5

I'm new to RSA encryption and I've been trying to learn how exactly it works using .Net's System.Security.Cryptography.

    public String Encryption(Byte[] Input, RSAParameters PublicKey)
    {
        RSAC = new RSACryptoServiceProvider();
        RSAC.ImportParameters(PublicKey);
        Byte[] Encrypt = RSAC.Encrypt(Input, false);
        return Convert.ToBase64String(Encrypt);
    }

Using the above code, I get a different encrypted string for the same intput, anytime I restart the application. I would like to know if this is a normal behavior and in case it is not, how to prevent it.

For example the program returns the below string for the input "Hello" :

NopDAF5FRu....

When I restart the application the output for the same input will be :

pPPu8x6....

However when I create new objects for my RSA Encryption class, all objects return the same output.

Transcendent
  • 5,598
  • 4
  • 24
  • 47
  • Can you show how you've tested the last part of your question: "However when I create new objects for my RSA Encryption class, all objects return the same output." – Maarten Bodewes Nov 16 '13 at 16:28
  • 1
    RSA being random is fine. Passing `false` as second parameter to `Encrypt` is probably not fine since v1.5 padding has some serious weaknesses compared to OAEP. – CodesInChaos Nov 17 '13 at 05:17
  • Does this answer your question? [Why is RSACryptoServiceProvider.Encrypt() output not stable?](https://stackoverflow.com/questions/8310847/why-is-rsacryptoserviceprovider-encrypt-output-not-stable) – Zoe Sep 30 '20 at 08:50

1 Answers1

6

That's totally normal and fine. The data being encrypted is put inside a block that is padded with random values. That's then being encrypted with the public key.

See this SO Q&A for more details.

Community
  • 1
  • 1
poupou
  • 43,413
  • 6
  • 77
  • 174
  • I think u r right i just mess up with which key is used in encryption because both can be used , I think yours answer is correct but isnt the private key generated randomly here because he has not intialized it. Then the modulus changes and text encrypted with (public key) changes . – Vikram Bhat Nov 16 '13 at 16:32
  • With RSA you **encrypt** with the **public** key so only the person in possession of the **private** key can decrypt it (i.e. many persons can have your public key and encrypt something for you alone). As such the public key is the only thing needed in the above question. – poupou Nov 16 '13 at 16:35
  • yes u r right . Thanks for clearing doubts (i need to revise my cryptography). – Vikram Bhat Nov 16 '13 at 16:40