2

I have ASP .NET C# project and I want to encrypt file with multiple public keys from certificates using X509Store and I am using this function to encrypt the file its fine but I need it for group of certificates:

private static void EncryptFile(string inFile, RSACryptoServiceProvider rsaPublicKey)
{

    using (AesManaged aesManaged = new AesManaged())
    {
        // Create instance of AesManaged for
        // symetric encryption of the data.
        aesManaged.KeySize = 256;
        aesManaged.BlockSize = 128;
        aesManaged.Mode = CipherMode.CBC;
        using (ICryptoTransform transform = aesManaged.CreateEncryptor())
        {
            RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaPublicKey);
            byte[] keyEncrypted = keyFormatter.CreateKeyExchange(aesManaged.Key, aesManaged.GetType());

            // Create byte arrays to contain
            // the length values of the key and IV.
            byte[] LenK = new byte[4];
            byte[] LenIV = new byte[4];

            int lKey = keyEncrypted.Length;
            LenK = BitConverter.GetBytes(lKey);
            int lIV = aesManaged.IV.Length;
            LenIV = BitConverter.GetBytes(lIV);

            // Write the following to the FileStream
            // for the encrypted file (outFs):
            // - length of the key
            // - length of the IV
            // - ecrypted key
            // - the IV
            // - the encrypted cipher content

            int startFileName = inFile.LastIndexOf("\\") + 1;
            // Change the file's extension to ".enc"
            string outFile = encrFolder + inFile.Substring(startFileName, inFile.LastIndexOf(".") - startFileName) + ".enc";
            Directory.CreateDirectory(encrFolder);

            using (FileStream outFs = new FileStream(outFile, FileMode.Create))
            {

                outFs.Write(LenK, 0, 4);
                outFs.Write(LenIV, 0, 4);
                outFs.Write(keyEncrypted, 0, lKey);
                outFs.Write(aesManaged.IV, 0, lIV);

                // Now write the cipher text using
                // a CryptoStream for encrypting.
                using (CryptoStream outStreamEncrypted = new CryptoStream(outFs, transform, CryptoStreamMode.Write))
                {

                    // By encrypting a chunk at
                    // a time, you can save memory
                    // and accommodate large files.
                    int count = 0;
                    int offset = 0;

                    // blockSizeBytes can be any arbitrary size.
                    int blockSizeBytes = aesManaged.BlockSize / 8;
                    byte[] data = new byte[blockSizeBytes];
                    int bytesRead = 0;

                    using (FileStream inFs = new FileStream(inFile, FileMode.Open))
                    {
                        do
                        {
                            count = inFs.Read(data, 0, blockSizeBytes);
                            offset += count;
                            outStreamEncrypted.Write(data, 0, count);
                            bytesRead += blockSizeBytes;
                        }
                        while (count > 0);
                        inFs.Close();
                    }
                    outStreamEncrypted.FlushFinalBlock();
                    outStreamEncrypted.Close();
                }
                outFs.Close();
            }
        }
    }
}
fantaghirocco
  • 4,761
  • 6
  • 38
  • 48
Ibrahim Al-luwayhi
  • 21
  • 2
  • What are you supposed to do with multiple public key encryption? Do you want to encrypt data with your public keys one after another? – Steffen Harbich Aug 01 '16 at 10:40
  • I want one file (.pdf, .txt, ..etc) to be encrypted by different public keys. this file will be shared to group of people and the file will be decrypted by the private key of the usb token of that group of people only. I have system with many users so I need to share only one file to group of them when they plug in the token and put the pin code the file will be decrypted for them(group of people) only. In more specific to be one to many relationship one file for many people encryption – Ibrahim Al-luwayhi Aug 02 '16 at 04:50
  • You may read [this](http://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys) or [this](http://security.stackexchange.com/a/71915) question and answers. I am not aware of a standard approach. – Steffen Harbich Aug 02 '16 at 06:10
  • So basically, you could generate a symmetric key and encrypt file with e.g. AES, then encrypt the key with public keys of your users and provide the encrypted document along with the encrypted key (specific to the user). – Steffen Harbich Aug 02 '16 at 06:12

0 Answers0