.net – Does RSA Private key always contain the Public key, or is it just .NET

keynetprivatepublicrsacryptoserviceprovider

I'm using RSACryptoServiceProvider in .NET 2 and it seems that the Private part of a Public/Private key pair always contains the Public part as well.

I need to encrypt some info using my Public key, and allow the other party to ONLY DECRYPT what I encrypted. I don't want them to be able to know how I encrypted my message. Is that possible using RSACryptoServiceProvider in .NET?

Best Answer

The private key always includes the public key.

What you might really want is Signing. Using the same .NET classes, you can sign data with your private key and verify the signature on the other party's side with the public key (which obviously doesn't contain the private key).

    public static string Sign(string data, string privateAndPublicKey)
    {
        byte[] dataBytes = Encoding.UTF8.GetBytes(data);
        RSACryptoServiceProvider provider = CreateProviderFromKey(privateAndPublicKey);
        byte[] signatureBytes = provider.SignData(dataBytes, "SHA1");
        return Convert.ToBase64String(signatureBytes);
    }

    public static bool Verify(string data, string signature, string publicKey)
    {
        byte[] dataBytes = Encoding.UTF8.GetBytes(data);
        byte[] signatureBytes = Convert.FromBase64String(signature);
        RSACryptoServiceProvider provider = CreateProviderFromKey(publicKey);
        return provider.VerifyData(dataBytes, "SHA1", signatureBytes);
    }

    private static RSACryptoServiceProvider CreateProviderFromKey(string key)
    {
        RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
        provider.FromXmlString(key);
        return provider;
    }

	Class	Package	Subclass (same pkg)	Subclass (diff pkg)	World
`public`	+	+	+	+	+
`protected`	+	+	+	+
no modifier	+	+	+
`private`	+

Update 03/03/2021

.NET 5 now supports this out of the box.

To try the code snippet below, generate a keypair and encrypt some text at http://travistidwell.com/jsencrypt/demo/

var privateKey = @"-----BEGIN RSA PRIVATE KEY-----
{ the full PEM private key } 
-----END RSA PRIVATE KEY-----";

var rsa = RSA.Create();
rsa.ImportFromPem(privateKey.ToCharArray());

var decryptedBytes = rsa.Decrypt(
    Convert.FromBase64String("{ base64-encoded encrypted string }"), 
    RSAEncryptionPadding.Pkcs1
);

// this will print the original unencrypted string
Console.WriteLine(Encoding.UTF8.GetString(decryptedBytes));

Original answer

I solved, thanks. In case anyone's interested, bouncycastle did the trick, just took me some time due to lack of knowledge from on my side and documentation. This is the code:

var bytesToDecrypt = Convert.FromBase64String("la0Cz.....D43g=="); // string to decrypt, base64 encoded
 
AsymmetricCipherKeyPair keyPair; 
 
using (var reader = File.OpenText(@"c:\myprivatekey.pem")) // file containing RSA PKCS1 private key
    keyPair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject(); 
 
var decryptEngine = new Pkcs1Encoding(new RsaEngine());
decryptEngine.Init(false, keyPair.Private); 
 
var decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length));

Best Answer

Related Solutions

Java – the difference between public, protected, package-private and private in Java

C# – How to read a PEM RSA private key from .NET

Update 03/03/2021

Original answer

Related Topic