > > >> I
>> > > >> have tried to input the message into a stringreader and then read
>> > > >> back
>> > > > blocks
>> > > >> of 50 chars at a time. I then convert the block of chars to bytes
>> > > >> and
>> > > >> feed
>> > > >> the block of bytes to the encryptor. This works, but I for some
>> > > >> reason
>> > > > cannot
>> > > >> decrypt it. (I just realized that I encrypted using the private
>> > > >> key and
>> > > > then
>> > > >> decrypted using the private key. Do I have to create another rsa
>> > > >> object
>> > > > with
>> > > >> JUST the public key, or can I decrypt using the same RSA since it
>> > > >> has
>> > > >> both
>> > > >> the private and public key?) I guess I am just really confused and
>> > > >> I
>> > > > Really
>> > > >> Appreciate your help!
>> > > >>
>> > > >>
>> > > >>                          Joseph MCAD
>> > > >>
>> > > >>
>> > > >>
>> > > >> "Cantelmo Software" wrote:
>> > > >>
>> > > >> > Hi Joseph MCAD,
>> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding.
>> > > >> > output
>> > is
>> > > >> > always 128 byte
>> > > >> >
>> > > >> > other details:
>> > > >> >
>> > > >
>> >
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityCryptographyRSACryptoServiceProviderClassEncryptTopic.asp
>> > > >> >
>> > > >> > HTH
>> > > >> > Marcello
>> > > >> > www.cantelmosoftware.com
>> > > >> >
>> > > >> > try my Goliath.NET obfuscator (pre-release version) & send me
>> > > >> > your
>> > > > opinion
>> > > >> > ;-)
>> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
>> > > >> >
>> > > >> >
>> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha scritto
>> > > >> > nel
>> > > >> > messaggio
>> > > >> > news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
>> > > >> > >
>> > > >> > > March 18, 2005
>> > > >> > >
>> > > >> > >     I am trying to encrypt messages typed in a textbox by
>> > encrypting
>> > > > them
>> > > >> > > using RSACryptoServiceProvider. If the text is shorter than
>> > > >> > > about
>> > 1/2
>> > > > a
>> > > >> > > sentence, then it works fine. If it is longer, say: "This is
>> > > >> > > my
>> > > > message.
>> > > >> > > It
>> > > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes,
>> > > >> > > False)
>> > > > fails
>> > > >> > > with
>> > > >> > > "Bad Length". I know that RSA is usually used for encrypting
>> > > >> > > small
>> > > > amounts
>> > > >> > > of
>> > > >> > > data, such as symmetric keys, but all the examples I have seen
>> > > >> > > haven't
>> > > >> > > mention this. Even Microsoft's Training Kit for their
>> > > >> > > Microsoft
>> > > > Certified
>> > > >> > > Professional Exam 70-330 (Implementing Application Security)
>> > > >> > > asks
>> > you
>> > > > to
>> > > >> > > build a program that encrypts entire files using RSA. Can
>> > > >> > > anyone
>> > > > provide a
>> > > >> > > definite answer as to whether I can use RSA for what I am
>> > > >> > > doing?
>> > > > Thanks a
>> > > >> > > lot
>> > > >> > > for any response, as I have worked about 10 hours on this!
>> > > >> > >
>> > > >> > > dim message as string = "A longer string than an encryption
>> > > >> > > key.......MessageText"
>> > > >> > > dim unencryptedbytes() as byte =
>> > > >> > > encoding.unicode.getbytes(message)
>> > > >> > > dim RSA as new RSACryptoServiceProvider()
>> > > >> > > RSA.FromXMLString(MyPrivateKey)
>> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes, false)
>> > > >> > > 'Errors
>> > > >> > > here
>> > > >> > >
>> > > >> > >
>> > > >> > > Joseph MCAD
>> > > >> > >
>> > > >> > >
>> > > >> >
>> > > >> >
>> > > >> >
>> > > >
>> > >
>> > >
>> >
>>
>>
>>

"Joe Kaplan (MVP - ADSI)" wrote:

> Hi Joseph,
>
> The typical way of doing what you want to do is to generate a PKCS#7
> enveloped data message like Mitch suggested.
>
> Essentially, it does exactly what you want.  It bulk encrypts a message
> using a symmetric cipher (3DES, AES, etc.) and a randomly generated session
> key.  Then, it encrypts the session key with the public key of each
> recipient of the message based on the key in their public certificate.
> Then, the enveloped data structure (in PKCS#7 format) is created which
> contains the encrypted data, information about the algorithm used, and a
> copy of the encrypted session key with information describing which
> certificate was used to encrypt it.  Then, any recipient of the message who
> has the correct private key for his certificate can decrypt the session key
> and recover the original message.
>
> This is essentially how S/MIME email encryption works using certificates.
> It does require that you have the public certificate for each of your
> message recipients though.
>
> The problem is that .NET 1.1 doesn't have good support for creating
> enveloped data messages.  In order to do this easily, COM interop to CAPICOM
> is the path of least resistance.  It has a nice EnvelopedData class that
> works ok.  It is also possible to do this with p/invoke to the CAPI API, but
> that is vastly more painful.  Mitch's website has samples though.  .NET 2.0
> fixes this.
>
> What you really don't want to do is try to invent your own secure key
> exchange protocol.  These things are notoriously hard to do well.
>
> And remember, anyone demonstrating a bulk encryption approach using just RSA
> is wrong.  It is specifically not designed for that.  RSA is for encrypting
> very tiny amounts of data (bulk encryption keys and hashes).
>
> I've over simplified in a few places, so if anyone wants to dress this up a
> bit, please feel free.
>
> Joe K.
>
> "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> news:AF912100-9386-46DA-9D6C-E2CDC327CB9A@microsoft.com...
> >
> >    March 19, 2005
> >
> >     Thanks for everyone's help! I realize that you can exchange symmetric
> > keys with RSA and then send file to each other using the symmetric
> > algorithm.
> > I just wanted to make sure that you can't encrypt whole files using RSA
> > like
> > the examples I have seen. (The examples sure don't work when using long
> > strings! :-) ) Now that that is taken care of, I have another question. :)
> > I
> > will try to make it clear. I have three computers (Computer A which has
> > the
> > symmetric key, Computer B, and Computer C) which have to send files or
> > messages amoungst themselves, and they have to use a symmetric key. To
> > initially send B and C the key from the central computer (Computer A) I
> > want
> > to use RSA to encrypt the key. I have to assume that everyone in the
> > universe
> > has the public key. This means I cannot encrypt the key with a private key
> > on
> > A, because then everyone can decrypt the key with the public key and have
> > the
> > symmetric key. This means that I will have to encrypt it with the public
> > key,
> > and then have B and C have the private key to decrypt it. I don't trust
> > them
> > with the private key, however which creates the problem. What I am
> > thinking I
> > will do is this... I will have a unique key pair on each computer.
> > (KeyPair#1
> > on A, #2 on B, and #3 on C )
> >
> > Computer B & C                                             Computer A
> >            <<<------------------------------------------------        Step
> > 1
> >            ------------------------------------------------>>>        Step
> > 2
> >            <<<-----------------------------------------------         Step
> > 3
> >            <<<------------------------------------------->>>       Step 4
> > Step 1: Send public key#1 to computer B or C
> > Step 2: Send public key#2 or #3 (depending on computer) encrypted with
> > public key#1
> > Step 3: Decrypt public key#2 or #3 with private key#1 and then send
> > symmetric key encrypted by public key#2 or #3
> > Step 4: Send messages or files using symmetric key
> >
> > This seems right to me. If all of you would just validate that I
> > understand
> > it right, I would greatly appreciate it and then I can start building the
> > application!
> >
> >
> >                   Thanks again!
> >
> >                   Joseph MCAD
> >
> >
> > "Michel Gallant" wrote:
> >
> >> Typically ... RSA encryption is meant for encryption of small
> >> amounts of data (like secret symmetric keys).
> >> The related concept of enveloping (combination of bulk symmetric
> >> encryption of
> >> data, combined with RSA encryption of that secret symmetric keys to
> >> recipient(s))
> >> is described here, with a .NET flavour:
> >>
> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
> >>
> >> - Mitch Gallant
> >>    MVP Security
> >>
> >> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message
> >> news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
> >> > Not sure I understand you completely.  If I read the post correctly, he
> >> > wants to encrypt some data on the client and send to some server.  The
> >> > server will have the private key to decrypt the key and iv.  This is a
> >> > normal way to do this type of thing.  If he wants other, then need some
> >> > more
> >> > detail.  Cheers.
> >> >
> >> > --
> >> > William Stacey, MVP
> >> > http://mvp.support.microsoft.com
> >> >
> >> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
> >> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
> >> > > Hi William,
> >> > > if encrypt the simmetric-key with rsa public-key means that the
> >> > > customer
> >> > > must have the private-key for the decrypt!
> >> > >
> >> > > this goes well in the normal documents (generic data) but *not* for
> >> > > the
> >> > > applications (absolutely no!) why is possible to gain the public-key
> >> > > from
> >> > > that private-key!
> >> > >
> >> > > in the software applications (as an example in the generation of a
> >> > > serial
> >> > > number) it must be used rsa to the contrary. encrypt with the private
> >> > > key
> >> > > and decrypt with that public-key. in this way I have only the
> >> > > certainty
> >> > that
> >> > > is *not possible* to make a keygen why the private-key lacks!
> >> > >
> >> > > best regards,
> >> > > Marcello
> >> > > www.cantelmosoftware.com
> >> > >
> >> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel
> >> > > messaggio
> >> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
> >> > > >I would not break into pieces to do rsa encryption.  Just use
> >> > > >Rijndael
> >> > > > encryption.   Use something like so:
> >> > > >
> >> > > > public class Doc
> >> > > > {
> >> > > >     public byte[] Key;
> >> > > >     public byte[] IV;
> >> > > >     public byte[] Data
> >> > > > }
> >> > > >
> >> > > > Then just create a Rijndael object that will have a new random key
> >> > > > and
> >> > iv.
