6

I have a X509 certificate that I would like to use to encrypt/decrypt password. However, I can only use AES-256 algorithm.

Everything I have found on the internet suggests to use RSACryptoServiceProvider, but that does not do AES-256 encryption.

I don't know a lot about encryption so some basic code examples would help a lot.

Skadoosh
  • 2,575
  • 8
  • 40
  • 53
  • 1
    I would start from [RijndaelManaged](http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged.aspx) and specify key size. Also there is a code sample in [the article](http://msdn.microsoft.com/en-us/magazine/cc164055.aspx) that does AES256 – oleksii Feb 07 '13 at 18:02

2 Answers2

5

AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

RSA is a asymmtric-key algorithm. The key in the public certificate is used for encrypting. A private key is then used for decrypting.

RSA cryptographic operations are time consuming. Normal practice is to generate a random AES key, encrypt the key with RSA and then encrypt the plain text with AES.

See how to use RSA to encrypt files (huge data) in C#

Community
  • 1
  • 1
Richard Schneider
  • 34,944
  • 9
  • 57
  • 73
1

Don't do encryption yourself, it's easy to get wrong even if you know what you are doing. Use a high level library. I've ported Kecyzar in C# for this reason.

jbtule
  • 31,383
  • 12
  • 95
  • 128