0

I am creating C# API to provide android and iOS mobile application with data, I need to receive and send the data to the mobile applications as encrypted

so I used asymmetric encryption algorithm [RSA], and I have one more question regarding this.

  1. What is the best way to create public and private key and how can I store them.
  2. Is it write to send the public key as a plain text and is there any way to send it as .pem file?
  3. what is the public and private key formats used between mobile application and .net API?

I used this method to create the public and private keys

public static Tuple<string, string> CreateKeyPair()
        {
            CspParameters cspParams = new CspParameters { ProviderType = 1 /* PROV_RSA_FULL */ };
            RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024, cspParams);
            string publicKey = Convert.ToBase64String(rsaProvider.ExportCspBlob(false));
            string privateKey = Convert.ToBase64String(rsaProvider.ExportCspBlob(true));
            return new Tuple<string, string>(privateKey, publicKey);
        }

but this function returns Base64String keys and this is not readable in mobile applications.

Please Advice,

Yasser-Farag
  • 592
  • 4
  • 9
  • 28
  • 1
    Asymmetric encryption is not approprate for sending large ammounts of data due to its slowness. What the normal approach is to create a new random symmetric key each session that is used for the bulk data transfer and then transmit the symmetric key to the other party using the asymmetric encryption. However a even better approach is to use a library that abstracts all of that away so you don't make any implementation mistakes in your encryption (I personally am partial to the library [BouncyCastle](http://www.bouncycastle.org/)) – Scott Chamberlain Oct 13 '13 at 07:09
  • Actually I use asymmetric encryption for only one function with a small amounts of data, and the other functions I use symmetric AES encryption. – Yasser-Farag Oct 13 '13 at 07:11
  • 2
    It sounds like you're trying to roll your own SSL. Why don't you just use SSL? – Aurand Oct 13 '13 at 07:43
  • Please describe your needs. Actually, if encryption should be used only during transfer, you'd better use SSL/TLS – Nickolay Olshevsky Oct 13 '13 at 11:53
  • Now, I need just only to know how can I save the private and public key in my website (MVC 4.0) – Yasser-Farag Oct 13 '13 at 12:46
  • the answer is here: http://stackoverflow.com/questions/2274596/how-to-store-a-public-key-in-a-machine-level-rsa-key-container Best regards. – JJ San May 19 '17 at 14:46

0 Answers0