> >> > > > Encrypt your all your data using rij (say maybe an xml doc with all
> >> > > > your
> >> > > > textbox fields as elements) and store in Data.  Then encrypt your
> >> > > > key
> >> > and
> >> > > > iv
> >> > > > using the public RSA key.  Then just serialize the Doc class above
> >> > > > using
> >> > > > XmlSerializer into an Xml string and send to the receiver.
> >> > > > Receiver
> >> > does
> >> > > > the reverse to get the data.  No clear encryption key stored
> >> > > > anywhere
> >> > and
> >> > > > each new run will have different key and iv.  hth.
> >> > > >
> >> > > > --
> >> > > > William Stacey, MVP
> >> > > > http://mvp.support.microsoft.com
> >> > > >
> >> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in
> >> > > > message
> >> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
> >> > > >>
> >> > > >>    March 18, 2005
> >> > > >>
> >> > > >>      Thanks! I have looked for a very long time for those byte
> >> > > >> length
> >> > > >> numbers! One problem though. :(  If I am right,
> >> > > > Encoding.Unicode.Getbytes()
> >> > > >> converts each character to two bytes.  That means that I cannot
> >> > > >> evenly
> >> > > > feed
> >> > > >> the bytes to RSA without splitting characters. Will this be a
> >> > > >> problem,
> >> > > >> and
> >> > > > am
> >> > > >> I right that .GetBytes() converts chars to two bytes? Also do you
> >> > > >> know
> >> > of
> >> > > > a
> >> > > >> way to split the UnEncrypted() byte array into blocks of 127?
> >> > > >> Right
> >> > now,
> >> > > >> I
> >> > > >> have tried to input the message into a stringreader and then read
> >> > > >> back
> >> > > > blocks
> >> > > >> of 50 chars at a time. I then convert the block of chars to bytes
> >> > > >> and
> >> > > >> feed
> >> > > >> the block of bytes to the encryptor. This works, but I for some
> >> > > >> reason
> >> > > > cannot
> >> > > >> decrypt it. (I just realized that I encrypted using the private
> >> > > >> key and
> >> > > > then
> >> > > >> decrypted using the private key. Do I have to create another rsa
> >> > > >> object
> >> > > > with
> >> > > >> JUST the public key, or can I decrypt using the same RSA since it
> >> > > >> has
> >> > > >> both
> >> > > >> the private and public key?) I guess I am just really confused and
> >> > > >> I
> >> > > > Really
> >> > > >> Appreciate your help!
> >> > > >>
> >> > > >>
> >> > > >>                          Joseph MCAD
> >> > > >>
> >> > > >>
> >> > > >>
> >> > > >> "Cantelmo Software" wrote:
> >> > > >>
> >> > > >> > Hi Joseph MCAD,
> >> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding.
> >> > > >> > output
> >> > is
> >> > > >> > always 128 byte
> >> > > >> >
> >> > > >> > other details:
> >> > > >> >
> >> > > >
> >> >
> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityCryptographyRSACryptoServiceProviderClassEncryptTopic.asp
> >> > > >> >
> >> > > >> > HTH
> >> > > >> > Marcello
> >> > > >> > www.cantelmosoftware.com
> >> > > >> >
> >> > > >> > try my Goliath.NET obfuscator (pre-release version) & send me
> >> > > >> > your
> >> > > > opinion
> >> > > >> > ;-)
> >> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
> >> > > >> >
> >> > > >> >
> >> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha scritto
> >> > > >> > nel
> >> > > >> > messaggio
> >> > > >> > news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
> >> > > >> > >
> >> > > >> > > March 18, 2005
> >> > > >> > >
> >> > > >> > >     I am trying to encrypt messages typed in a textbox by
> >> > encrypting
> >> > > > them
> >> > > >> > > using RSACryptoServiceProvider. If the text is shorter than
> >> > > >> > > about
> >> > 1/2
> >> > > > a
> >> > > >> > > sentence, then it works fine. If it is longer, say: "This is
> >> > > >> > > my
> >> > > > message.
> >> > > >> > > It
> >> > > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes,
> >> > > >> > > False)
> >> > > > fails
> >> > > >> > > with
> >> > > >> > > "Bad Length". I know that RSA is usually used for encrypting
> >> > > >> > > small
> >> > > > amounts
> >> > > >> > > of
> >> > > >> > > data, such as symmetric keys, but all the examples I have seen
> >> > > >> > > haven't
> >> > > >> > > mention this. Even Microsoft's Training Kit for their
> >> > > >> > > Microsoft
> >> > > > Certified
> >> > > >> > > Professional Exam 70-330 (Implementing Application Security)
> >> > > >> > > asks
> >> > you
> >> > > > to
> >> > > >> > > build a program that encrypts entire files using RSA. Can
> >> > > >> > > anyone
> >> > > > provide a
> >> > > >> > > definite answer as to whether I can use RSA for what I am
> >> > > >> > > doing?
> >> > > > Thanks a
> >> > > >> > > lot
> >> > > >> > > for any response, as I have worked about 10 hours on this!
> >> > > >> > >
> >> > > >> > > dim message as string = "A longer string than an encryption
> >> > > >> > > key.......MessageText"
> >> > > >> > > dim unencryptedbytes() as byte =
> >> > > >> > > encoding.unicode.getbytes(message)
> >> > > >> > > dim RSA as new RSACryptoServiceProvider()
> >> > > >> > > RSA.FromXMLString(MyPrivateKey)
> >> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes, false)
> >> > > >> > > 'Errors
> >> > > >> > > here
> >> > > >> > >
> >> > > >> > >
> >> > > >> > > Joseph MCAD
> >> > > >> > >
> >> > > >> > >
> >> > > >> >
> >> > > >> >
> >> > > >> >
> >> > > >
> >> > >
> >> > >
> >> >
> >>
> >>
> >>
>
>
>

"Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
news:E3764B73-D554-402F-BCDC-0EFA7AE2AFD0@microsoft.com...
>
>   March 19, 2005
>
>     That makes a lot more sense. I didn't quite understand it at first
> when
> William Stancey suggested it. I won't be able to use CAPICOM, because I am
> not familiar with marshalling in COM Interop. (If it was as simple as
> referencing CAPICOM and then calling the classes as if they were .Net
> Managed, then I could.) I suppose that I could expose the public key on
> each
> computer by using .Net Remoting. (XML Web Services are out of the
> question,
> because IIS isn't installed on all of the computers.) Then when a user
> wants
> to send a message to another computer, the sender can query the other
> computer for its public key. If the computer does not return its public
> key,
> then I can notify the user right then that the computer might be turned
> off.
> The user can then save his message to a file (encrypted with the symmetric
> key) with the symmetric key embedded in the file and encrypted using the
> public key of the user's computer. Then when the user tries to send it
> again,
> he/she can query for the other computer public key again (and if that
> succeeds), then open the file, decrypt it with the user's private key, and
> then encrypt it with the other public key. Then the message can be sent. I
> hope this makes sense and I am more than open to all suggestions and
> comments! All of you are really helping me out!
>
>
>             Thanks again!
>
>             Joseph MCAD
>
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> Hi Joseph,
>>
>> The typical way of doing what you want to do is to generate a PKCS#7
>> enveloped data message like Mitch suggested.
>>
>> Essentially, it does exactly what you want.  It bulk encrypts a message
>> using a symmetric cipher (3DES, AES, etc.) and a randomly generated
>> session
>> key.  Then, it encrypts the session key with the public key of each
>> recipient of the message based on the key in their public certificate.
>> Then, the enveloped data structure (in PKCS#7 format) is created which
>> contains the encrypted data, information about the algorithm used, and a
>> copy of the encrypted session key with information describing which
>> certificate was used to encrypt it.  Then, any recipient of the message
>> who
>> has the correct private key for his certificate can decrypt the session
>> key
>> and recover the original message.
>>
>> This is essentially how S/MIME email encryption works using certificates.
>> It does require that you have the public certificate for each of your
>> message recipients though.
>>
>> The problem is that .NET 1.1 doesn't have good support for creating
>> enveloped data messages.  In order to do this easily, COM interop to
>> CAPICOM
>> is the path of least resistance.  It has a nice EnvelopedData class that
>> works ok.  It is also possible to do this with p/invoke to the CAPI API,
>> but
>> that is vastly more painful.  Mitch's website has samples though.  .NET
>> 2.0
>> fixes this.
>>
>> What you really don't want to do is try to invent your own secure key
>> exchange protocol.  These things are notoriously hard to do well.
>>
>> And remember, anyone demonstrating a bulk encryption approach using just
>> RSA
>> is wrong.  It is specifically not designed for that.  RSA is for
>> encrypting
>> very tiny amounts of data (bulk encryption keys and hashes).
>>
>> I've over simplified in a few places, so if anyone wants to dress this up
>> a
>> bit, please feel free.
>>
>> Joe K.
>>
>> "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
>> news:AF912100-9386-46DA-9D6C-E2CDC327CB9A@microsoft.com...
>> >
>> >    March 19, 2005
>> >
>> >     Thanks for everyone's help! I realize that you can exchange
>> > symmetric
>> > keys with RSA and then send file to each other using the symmetric
>> > algorithm.
>> > I just wanted to make sure that you can't encrypt whole files using RSA
>> > like
>> > the examples I have seen. (The examples sure don't work when using long
>> > strings! :-) ) Now that that is taken care of, I have another question.
>> > :)
>> > I
>> > will try to make it clear. I have three computers (Computer A which has
>> > the
>> > symmetric key, Computer B, and Computer C) which have to send files or
>> > messages amoungst themselves, and they have to use a symmetric key. To
>> > initially send B and C the key from the central computer (Computer A) I
>> > want
>> > to use RSA to encrypt the key. I have to assume that everyone in the
>> > universe
>> > has the public key. This means I cannot encrypt the key with a private
>> > key
>> > on
>> > A, because then everyone can decrypt the key with the public key and
>> > have
>> > the
>> > symmetric key. This means that I will have to encrypt it with the
>> > public
>> > key,
>> > and then have B and C have the private key to decrypt it. I don't trust
>> > them
>> > with the private key, however which creates the problem. What I am
>> > thinking I
>> > will do is this... I will have a unique key pair on each computer.
