-3

Following up on this question, I would like to know what an RSA key is, and how I would go about creating and using one in C#.

Community
  • 1
  • 1
JL.
  • 78,954
  • 126
  • 311
  • 459
  • 2
    Odds are good that you are asking the wrong question. Finding the right crypto algorithm and applying it is trivial. Solving the key management problem is not. The question you should be asking is "here's a detailed threat model of my application, here are the threats that are potentially mitigated by crypto. How do I securely manage the keys in order to actually mitigate real threats?" – Eric Lippert Sep 25 '09 at 19:33
  • 1
    Remember, the purpose of a crypto algorithm is to leverage the security of a small, meaningless key into the security of some large quantity of meaningful data. That necessarily entails solving the problem of securely managing the key! That's the hard part. – Eric Lippert Sep 25 '09 at 19:36
  • http://stackoverflow.com/questions/10168240/encrypting-decrypting-a-string-in-c-sharp – marbel82 Aug 11 '16 at 12:57

2 Answers2

7

From Wikipedia:

In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it ; see below) is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.

Have you looked at the RSACryptoServiceProvider class? .NET makes this easy for most applications.

Ed S.
  • 122,712
  • 22
  • 185
  • 265
  • I'd implore you to read these blog posts before implementing encryption http://www.codinghorror.com/blog/archives/001267.html and http://www.codinghorror.com/blog/archives/001275.html – Nathan Koop Sep 25 '09 at 18:57
1

There are two kinds of encryption: symmetric and asymmetric.

Symmetric crypto uses a single key that is shared between the sender and the receiver.

Asymmetric crypto, a.k.a. public-key cryptography, uses two keys (a key pair), one of which (the private key) is kept secret and the other (the public key) is made available to everyone else. The sender uses the public key of the receiver to encrypt data, and the receiver uses his private key to decrypt it.

RSA is an asymmetric/public-key crypto scheme.

AES is a symmetric crypto scheme.

Hybrid schemes combine both, so that the data is encrypted using symmetric encryption, but the encryption keys themselves are encrypted, stored, and exchanged using asymmetric encryption.

So you need to figure out how you intend to manage the encryption keys. If you're designing a system that only needs to encrypt things (e.g., SSNs or passwords) to save them to a database and then later decrypt them when it needs to use them, then symmetric crypto is appropriate. If you're intending to transmit encrypted info across different systems, then asymmetric (or hybrid) crypto is appropriate.

David R Tribble
  • 11,918
  • 5
  • 42
  • 52