0

I want to create a new instance of RSACng class but with a specified key pair. 

var rsa = new RSACng();

The above will initialize a new instance of the RSACng class with a random 2,048-bit key pair. However we can pass an instance of CngKey while declaring RSACng. 

var key = CngKey.Import(Convert.FromBase64String(_privateKey), CngKeyBlobFormat.Pkcs8PrivateBlob);
var rsa = new RSACng(key);

The above will initialize a CngKey object with the particular private key (the private key was obtained from a PEM file, pkcs8 format) But this only initializes the RSACng object with private key. How can I initialize it with the key pair (both in PEM files) ?

Darshnik Swamy
  • 61
  • 1
  • 11
  • The public key can be calculated from the private keys, there is no need to import it as well. – mat May 24 '17 at 11:56
  • @mat how do I do that ? Considering this as a case of service to service authentication. One is provider and the one is consumer, Now the provider will be only having the public key to verify the signature that is being sent by the consumer using the private key. – Darshnik Swamy May 24 '17 at 11:59
  • Oh, you mean how can use initialise another RSACng object having only the public key? – mat May 24 '17 at 12:01
  • Yes. and when I try to do that, there is no CngKeyBlobFormat that accepts the public key as in the pem file. I tried using the 'CngKeyBlobFormat.GenericPublicBlob' in the CngKey import method. It gives me Cryptographic exception : The parameter is incorrect. – Darshnik Swamy May 24 '17 at 12:02
  • Did you try using `CngKeyBlobFormat.GenericPublicBlob` as a parameter to CngKey.Import? – mat May 24 '17 at 12:10
  • @mat as I said, it is giving me Cryptographic exception : The parameter is incorrect. `-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCncQsf8eNxsPA/bLgnea7yAYOO jFOu3vLtGKBCLL8H/Zjg/TwQotSUXn9XfAWkV3fsDQ0r/AZ/2o4HQeu2xvZzTHEN fvILYp6+4dUgt/WscKyA3vzyplacQOLj2144Sc2z5yWjJ+RJORiwhvPFLqknebfG sgnX0fjvdejro7ywcwIDAQAB -----END PUBLIC KEY-----` you can take the base64 encode public key and try. – Darshnik Swamy May 24 '17 at 12:12
  • Can you try to *encrypt* something using the `rsa` variable that you've just defined? If you can encrypt and decrypt then the private key already provides the public exponent as well - i.e. the encoded private key is actually the key pair. Signing and verifying would work as well, of course. And you should be able to export the public key from the RSACng as well if that is the case. – Maarten Bodewes May 24 '17 at 12:24
  • That is not a valid RSA public key. openssl can't parse it. – mat May 24 '17 at 12:27
  • You generally don't want to transmit the private key to a place where you only require the public key, after all. What would be the use of the private key if that was the case? – Maarten Bodewes May 24 '17 at 12:28
  • OK, but you can still split it up into two different problems this way, e.g. looking at [this question here](https://stackoverflow.com/q/6995458/589259). First try if sign / verify works... – Maarten Bodewes May 24 '17 at 12:31
  • Actually, I think [this answer](https://stackoverflow.com/a/28407693/589259) together with the provided link will answer your question. Could you verify? Note that your question says nothing about parsing an exported public key using OpenSSL *at all*. Actually, my first comment or the first comment of mat should be enough to answer the question. Please update your question with your actual requirements. – Maarten Bodewes May 24 '17 at 12:38
  • @MaartenBodewes I know that my question says nothing about parsing the public key using OpenSSL. I have tried encrypting and decrypting some bytes and it worked, it also worked with signing and verification. Correct me if I am wrong on this part, as I am trying to understand, the signing of data is done with the help of private key only right? and the verification of the signature is done with public key? I created the key pair using OpenSSL and separated them out in pem files. – Darshnik Swamy May 24 '17 at 13:26
  • @mat I created this public key with openssl only. – Darshnik Swamy May 24 '17 at 13:27
  • @MaartenBodewes Also the answer that you suggested is to convert the keypair in xml format to pem format. I already have pem format. I just need to import it. – Darshnik Swamy May 24 '17 at 13:35
  • @MaartenBodewes As to your question that why do I need to send the private key to a place where I will only need public key. I have proposed a scenario in my second comment, that a consumer can send the signature along with the headers in the request to a service (provider) and the provider can verify the signature if it will have the public key. – Darshnik Swamy May 24 '17 at 13:42
  • Please clearly state your requirements in your question. I'm out. – Maarten Bodewes May 24 '17 at 15:13

0 Answers0