>> > (KeyPair#1
>> > on A, #2 on B, and #3 on C )
>> >
>> > Computer B & C                                             Computer A
>> >            <<<------------------------------------------------ 
>> > Step
>> > 1
>> >            ------------------------------------------------>>>
>> > Step
>> > 2
>> >            <<<----------------------------------------------- 
>> > Step
>> > 3
>> >            <<<------------------------------------------->>>       Step
>> > 4
>> > Step 1: Send public key#1 to computer B or C
>> > Step 2: Send public key#2 or #3 (depending on computer) encrypted with
>> > public key#1
>> > Step 3: Decrypt public key#2 or #3 with private key#1 and then send
>> > symmetric key encrypted by public key#2 or #3
>> > Step 4: Send messages or files using symmetric key
>> >
>> > This seems right to me. If all of you would just validate that I
>> > understand
>> > it right, I would greatly appreciate it and then I can start building
>> > the
>> > application!
>> >
>> >
>> >                   Thanks again!
>> >
>> >                   Joseph MCAD
>> >
>> >
>> > "Michel Gallant" wrote:
>> >
>> >> Typically ... RSA encryption is meant for encryption of small
>> >> amounts of data (like secret symmetric keys).
>> >> The related concept of enveloping (combination of bulk symmetric
>> >> encryption of
>> >> data, combined with RSA encryption of that secret symmetric keys to
>> >> recipient(s))
>> >> is described here, with a .NET flavour:
>> >>
>> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
>> >>
>> >> - Mitch Gallant
>> >>    MVP Security
>> >>
>> >> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message
>> >> news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
>> >> > Not sure I understand you completely.  If I read the post correctly,
>> >> > he
>> >> > wants to encrypt some data on the client and send to some server.
>> >> > The
>> >> > server will have the private key to decrypt the key and iv.  This is
>> >> > a
>> >> > normal way to do this type of thing.  If he wants other, then need
>> >> > some
>> >> > more
>> >> > detail.  Cheers.
>> >> >
>> >> > --
>> >> > William Stacey, MVP
>> >> > http://mvp.support.microsoft.com
>> >> >
>> >> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
>> >> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
>> >> > > Hi William,
>> >> > > if encrypt the simmetric-key with rsa public-key means that the
>> >> > > customer
>> >> > > must have the private-key for the decrypt!
>> >> > >
>> >> > > this goes well in the normal documents (generic data) but *not*
>> >> > > for
>> >> > > the
>> >> > > applications (absolutely no!) why is possible to gain the
>> >> > > public-key
>> >> > > from
>> >> > > that private-key!
>> >> > >
>> >> > > in the software applications (as an example in the generation of a
>> >> > > serial
>> >> > > number) it must be used rsa to the contrary. encrypt with the
>> >> > > private
>> >> > > key
>> >> > > and decrypt with that public-key. in this way I have only the
>> >> > > certainty
>> >> > that
>> >> > > is *not possible* to make a keygen why the private-key lacks!
>> >> > >
>> >> > > best regards,
>> >> > > Marcello
>> >> > > www.cantelmosoftware.com
>> >> > >
>> >> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel
>> >> > > messaggio
>> >> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
>> >> > > >I would not break into pieces to do rsa encryption.  Just use
>> >> > > >Rijndael
>> >> > > > encryption.   Use something like so:
>> >> > > >
>> >> > > > public class Doc
>> >> > > > {
>> >> > > >     public byte[] Key;
>> >> > > >     public byte[] IV;
>> >> > > >     public byte[] Data
>> >> > > > }
>> >> > > >
>> >> > > > Then just create a Rijndael object that will have a new random
>> >> > > > key
>> >> > > > and
>> >> > iv.
>> >> > > > Encrypt your all your data using rij (say maybe an xml doc with
>> >> > > > all
>> >> > > > your
>> >> > > > textbox fields as elements) and store in Data.  Then encrypt
>> >> > > > your
>> >> > > > key
>> >> > and
>> >> > > > iv
>> >> > > > using the public RSA key.  Then just serialize the Doc class
>> >> > > > above
>> >> > > > using
>> >> > > > XmlSerializer into an Xml string and send to the receiver.
>> >> > > > Receiver
>> >> > does
>> >> > > > the reverse to get the data.  No clear encryption key stored
>> >> > > > anywhere
>> >> > and
>> >> > > > each new run will have different key and iv.  hth.
>> >> > > >
>> >> > > > --
>> >> > > > William Stacey, MVP
>> >> > > > http://mvp.support.microsoft.com
>> >> > > >
>> >> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in
>> >> > > > message
>> >> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
>> >> > > >>
>> >> > > >>    March 18, 2005
>> >> > > >>
>> >> > > >>      Thanks! I have looked for a very long time for those byte
>> >> > > >> length
>> >> > > >> numbers! One problem though. :(  If I am right,
>> >> > > > Encoding.Unicode.Getbytes()
>> >> > > >> converts each character to two bytes.  That means that I cannot
>> >> > > >> evenly
>> >> > > > feed
>> >> > > >> the bytes to RSA without splitting characters. Will this be a
>> >> > > >> problem,
>> >> > > >> and
>> >> > > > am
>> >> > > >> I right that .GetBytes() converts chars to two bytes? Also do
>> >> > > >> you
>> >> > > >> know
>> >> > of
>> >> > > > a
>> >> > > >> way to split the UnEncrypted() byte array into blocks of 127?
>> >> > > >> Right
>> >> > now,
>> >> > > >> I
>> >> > > >> have tried to input the message into a stringreader and then
>> >> > > >> read
>> >> > > >> back
>> >> > > > blocks
>> >> > > >> of 50 chars at a time. I then convert the block of chars to
>> >> > > >> bytes
>> >> > > >> and
>> >> > > >> feed
>> >> > > >> the block of bytes to the encryptor. This works, but I for some
>> >> > > >> reason
>> >> > > > cannot
>> >> > > >> decrypt it. (I just realized that I encrypted using the private
>> >> > > >> key and
>> >> > > > then
>> >> > > >> decrypted using the private key. Do I have to create another
>> >> > > >> rsa
>> >> > > >> object
>> >> > > > with
>> >> > > >> JUST the public key, or can I decrypt using the same RSA since
>> >> > > >> it
>> >> > > >> has
>> >> > > >> both
>> >> > > >> the private and public key?) I guess I am just really confused
>> >> > > >> and
>> >> > > >> I
>> >> > > > Really
>> >> > > >> Appreciate your help!
>> >> > > >>
>> >> > > >>
>> >> > > >>                          Joseph MCAD
>> >> > > >>
>> >> > > >>
>> >> > > >>
>> >> > > >> "Cantelmo Software" wrote:
>> >> > > >>
>> >> > > >> > Hi Joseph MCAD,
>> >> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding.
>> >> > > >> > output
>> >> > is
>> >> > > >> > always 128 byte
>> >> > > >> >
>> >> > > >> > other details:
>> >> > > >> >
>> >> > > >
>> >> >
>> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityCryptographyRSACryptoServiceProviderClassEncryptTopic.asp
>> >> > > >> >
>> >> > > >> > HTH
>> >> > > >> > Marcello
>> >> > > >> > www.cantelmosoftware.com
>> >> > > >> >
>> >> > > >> > try my Goliath.NET obfuscator (pre-release version) & send me
>> >> > > >> > your
>> >> > > > opinion
>> >> > > >> > ;-)
>> >> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
>> >> > > >> >
>> >> > > >> >
>> >> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha
>> >> > > >> > scritto
>> >> > > >> > nel
>> >> > > >> > messaggio
>> >> > > >> > news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
>> >> > > >> > >
>> >> > > >> > > March 18, 2005
>> >> > > >> > >
>> >> > > >> > >     I am trying to encrypt messages typed in a textbox by
>> >> > encrypting
>> >> > > > them
>> >> > > >> > > using RSACryptoServiceProvider. If the text is shorter than
>> >> > > >> > > about
>> >> > 1/2
>> >> > > > a
>> >> > > >> > > sentence, then it works fine. If it is longer, say: "This
>> >> > > >> > > is
>> >> > > >> > > my
>> >> > > > message.
>> >> > > >> > > It
>> >> > > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes,
>> >> > > >> > > False)
>> >> > > > fails
>> >> > > >> > > with
>> >> > > >> > > "Bad Length". I know that RSA is usually used for
>> >> > > >> > > encrypting
>> >> > > >> > > small
>> >> > > > amounts
>> >> > > >> > > of
>> >> > > >> > > data, such as symmetric keys, but all the examples I have
>> >> > > >> > > seen
>> >> > > >> > > haven't
>> >> > > >> > > mention this. Even Microsoft's Training Kit for their
>> >> > > >> > > Microsoft
>> >> > > > Certified
>> >> > > >> > > Professional Exam 70-330 (Implementing Application
>> >> > > >> > > Security)
>> >> > > >> > > asks
>> >> > you
>> >> > > > to
>> >> > > >> > > build a program that encrypts entire files using RSA. Can
>> >> > > >> > > anyone
>> >> > > > provide a
>> >> > > >> > > definite answer as to whether I can use RSA for what I am
>> >> > > >> > > doing?
>> >> > > > Thanks a
>> >> > > >> > > lot
>> >> > > >> > > for any response, as I have worked about 10 hours on this!
>> >> > > >> > >
>> >> > > >> > > dim message as string = "A longer string than an encryption
>> >> > > >> > > key.......MessageText"
>> >> > > >> > > dim unencryptedbytes() as byte =
>> >> > > >> > > encoding.unicode.getbytes(message)
>> >> > > >> > > dim RSA as new RSACryptoServiceProvider()
>> >> > > >> > > RSA.FromXMLString(MyPrivateKey)
>> >> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes,
>> >> > > >> > > false)
>> >> > > >> > > 'Errors
>> >> > > >> > > here
>> >> > > >> > >
>> >> > > >> > >
>> >> > > >> > > Joseph MCAD
>> >> > > >> > >
>> >> > > >> > >
>> >> > > >> >
>> >> > > >> >
>> >> > > >> >
>> >> > > >
>> >> > >
>> >> > >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

"Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote in message news:uFIcAuMLFHA.3064@TK2MSFTNGP12.phx.gbl...
> CAPICOM is extremely easy to use in .NET.  Just install and register it and
> create an interop assembly for it with tlbimp.exe or by setting a COM
> reference to it in VS.NET.  Then, you just program like a typical .NET
> object.  Mitch probably has some samples on his website.
>
> Without knowing more about what you are trying to do, I'd suggest using some
> kind of centralized public directory for publishing public certificates if
> you really want to use RSA.  Active Directory/LDAP is the standard way to do
> this in Windows shops.  You could potentially implement some sort of a query
> mechanism to ask a recipient for their certificate as well.  If you want to
> use CAPICOM, you really need the certificate, not just the public key.
>
> Best of luck,
>
> Joe K.
>
> "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> news:E3764B73-D554-402F-BCDC-0EFA7AE2AFD0@microsoft.com...
> >
> >   March 19, 2005
> >
> >     That makes a lot more sense. I didn't quite understand it at first
> > when
> > William Stancey suggested it. I won't be able to use CAPICOM, because I am
> > not familiar with marshalling in COM Interop. (If it was as simple as
> > referencing CAPICOM and then calling the classes as if they were .Net
> > Managed, then I could.) I suppose that I could expose the public key on
> > each
> > computer by using .Net Remoting. (XML Web Services are out of the
> > question,
> > because IIS isn't installed on all of the computers.) Then when a user
> > wants
> > to send a message to another computer, the sender can query the other
> > computer for its public key. If the computer does not return its public
> > key,
> > then I can notify the user right then that the computer might be turned
> > off.
> > The user can then save his message to a file (encrypted with the symmetric
> > key) with the symmetric key embedded in the file and encrypted using the
> > public key of the user's computer. Then when the user tries to send it
> > again,
> > he/she can query for the other computer public key again (and if that
> > succeeds), then open the file, decrypt it with the user's private key, and
> > then encrypt it with the other public key. Then the message can be sent. I
> > hope this makes sense and I am more than open to all suggestions and
> > comments! All of you are really helping me out!
> >
> >
> >             Thanks again!
> >
> >             Joseph MCAD
> >
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >
> >> Hi Joseph,
> >>
> >> The typical way of doing what you want to do is to generate a PKCS#7
> >> enveloped data message like Mitch suggested.
> >>
> >> Essentially, it does exactly what you want.  It bulk encrypts a message
> >> using a symmetric cipher (3DES, AES, etc.) and a randomly generated
> >> session
> >> key.  Then, it encrypts the session key with the public key of each
> >> recipient of the message based on the key in their public certificate.
> >> Then, the enveloped data structure (in PKCS#7 format) is created which
> >> contains the encrypted data, information about the algorithm used, and a
> >> copy of the encrypted session key with information describing which
> >> certificate was used to encrypt it.  Then, any recipient of the message
> >> who
> >> has the correct private key for his certificate can decrypt the session
> >> key
> >> and recover the original message.
> >>
> >> This is essentially how S/MIME email encryption works using certificates.
> >> It does require that you have the public certificate for each of your
> >> message recipients though.
> >>
> >> The problem is that .NET 1.1 doesn't have good support for creating
> >> enveloped data messages.  In order to do this easily, COM interop to
> >> CAPICOM
> >> is the path of least resistance.  It has a nice EnvelopedData class that
> >> works ok.  It is also possible to do this with p/invoke to the CAPI API,
> >> but
> >> that is vastly more painful.  Mitch's website has samples though.  .NET
> >> 2.0
> >> fixes this.
> >>
> >> What you really don't want to do is try to invent your own secure key
> >> exchange protocol.  These things are notoriously hard to do well.
> >>
> >> And remember, anyone demonstrating a bulk encryption approach using just
> >> RSA
> >> is wrong.  It is specifically not designed for that.  RSA is for
> >> encrypting
> >> very tiny amounts of data (bulk encryption keys and hashes).
> >>
> >> I've over simplified in a few places, so if anyone wants to dress this up
> >> a
> >> bit, please feel free.
> >>
> >> Joe K.
> >>
> >> "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> >> news:AF912100-9386-46DA-9D6C-E2CDC327CB9A@microsoft.com...
> >> >
> >> >    March 19, 2005
> >> >
> >> >     Thanks for everyone's help! I realize that you can exchange
> >> > symmetric
> >> > keys with RSA and then send file to each other using the symmetric
> >> > algorithm.
> >> > I just wanted to make sure that you can't encrypt whole files using RSA
> >> > like
> >> > the examples I have seen. (The examples sure don't work when using long
> >> > strings! :-) ) Now that that is taken care of, I have another question.
> >> > :)
> >> > I
> >> > will try to make it clear. I have three computers (Computer A which has
> >> > the
> >> > symmetric key, Computer B, and Computer C) which have to send files or
> >> > messages amoungst themselves, and they have to use a symmetric key. To
> >> > initially send B and C the key from the central computer (Computer A) I
> >> > want
> >> > to use RSA to encrypt the key. I have to assume that everyone in the
> >> > universe
> >> > has the public key. This means I cannot encrypt the key with a private
> >> > key
> >> > on
> >> > A, because then everyone can decrypt the key with the public key and
> >> > have
> >> > the
> >> > symmetric key. This means that I will have to encrypt it with the
> >> > public
> >> > key,
> >> > and then have B and C have the private key to decrypt it. I don't trust
> >> > them
> >> > with the private key, however which creates the problem. What I am
> >> > thinking I
> >> > will do is this... I will have a unique key pair on each computer.
> >> > (KeyPair#1
> >> > on A, #2 on B, and #3 on C )
> >> >
> >> > Computer B & C                                             Computer A
> >> >            <<<------------------------------------------------
> >> > Step
> >> > 1
> >> >            ------------------------------------------------>>>
> >> > Step
> >> > 2
> >> >            <<<-----------------------------------------------
> >> > Step
> >> > 3
> >> >            <<<------------------------------------------->>>       Step
> >> > 4
> >> > Step 1: Send public key#1 to computer B or C
> >> > Step 2: Send public key#2 or #3 (depending on computer) encrypted with
> >> > public key#1
> >> > Step 3: Decrypt public key#2 or #3 with private key#1 and then send
> >> > symmetric key encrypted by public key#2 or #3
> >> > Step 4: Send messages or files using symmetric key
> >> >
> >> > This seems right to me. If all of you would just validate that I
> >> > understand
> >> > it right, I would greatly appreciate it and then I can start building
> >> > the
> >> > application!
> >> >
> >> >
> >> >                   Thanks again!
> >> >
> >> >                   Joseph MCAD
> >> >
> >> >
> >> > "Michel Gallant" wrote:
> >> >
> >> >> Typically ... RSA encryption is meant for encryption of small
> >> >> amounts of data (like secret symmetric keys).
> >> >> The related concept of enveloping (combination of bulk symmetric
> >> >> encryption of
> >> >> data, combined with RSA encryption of that secret symmetric keys to
> >> >> recipient(s))
> >> >> is described here, with a .NET flavour:
> >> >>
> >> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
> >> >>
> >> >> - Mitch Gallant
> >> >>    MVP Security
> >> >>
> >> >> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message
> >> >> news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
> >> >> > Not sure I understand you completely.  If I read the post correctly,
> >> >> > he
> >> >> > wants to encrypt some data on the client and send to some server.
> >> >> > The
> >> >> > server will have the private key to decrypt the key and iv.  This is
> >> >> > a
> >> >> > normal way to do this type of thing.  If he wants other, then need
> >> >> > some
> >> >> > more
> >> >> > detail.  Cheers.
> >> >> >
> >> >> > --
> >> >> > William Stacey, MVP
> >> >> > http://mvp.support.microsoft.com
> >> >> >
> >> >> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
> >> >> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
> >> >> > > Hi William,
> >> >> > > if encrypt the simmetric-key with rsa public-key means that the
> >> >> > > customer
> >> >> > > must have the private-key for the decrypt!
> >> >> > >
> >> >> > > this goes well in the normal documents (generic data) but *not*
> >> >> > > for
> >> >> > > the
> >> >> > > applications (absolutely no!) why is possible to gain the
> >> >> > > public-key
> >> >> > > from
> >> >> > > that private-key!
> >> >> > >
> >> >> > > in the software applications (as an example in the generation of a
> >> >> > > serial
> >> >> > > number) it must be used rsa to the contrary. encrypt with the
> >> >> > > private
> >> >> > > key
> >> >> > > and decrypt with that public-key. in this way I have only the
> >> >> > > certainty
> >> >> > that
> >> >> > > is *not possible* to make a keygen why the private-key lacks!
> >> >> > >
> >> >> > > best regards,
> >> >> > > Marcello
> >> >> > > www.cantelmosoftware.com
> >> >> > >
> >> >> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel
> >> >> > > messaggio
> >> >> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
> >> >> > > >I would not break into pieces to do rsa encryption.  Just use
> >> >> > > >Rijndael
> >> >> > > > encryption.   Use something like so:
> >> >> > > >
> >> >> > > > public class Doc
> >> >> > > > {
> >> >> > > >     public byte[] Key;
> >> >> > > >     public byte[] IV;
> >> >> > > >     public byte[] Data
> >> >> > > > }
> >> >> > > >
> >> >> > > > Then just create a Rijndael object that will have a new random
> >> >> > > > key
> >> >> > > > and
> >> >> > iv.
> >> >> > > > Encrypt your all your data using rij (say maybe an xml doc with
> >> >> > > > all
> >> >> > > > your
> >> >> > > > textbox fields as elements) and store in Data.  Then encrypt
> >> >> > > > your
> >> >> > > > key
> >> >> > and
> >> >> > > > iv
> >> >> > > > using the public RSA key.  Then just serialize the Doc class
> >> >> > > > above
> >> >> > > > using
> >> >> > > > XmlSerializer into an Xml string and send to the receiver.
> >> >> > > > Receiver
> >> >> > does
> >> >> > > > the reverse to get the data.  No clear encryption key stored
> >> >> > > > anywhere
> >> >> > and
> >> >> > > > each new run will have different key and iv.  hth.
> >> >> > > >
> >> >> > > > --
> >> >> > > > William Stacey, MVP
> >> >> > > > http://mvp.support.microsoft.com
> >> >> > > >
> >> >> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in
> >> >> > > > message
> >> >> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
> >> >> > > >>
> >> >> > > >>    March 18, 2005
> >> >> > > >>
> >> >> > > >>      Thanks! I have looked for a very long time for those byte
> >> >> > > >> length
> >> >> > > >> numbers! One problem though. :(  If I am right,
> >> >> > > > Encoding.Unicode.Getbytes()
> >> >> > > >> converts each character to two bytes.  That means that I cannot
> >> >> > > >> evenly
> >> >> > > > feed
> >> >> > > >> the bytes to RSA without splitting characters. Will this be a
> >> >> > > >> problem,
> >> >> > > >> and
> >> >> > > > am
> >> >> > > >> I right that .GetBytes() converts chars to two bytes? Also do
> >> >> > > >> you
> >> >> > > >> know
> >> >> > of
> >> >> > > > a
> >> >> > > >> way to split the UnEncrypted() byte array into blocks of 127?
> >> >> > > >> Right
> >> >> > now,
> >> >> > > >> I
> >> >> > > >> have tried to input the message into a stringreader and then
> >> >> > > >> read
> >> >> > > >> back
> >> >> > > > blocks
> >> >> > > >> of 50 chars at a time. I then convert the block of chars to
> >> >> > > >> bytes
> >> >> > > >> and
> >> >> > > >> feed
> >> >> > > >> the block of bytes to the encryptor. This works, but I for some
> >> >> > > >> reason
> >> >> > > > cannot
> >> >> > > >> decrypt it. (I just realized that I encrypted using the private
> >> >> > > >> key and
> >> >> > > > then
> >> >> > > >> decrypted using the private key. Do I have to create another
> >> >> > > >> rsa
> >> >> > > >> object
> >> >> > > > with
> >> >> > > >> JUST the public key, or can I decrypt using the same RSA since
> >> >> > > >> it
> >> >> > > >> has
> >> >> > > >> both
> >> >> > > >> the private and public key?) I guess I am just really confused
> >> >> > > >> and
> >> >> > > >> I
> >> >> > > > Really
> >> >> > > >> Appreciate your help!
> >> >> > > >>
> >> >> > > >>
> >> >> > > >>                          Joseph MCAD
> >> >> > > >>
> >> >> > > >>
> >> >> > > >>
> >> >> > > >> "Cantelmo Software" wrote:
> >> >> > > >>
> >> >> > > >> > Hi Joseph MCAD,
> >> >> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding.
> >> >> > > >> > output
> >> >> > is
> >> >> > > >> > always 128 byte
> >> >> > > >> >
> >> >> > > >> > other details:
> >> >> > > >> >
> >> >> > > >
> >> >> >
> >> >>

> >> >> > > >> >
> >> >> > > >> > HTH
> >> >> > > >> > Marcello
> >> >> > > >> > www.cantelmosoftware.com
> >> >> > > >> >
> >> >> > > >> > try my Goliath.NET obfuscator (pre-release version) & send me
> >> >> > > >> > your
> >> >> > > > opinion
> >> >> > > >> > ;-)
> >> >> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
> >> >> > > >> >
> >> >> > > >> >
> >> >> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha
> >> >> > > >> > scritto
> >> >> > > >> > nel
> >> >> > > >> > messaggio
> >> >> > > >> > news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
> >> >> > > >> > >
> >> >> > > >> > > March 18, 2005
> >> >> > > >> > >
> >> >> > > >> > >     I am trying to encrypt messages typed in a textbox by
> >> >> > encrypting
> >> >> > > > them
> >> >> > > >> > > using RSACryptoServiceProvider. If the text is shorter than
> >> >> > > >> > > about
> >> >> > 1/2
> >> >> > > > a
> >> >> > > >> > > sentence, then it works fine. If it is longer, say: "This
> >> >> > > >> > > is
> >> >> > > >> > > my
> >> >> > > > message.
> >> >> > > >> > > It
> >> >> > > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes,
> >> >> > > >> > > False)
> >> >> > > > fails
> >> >> > > >> > > with
> >> >> > > >> > > "Bad Length". I know that RSA is usually used for
> >> >> > > >> > > encrypting
> >> >> > > >> > > small
> >> >> > > > amounts
> >> >> > > >> > > of
> >> >> > > >> > > data, such as symmetric keys, but all the examples I have
> >> >> > > >> > > seen
> >> >> > > >> > > haven't
> >> >> > > >> > > mention this. Even Microsoft's Training Kit for their
> >> >> > > >> > > Microsoft
> >> >> > > > Certified
> >> >> > > >> > > Professional Exam 70-330 (Implementing Application
> >> >> > > >> > > Security)
> >> >> > > >> > > asks
> >> >> > you
> >> >> > > > to
> >> >> > > >> > > build a program that encrypts entire files using RSA. Can
> >> >> > > >> > > anyone
> >> >> > > > provide a
> >> >> > > >> > > definite answer as to whether I can use RSA for what I am
> >> >> > > >> > > doing?
> >> >> > > > Thanks a
> >> >> > > >> > > lot
> >> >> > > >> > > for any response, as I have worked about 10 hours on this!
> >> >> > > >> > >
> >> >> > > >> > > dim message as string = "A longer string than an encryption
> >> >> > > >> > > key.......MessageText"
> >> >> > > >> > > dim unencryptedbytes() as byte =
> >> >> > > >> > > encoding.unicode.getbytes(message)
> >> >> > > >> > > dim RSA as new RSACryptoServiceProvider()
> >> >> > > >> > > RSA.FromXMLString(MyPrivateKey)
> >> >> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes,
> >> >> > > >> > > false)
> >> >> > > >> > > 'Errors
> >> >> > > >> > > here
> >> >> > > >> > >
> >> >> > > >> > >
> >> >> > > >> > > Joseph MCAD
> >> >> > > >> > >
> >> >> > > >> > >
> >> >> > > >> >
> >> >> > > >> >
> >> >> > > >> >
> >> >> > > >
> >> >> > >
> >> >> > >
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>

"Michel Gallant" wrote:

> As Joe suggested, the following MSDN article was intended to do just that .. help out those
> wishing to interop from .NET with CAPICOM (and P/Invoke if necessary):
>    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/netcryptoapi.asp
> I'd suggest reading this article before trying to understand some of the
> more advanced techniques (either COM or Pinvoke) on my web site!
>
> CAPICOM really excels at facilitating searching for and using certificates in capi stores,
> and also in constructing and verifying various types of CMS/PKCS#7 encapsulations
> (SignedData, EnvelopedData .. and of course  Authenticode-based SignedCode!).
>
> Regarding installing and registering CAPICOM, the following web page uses the
> cab installer (from the CAPICOM 2.1.0.1 distribution) to make installing AND
> registering CAPICOM dead simple (no need to command-line register!):
>        http://www.jensign.com/capicom2install/
> The cab download is tiny (179 kb) and the automatic com registration doesn't
> even require you to reboot IE (if you are using CAPICOM scripting IE web page).
>
> - Mitch Gallant
>    JavaScience Consulting
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote in message news:uFIcAuMLFHA.3064@TK2MSFTNGP12.phx.gbl...
> > CAPICOM is extremely easy to use in .NET.  Just install and register it and
> > create an interop assembly for it with tlbimp.exe or by setting a COM
> > reference to it in VS.NET.  Then, you just program like a typical .NET
> > object.  Mitch probably has some samples on his website.
> >
> > Without knowing more about what you are trying to do, I'd suggest using some
> > kind of centralized public directory for publishing public certificates if
> > you really want to use RSA.  Active Directory/LDAP is the standard way to do
> > this in Windows shops.  You could potentially implement some sort of a query
> > mechanism to ask a recipient for their certificate as well.  If you want to
> > use CAPICOM, you really need the certificate, not just the public key.
> >
> > Best of luck,
> >
> > Joe K.
> >
> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> > news:E3764B73-D554-402F-BCDC-0EFA7AE2AFD0@microsoft.com...
> > >
> > >   March 19, 2005
> > >
> > >     That makes a lot more sense. I didn't quite understand it at first
> > > when
> > > William Stancey suggested it. I won't be able to use CAPICOM, because I am
> > > not familiar with marshalling in COM Interop. (If it was as simple as
> > > referencing CAPICOM and then calling the classes as if they were .Net
> > > Managed, then I could.) I suppose that I could expose the public key on
> > > each
> > > computer by using .Net Remoting. (XML Web Services are out of the
> > > question,
> > > because IIS isn't installed on all of the computers.) Then when a user
> > > wants
> > > to send a message to another computer, the sender can query the other
> > > computer for its public key. If the computer does not return its public
> > > key,
> > > then I can notify the user right then that the computer might be turned
> > > off.
> > > The user can then save his message to a file (encrypted with the symmetric
> > > key) with the symmetric key embedded in the file and encrypted using the
> > > public key of the user's computer. Then when the user tries to send it
> > > again,
> > > he/she can query for the other computer public key again (and if that
> > > succeeds), then open the file, decrypt it with the user's private key, and
> > > then encrypt it with the other public key. Then the message can be sent. I
> > > hope this makes sense and I am more than open to all suggestions and
> > > comments! All of you are really helping me out!
> > >
> > >
> > >             Thanks again!
> > >
> > >             Joseph MCAD
> > >
> > >
> > > "Joe Kaplan (MVP - ADSI)" wrote:
> > >
> > >> Hi Joseph,
> > >>
> > >> The typical way of doing what you want to do is to generate a PKCS#7
> > >> enveloped data message like Mitch suggested.
> > >>
> > >> Essentially, it does exactly what you want.  It bulk encrypts a message
> > >> using a symmetric cipher (3DES, AES, etc.) and a randomly generated
> > >> session
> > >> key.  Then, it encrypts the session key with the public key of each
> > >> recipient of the message based on the key in their public certificate.
> > >> Then, the enveloped data structure (in PKCS#7 format) is created which
> > >> contains the encrypted data, information about the algorithm used, and a
> > >> copy of the encrypted session key with information describing which
> > >> certificate was used to encrypt it.  Then, any recipient of the message
> > >> who
> > >> has the correct private key for his certificate can decrypt the session
> > >> key
> > >> and recover the original message.
> > >>
> > >> This is essentially how S/MIME email encryption works using certificates.
> > >> It does require that you have the public certificate for each of your
> > >> message recipients though.
> > >>
> > >> The problem is that .NET 1.1 doesn't have good support for creating
> > >> enveloped data messages.  In order to do this easily, COM interop to
> > >> CAPICOM
> > >> is the path of least resistance.  It has a nice EnvelopedData class that
> > >> works ok.  It is also possible to do this with p/invoke to the CAPI API,
> > >> but
> > >> that is vastly more painful.  Mitch's website has samples though.  .NET
> > >> 2.0
> > >> fixes this.
> > >>
> > >> What you really don't want to do is try to invent your own secure key
> > >> exchange protocol.  These things are notoriously hard to do well.
> > >>
> > >> And remember, anyone demonstrating a bulk encryption approach using just
> > >> RSA
> > >> is wrong.  It is specifically not designed for that.  RSA is for
> > >> encrypting
> > >> very tiny amounts of data (bulk encryption keys and hashes).
> > >>
> > >> I've over simplified in a few places, so if anyone wants to dress this up
> > >> a
> > >> bit, please feel free.
> > >>
> > >> Joe K.
> > >>
> > >> "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> > >> news:AF912100-9386-46DA-9D6C-E2CDC327CB9A@microsoft.com...
> > >> >
> > >> >    March 19, 2005
> > >> >
> > >> >     Thanks for everyone's help! I realize that you can exchange
> > >> > symmetric
> > >> > keys with RSA and then send file to each other using the symmetric
> > >> > algorithm.
> > >> > I just wanted to make sure that you can't encrypt whole files using RSA
> > >> > like
> > >> > the examples I have seen. (The examples sure don't work when using long
> > >> > strings! :-) ) Now that that is taken care of, I have another question.
> > >> > :)
> > >> > I
> > >> > will try to make it clear. I have three computers (Computer A which has
> > >> > the
> > >> > symmetric key, Computer B, and Computer C) which have to send files or
> > >> > messages amoungst themselves, and they have to use a symmetric key. To
> > >> > initially send B and C the key from the central computer (Computer A) I
> > >> > want
> > >> > to use RSA to encrypt the key. I have to assume that everyone in the
> > >> > universe
> > >> > has the public key. This means I cannot encrypt the key with a private
> > >> > key
> > >> > on
> > >> > A, because then everyone can decrypt the key with the public key and
> > >> > have
> > >> > the
> > >> > symmetric key. This means that I will have to encrypt it with the
> > >> > public
> > >> > key,
> > >> > and then have B and C have the private key to decrypt it. I don't trust
> > >> > them
> > >> > with the private key, however which creates the problem. What I am
> > >> > thinking I
> > >> > will do is this... I will have a unique key pair on each computer.
> > >> > (KeyPair#1
> > >> > on A, #2 on B, and #3 on C )
> > >> >
> > >> > Computer B & C                                             Computer A
> > >> >            <<<------------------------------------------------
> > >> > Step
> > >> > 1
> > >> >            ------------------------------------------------>>>
> > >> > Step
> > >> > 2
> > >> >            <<<-----------------------------------------------
> > >> > Step
> > >> > 3
> > >> >            <<<------------------------------------------->>>       Step
> > >> > 4
> > >> > Step 1: Send public key#1 to computer B or C
> > >> > Step 2: Send public key#2 or #3 (depending on computer) encrypted with
> > >> > public key#1
> > >> > Step 3: Decrypt public key#2 or #3 with private key#1 and then send
> > >> > symmetric key encrypted by public key#2 or #3
> > >> > Step 4: Send messages or files using symmetric key
> > >> >
> > >> > This seems right to me. If all of you would just validate that I
> > >> > understand
> > >> > it right, I would greatly appreciate it and then I can start building
> > >> > the
> > >> > application!
> > >> >
> > >> >
> > >> >                   Thanks again!
> > >> >
> > >> >                   Joseph MCAD
> > >> >
> > >> >
> > >> > "Michel Gallant" wrote:
> > >> >
> > >> >> Typically ... RSA encryption is meant for encryption of small
> > >> >> amounts of data (like secret symmetric keys).
> > >> >> The related concept of enveloping (combination of bulk symmetric
> > >> >> encryption of
> > >> >> data, combined with RSA encryption of that secret symmetric keys to
> > >> >> recipient(s))
> > >> >> is described here, with a .NET flavour:
> > >> >>
> > >> >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html/encryptdecrypt2a.asp
> > >> >>
> > >> >> - Mitch Gallant
> > >> >>    MVP Security
> > >> >>
> > >> >> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message
> > >> >> news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
> > >> >> > Not sure I understand you completely.  If I read the post correctly,
> > >> >> > he
> > >> >> > wants to encrypt some data on the client and send to some server.
> > >> >> > The
> > >> >> > server will have the private key to decrypt the key and iv.  This is
> > >> >> > a
> > >> >> > normal way to do this type of thing.  If he wants other, then need
> > >> >> > some
> > >> >> > more
> > >> >> > detail.  Cheers.
> > >> >> >
> > >> >> > --
> > >> >> > William Stacey, MVP
> > >> >> > http://mvp.support.microsoft.com
> > >> >> >
> > >> >> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
> > >> >> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
> > >> >> > > Hi William,
> > >> >> > > if encrypt the simmetric-key with rsa public-key means that the
> > >> >> > > customer
> > >> >> > > must have the private-key for the decrypt!
> > >> >> > >
> > >> >> > > this goes well in the normal documents (generic data) but *not*
> > >> >> > > for
> > >> >> > > the
> > >> >> > > applications (absolutely no!) why is possible to gain the
> > >> >> > > public-key
> > >> >> > > from
> > >> >> > > that private-key!
> > >> >> > >
> > >> >> > > in the software applications (as an example in the generation of a
> > >> >> > > serial
> > >> >> > > number) it must be used rsa to the contrary. encrypt with the
> > >> >> > > private
> > >> >> > > key
> > >> >> > > and decrypt with that public-key. in this way I have only the
> > >> >> > > certainty
> > >> >> > that
> > >> >> > > is *not possible* to make a keygen why the private-key lacks!
> > >> >> > >
> > >> >> > > best regards,
> > >> >> > > Marcello
> > >> >> > > www.cantelmosoftware.com
> > >> >> > >
> > >> >> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel
> > >> >> > > messaggio
> > >> >> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
> > >> >> > > >I would not break into pieces to do rsa encryption.  Just use
> > >> >> > > >Rijndael
> > >> >> > > > encryption.   Use something like so:
> > >> >> > > >
> > >> >> > > > public class Doc
> > >> >> > > > {
> > >> >> > > >     public byte[] Key;
> > >> >> > > >     public byte[] IV;
> > >> >> > > >     public byte[] Data
> > >> >> > > > }
> > >> >> > > >
> > >> >> > > > Then just create a Rijndael object that will have a new random
> > >> >> > > > key
> > >> >> > > > and
> > >> >> > iv.
> > >> >> > > > Encrypt your all your data using rij (say maybe an xml doc with
> > >> >> > > > all
> > >> >> > > > your
> > >> >> > > > textbox fields as elements) and store in Data.  Then encrypt
> > >> >> > > > your
> > >> >> > > > key
> > >> >> > and
> > >> >> > > > iv
> > >> >> > > > using the public RSA key.  Then just serialize the Doc class
> > >> >> > > > above
> > >> >> > > > using
> > >> >> > > > XmlSerializer into an Xml string and send to the receiver.
> > >> >> > > > Receiver
> > >> >> > does
> > >> >> > > > the reverse to get the data.  No clear encryption key stored
> > >> >> > > > anywhere
> > >> >> > and
> > >> >> > > > each new run will have different key and iv.  hth.
> > >> >> > > >
> > >> >> > > > --
> > >> >> > > > William Stacey, MVP
> > >> >> > > > http://mvp.support.microsoft.com
> > >> >> > > >
> > >> >> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in
> > >> >> > > > message
> > >> >> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
> > >> >> > > >>
> > >> >> > > >>    March 18, 2005
> > >> >> > > >>
> > >> >> > > >>      Thanks! I have looked for a very long time for those byte
> > >> >> > > >> length
> > >> >> > > >> numbers! One problem though. :(  If I am right,
> > >> >> > > > Encoding.Unicode.Getbytes()
> > >> >> > > >> converts each character to two bytes.  That means that I cannot
> > >> >> > > >> evenly
> > >> >> > > > feed
> > >> >> > > >> the bytes to RSA without splitting characters. Will this be a
> > >> >> > > >> problem,
> > >> >> > > >> and
> > >> >> > > > am
> > >> >> > > >> I right that .GetBytes() converts chars to two bytes? Also do
> > >> >> > > >> you
> > >> >> > > >> know
> > >> >> > of
> > >> >> > > > a
> > >> >> > > >> way to split the UnEncrypted() byte array into blocks of 127?
> > >> >> > > >> Right
> > >> >> > now,
> > >> >> > > >> I
> > >> >> > > >> have tried to input the message into a stringreader and then
> > >> >> > > >> read
> > >> >> > > >> back
> > >> >> > > > blocks
> > >> >> > > >> of 50 chars at a time. I then convert the block of chars to
> > >> >> > > >> bytes
> > >> >> > > >> and
> > >> >> > > >> feed
> > >> >> > > >> the block of bytes to the encryptor. This works, but I for some
> > >> >> > > >> reason
> > >> >> > > > cannot
> > >> >> > > >> decrypt it. (I just realized that I encrypted using the private
> > >> >> > > >> key and
> > >> >> > > > then
> > >> >> > > >> decrypted using the private key. Do I have to create another
> > >> >> > > >> rsa
> > >> >> > > >> object
> > >> >> > > > with
> > >> >> > > >> JUST the public key, or can I decrypt using the same RSA since
> > >> >> > > >> it
> > >> >> > > >> has
> > >> >> > > >> both
> > >> >> > > >> the private and public key?) I guess I am just really confused
> > >> >> > > >> and
> > >> >> > > >> I
> > >> >> > > > Really
> > >> >> > > >> Appreciate your help!
> > >> >> > > >>
> > >> >> > > >>
> > >> >> > > >>                          Joseph MCAD
> > >> >> > > >>
> > >> >> > > >>
> > >> >> > > >>
> > >> >> > > >> "Cantelmo Software" wrote:
> > >> >> > > >>
> > >> >> > > >> > Hi Joseph MCAD,
> > >> >> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5 padding.
> > >> >> > > >> > output
> > >> >> > is
> > >> >> > > >> > always 128 byte
> > >> >> > > >> >
> > >> >> > > >> > other details:
> > >> >> > > >> >
> > >> >> > > >
> > >> >> >
> > >> >>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityCryptographyRSACryptoServiceProviderClassEncryptTopic.asp
> > >> >> > > >> >
> > >> >> > > >> > HTH
> > >> >> > > >> > Marcello
> > >> >> > > >> > www.cantelmosoftware.com
> > >> >> > > >> >
> > >> >> > > >> > try my Goliath.NET obfuscator (pre-release version) & send me
> > >> >> > > >> > your
> > >> >> > > > opinion
> > >> >> > > >> > ;-)
> > >> >> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
> > >> >> > > >> >
> > >> >> > > >> >
> > >> >> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha
> > >> >> > > >> > scritto
> > >> >> > > >> > nel
> > >> >> > > >> > messaggio
> > >> >> > > >> > news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
> > >> >> > > >> > >
> > >> >> > > >> > > March 18, 2005
> > >> >> > > >> > >
> > >> >> > > >> > >     I am trying to encrypt messages typed in a textbox by
> > >> >> > encrypting
> > >> >> > > > them
> > >> >> > > >> > > using RSACryptoServiceProvider. If the text is shorter than
> > >> >> > > >> > > about
> > >> >> > 1/2
> > >> >> > > > a
> > >> >> > > >> > > sentence, then it works fine. If it is longer, say: "This
> > >> >> > > >> > > is
> > >> >> > > >> > > my
> > >> >> > > > message.
> > >> >> > > >> > > It
> > >> >> > > >> > > is not very long, however.", then RSA.Encrypt(MessageBytes,
> > >> >> > > >> > > False)
> > >> >> > > > fails
> > >> >> > > >> > > with
> > >> >> > > >> > > "Bad Length". I know that RSA is usually used for
> > >> >> > > >> > > encrypting
> > >> >> > > >> > > small
> > >> >> > > > amounts
> > >> >> > > >> > > of
> > >> >> > > >> > > data, such as symmetric keys, but all the examples I have
> > >> >> > > >> > > seen
> > >> >> > > >> > > haven't
> > >> >> > > >> > > mention this. Even Microsoft's Training Kit for their
> > >> >> > > >> > > Microsoft
> > >> >> > > > Certified
> > >> >> > > >> > > Professional Exam 70-330 (Implementing Application
> > >> >> > > >> > > Security)
> > >> >> > > >> > > asks
> > >> >> > you
> > >> >> > > > to
> > >> >> > > >> > > build a program that encrypts entire files using RSA. Can
> > >> >> > > >> > > anyone
> > >> >> > > > provide a
> > >> >> > > >> > > definite answer as to whether I can use RSA for what I am
> > >> >> > > >> > > doing?
> > >> >> > > > Thanks a
> > >> >> > > >> > > lot
> > >> >> > > >> > > for any response, as I have worked about 10 hours on this!
> > >> >> > > >> > >
> > >> >> > > >> > > dim message as string = "A longer string than an encryption
> > >> >> > > >> > > key.......MessageText"
> > >> >> > > >> > > dim unencryptedbytes() as byte =
> > >> >> > > >> > > encoding.unicode.getbytes(message)
> > >> >> > > >> > > dim RSA as new RSACryptoServiceProvider()
> > >> >> > > >> > > RSA.FromXMLString(MyPrivateKey)
> > >> >> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes,
> > >> >> > > >> > > false)
> > >> >> > > >> > > 'Errors
> > >> >> > > >> > > here
> > >> >> > > >> > >
> > >> >> > > >> > >
> > >> >> > > >> > > Joseph MCAD
> > >> >> > > >> > >
> > >> >> > > >> > >
> > >> >> > > >> >
> > >> >> > > >> >
> > >> >> > > >> >
> > >> >> > > >
> > >> >> > >
> > >> >> > >
> > >> >> >
> > >> >>
> > >> >>
> > >> >>
> > >>
> > >>
> > >>
> >
> >
>
>
>

"Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
news:E3764B73-D554-402F-BCDC-0EFA7AE2AFD0@microsoft.com...
>
>    March 19, 2005
>
>      That makes a lot more sense. I didn't quite understand it at first
when
> William Stancey suggested it. I won't be able to use CAPICOM, because I am
> not familiar with marshalling in COM Interop. (If it was as simple as
> referencing CAPICOM and then calling the classes as if they were .Net
> Managed, then I could.) I suppose that I could expose the public key on
each
> computer by using .Net Remoting. (XML Web Services are out of the
question,
> because IIS isn't installed on all of the computers.) Then when a user
wants
> to send a message to another computer, the sender can query the other
> computer for its public key. If the computer does not return its public
key,
> then I can notify the user right then that the computer might be turned
off.
> The user can then save his message to a file (encrypted with the symmetric
> key) with the symmetric key embedded in the file and encrypted using the
> public key of the user's computer. Then when the user tries to send it
again,
> he/she can query for the other computer public key again (and if that
> succeeds), then open the file, decrypt it with the user's private key, and
> then encrypt it with the other public key. Then the message can be sent. I
> hope this makes sense and I am more than open to all suggestions and
> comments! All of you are really helping me out!
>
>
>              Thanks again!
>
>              Joseph MCAD
>
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
> > Hi Joseph,
> >
> > The typical way of doing what you want to do is to generate a PKCS#7
> > enveloped data message like Mitch suggested.
> >
> > Essentially, it does exactly what you want.  It bulk encrypts a message
> > using a symmetric cipher (3DES, AES, etc.) and a randomly generated
session
> > key.  Then, it encrypts the session key with the public key of each
> > recipient of the message based on the key in their public certificate.
> > Then, the enveloped data structure (in PKCS#7 format) is created which
> > contains the encrypted data, information about the algorithm used, and a
> > copy of the encrypted session key with information describing which
> > certificate was used to encrypt it.  Then, any recipient of the message
who
> > has the correct private key for his certificate can decrypt the session
key
> > and recover the original message.
> >
> > This is essentially how S/MIME email encryption works using
certificates.
> > It does require that you have the public certificate for each of your
> > message recipients though.
> >
> > The problem is that .NET 1.1 doesn't have good support for creating
> > enveloped data messages.  In order to do this easily, COM interop to
CAPICOM
> > is the path of least resistance.  It has a nice EnvelopedData class that
> > works ok.  It is also possible to do this with p/invoke to the CAPI API,
but
> > that is vastly more painful.  Mitch's website has samples though.  .NET
2.0
> > fixes this.
> >
> > What you really don't want to do is try to invent your own secure key
> > exchange protocol.  These things are notoriously hard to do well.
> >
> > And remember, anyone demonstrating a bulk encryption approach using just
RSA
> > is wrong.  It is specifically not designed for that.  RSA is for
encrypting
> > very tiny amounts of data (bulk encryption keys and hashes).
> >
> > I've over simplified in a few places, so if anyone wants to dress this
up a
> > bit, please feel free.
> >
> > Joe K.
> >
> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in message
> > news:AF912100-9386-46DA-9D6C-E2CDC327CB9A@microsoft.com...
> > >
> > >    March 19, 2005
> > >
> > >     Thanks for everyone's help! I realize that you can exchange
symmetric
> > > keys with RSA and then send file to each other using the symmetric
> > > algorithm.
> > > I just wanted to make sure that you can't encrypt whole files using
RSA
> > > like
> > > the examples I have seen. (The examples sure don't work when using
long
> > > strings! :-) ) Now that that is taken care of, I have another
question. :)
> > > I
> > > will try to make it clear. I have three computers (Computer A which
has
> > > the
> > > symmetric key, Computer B, and Computer C) which have to send files or
> > > messages amoungst themselves, and they have to use a symmetric key. To
> > > initially send B and C the key from the central computer (Computer A)
I
> > > want
> > > to use RSA to encrypt the key. I have to assume that everyone in the
> > > universe
> > > has the public key. This means I cannot encrypt the key with a private
key
> > > on
> > > A, because then everyone can decrypt the key with the public key and
have
> > > the
> > > symmetric key. This means that I will have to encrypt it with the
public
> > > key,
> > > and then have B and C have the private key to decrypt it. I don't
trust
> > > them
> > > with the private key, however which creates the problem. What I am
> > > thinking I
> > > will do is this... I will have a unique key pair on each computer.
> > > (KeyPair#1
> > > on A, #2 on B, and #3 on C )
> > >
> > > Computer B & C                                             Computer A
> > >            <<<------------------------------------------------
Step
> > > 1
> > >            ------------------------------------------------>>>
Step
> > > 2
> > >            <<<-----------------------------------------------
Step
> > > 3
> > >            <<<------------------------------------------->>>
Step 4
> > > Step 1: Send public key#1 to computer B or C
> > > Step 2: Send public key#2 or #3 (depending on computer) encrypted with
> > > public key#1
> > > Step 3: Decrypt public key#2 or #3 with private key#1 and then send
> > > symmetric key encrypted by public key#2 or #3
> > > Step 4: Send messages or files using symmetric key
> > >
> > > This seems right to me. If all of you would just validate that I
> > > understand
> > > it right, I would greatly appreciate it and then I can start building
the
> > > application!
> > >
> > >
> > >                   Thanks again!
> > >
> > >                   Joseph MCAD
> > >
> > >
> > > "Michel Gallant" wrote:
> > >
> > >> Typically ... RSA encryption is meant for encryption of small
> > >> amounts of data (like secret symmetric keys).
> > >> The related concept of enveloping (combination of bulk symmetric
> > >> encryption of
> > >> data, combined with RSA encryption of that secret symmetric keys to
> > >> recipient(s))
> > >> is described here, with a .NET flavour:
> > >>
> > >>

> > >>
> > >> - Mitch Gallant
> > >>    MVP Security
> > >>
> > >> "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message
> > >> news:u3c9OaGLFHA.1476@TK2MSFTNGP09.phx.gbl...
> > >> > Not sure I understand you completely.  If I read the post
correctly, he
> > >> > wants to encrypt some data on the client and send to some server.
The
> > >> > server will have the private key to decrypt the key and iv.  This
is a
> > >> > normal way to do this type of thing.  If he wants other, then need
some
> > >> > more
> > >> > detail.  Cheers.
> > >> >
> > >> > --
> > >> > William Stacey, MVP
> > >> > http://mvp.support.microsoft.com
> > >> >
> > >> > "Cantelmo Software" <i***@cantelmosoftware.com> wrote in message
> > >> > news:uf7sKEGLFHA.3420@tk2msftngp13.phx.gbl...
> > >> > > Hi William,
> > >> > > if encrypt the simmetric-key with rsa public-key means that the
> > >> > > customer
> > >> > > must have the private-key for the decrypt!
> > >> > >
> > >> > > this goes well in the normal documents (generic data) but *not*
for
> > >> > > the
> > >> > > applications (absolutely no!) why is possible to gain the
public-key
> > >> > > from
> > >> > > that private-key!
> > >> > >
> > >> > > in the software applications (as an example in the generation of
a
> > >> > > serial
> > >> > > number) it must be used rsa to the contrary. encrypt with the
private
> > >> > > key
> > >> > > and decrypt with that public-key. in this way I have only the
> > >> > > certainty
> > >> > that
> > >> > > is *not possible* to make a keygen why the private-key lacks!
> > >> > >
> > >> > > best regards,
> > >> > > Marcello
> > >> > > www.cantelmosoftware.com
> > >> > >
> > >> > > "William Stacey [MVP]" <staceywREM***@mvps.org> ha scritto nel
> > >> > > messaggio
> > >> > > news:uE7xfNCLFHA.2604@TK2MSFTNGP10.phx.gbl...
> > >> > > >I would not break into pieces to do rsa encryption.  Just use
> > >> > > >Rijndael
> > >> > > > encryption.   Use something like so:
> > >> > > >
> > >> > > > public class Doc
> > >> > > > {
> > >> > > >     public byte[] Key;
> > >> > > >     public byte[] IV;
> > >> > > >     public byte[] Data
> > >> > > > }
> > >> > > >
> > >> > > > Then just create a Rijndael object that will have a new random
key
> > >> > > > and
> > >> > iv.
> > >> > > > Encrypt your all your data using rij (say maybe an xml doc with
all
> > >> > > > your
> > >> > > > textbox fields as elements) and store in Data.  Then encrypt
your
> > >> > > > key
> > >> > and
> > >> > > > iv
> > >> > > > using the public RSA key.  Then just serialize the Doc class
above
> > >> > > > using
> > >> > > > XmlSerializer into an Xml string and send to the receiver.
> > >> > > > Receiver
> > >> > does
> > >> > > > the reverse to get the data.  No clear encryption key stored
> > >> > > > anywhere
> > >> > and
> > >> > > > each new run will have different key and iv.  hth.
> > >> > > >
> > >> > > > --
> > >> > > > William Stacey, MVP
> > >> > > > http://mvp.support.microsoft.com
> > >> > > >
> > >> > > > "Joseph MCAD" <JosephM***@discussions.microsoft.com> wrote in
> > >> > > > message
> > >> > > > news:5E4D3B47-B809-43A3-A8AC-D7E461BB5E61@microsoft.com...
> > >> > > >>
> > >> > > >>    March 18, 2005
> > >> > > >>
> > >> > > >>      Thanks! I have looked for a very long time for those byte
> > >> > > >> length
> > >> > > >> numbers! One problem though. :(  If I am right,
> > >> > > > Encoding.Unicode.Getbytes()
> > >> > > >> converts each character to two bytes.  That means that I
cannot
> > >> > > >> evenly
> > >> > > > feed
> > >> > > >> the bytes to RSA without splitting characters. Will this be a
> > >> > > >> problem,
> > >> > > >> and
> > >> > > > am
> > >> > > >> I right that .GetBytes() converts chars to two bytes? Also do
you
> > >> > > >> know
> > >> > of
> > >> > > > a
> > >> > > >> way to split the UnEncrypted() byte array into blocks of 127?
> > >> > > >> Right
> > >> > now,
> > >> > > >> I
> > >> > > >> have tried to input the message into a stringreader and then
read
> > >> > > >> back
> > >> > > > blocks
> > >> > > >> of 50 chars at a time. I then convert the block of chars to
bytes
> > >> > > >> and
> > >> > > >> feed
> > >> > > >> the block of bytes to the encryptor. This works, but I for
some
> > >> > > >> reason
> > >> > > > cannot
> > >> > > >> decrypt it. (I just realized that I encrypted using the
private
> > >> > > >> key and
> > >> > > > then
> > >> > > >> decrypted using the private key. Do I have to create another
rsa
> > >> > > >> object
> > >> > > > with
> > >> > > >> JUST the public key, or can I decrypt using the same RSA since
it
> > >> > > >> has
> > >> > > >> both
> > >> > > >> the private and public key?) I guess I am just really confused
and
> > >> > > >> I
> > >> > > > Really
> > >> > > >> Appreciate your help!
> > >> > > >>
> > >> > > >>
> > >> > > >>                          Joseph MCAD
> > >> > > >>
> > >> > > >>
> > >> > > >>
> > >> > > >> "Cantelmo Software" wrote:
> > >> > > >>
> > >> > > >> > Hi Joseph MCAD,
> > >> > > >> > the size limit is: 128-11=117 bytes for PKCS#1 v 1.5
padding.
> > >> > > >> > output
> > >> > is
> > >> > > >> > always 128 byte
> > >> > > >> >
> > >> > > >> > other details:
> > >> > > >> >
> > >> > > >
> > >> >
> > >>

> > >> > > >> >
> > >> > > >> > HTH
> > >> > > >> > Marcello
> > >> > > >> > www.cantelmosoftware.com
> > >> > > >> >
> > >> > > >> > try my Goliath.NET obfuscator (pre-release version) & send
me
> > >> > > >> > your
> > >> > > > opinion
> > >> > > >> > ;-)
> > >> > > >> > http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip
> > >> > > >> >
> > >> > > >> >
> > >> > > >> > "Joseph MCAD" <JosephM***@discussions.microsoft.com> ha
scritto
> > >> > > >> > nel
> > >> > > >> > messaggio
> > >> > > >> > news:4CD6D9DF-D97A-444C-81D5-7FD2C57FFD21@microsoft.com...
> > >> > > >> > >
> > >> > > >> > > March 18, 2005
> > >> > > >> > >
> > >> > > >> > >     I am trying to encrypt messages typed in a textbox by
> > >> > encrypting
> > >> > > > them
> > >> > > >> > > using RSACryptoServiceProvider. If the text is shorter
than
> > >> > > >> > > about
> > >> > 1/2
> > >> > > > a
> > >> > > >> > > sentence, then it works fine. If it is longer, say: "This
is
> > >> > > >> > > my
> > >> > > > message.
> > >> > > >> > > It
> > >> > > >> > > is not very long, however.", then

> > >> > > >> > > False)
> > >> > > > fails
> > >> > > >> > > with
> > >> > > >> > > "Bad Length". I know that RSA is usually used for
encrypting
> > >> > > >> > > small
> > >> > > > amounts
> > >> > > >> > > of
> > >> > > >> > > data, such as symmetric keys, but all the examples I have
seen
> > >> > > >> > > haven't
> > >> > > >> > > mention this. Even Microsoft's Training Kit for their
> > >> > > >> > > Microsoft
> > >> > > > Certified
> > >> > > >> > > Professional Exam 70-330 (Implementing Application
Security)
> > >> > > >> > > asks
> > >> > you
> > >> > > > to
> > >> > > >> > > build a program that encrypts entire files using RSA. Can
> > >> > > >> > > anyone
> > >> > > > provide a
> > >> > > >> > > definite answer as to whether I can use RSA for what I am
> > >> > > >> > > doing?
> > >> > > > Thanks a
> > >> > > >> > > lot
> > >> > > >> > > for any response, as I have worked about 10 hours on this!
> > >> > > >> > >
> > >> > > >> > > dim message as string = "A longer string than an
encryption
> > >> > > >> > > key.......MessageText"
> > >> > > >> > > dim unencryptedbytes() as byte =
> > >> > > >> > > encoding.unicode.getbytes(message)
> > >> > > >> > > dim RSA as new RSACryptoServiceProvider()
> > >> > > >> > > RSA.FromXMLString(MyPrivateKey)
> > >> > > >> > > dim encrypted() as byte = rsa.encrypt(unencryptedbytes,
false)
> > >> > > >> > > 'Errors
> > >> > > >> > > here
> > >> > > >> > >
> > >> > > >> > >
> > >> > > >> > > Joseph MCAD
> > >> > > >> > >
> > >> > > >> > >
> > >> > > >> >
> > >> > > >> >
> > >> > > >> >
> > >> > > >
> > >> > >
> > >> > >
> > >> >
> > >>
> > >>
> > >>
> >
> >
> >