RSA Encryption with a ‘K’ in the .Net Framework
I worked with a guy who would say “With a K” to imply something is not the real thing. For example instead of calling foe pearls that, he would say “Those are pearls with a K”. It’s not something I ever picked up and ran with but hey, to each his own. My target of rage as of late has been the RSA implementation that ships in the .Net Framework.
The underlying mathematics of asymmetric encryption allows for encryption and decryption from either key. So I can encrypt data with my private key and only the public key can decrypt it. I can also encrypt data with my public key and only the private key can decrypt it.
The mathematics underlying the algorithm provide for this functionality, but it’s not in the .Net Framework. The implementation that is currently in the .Net Framework is a broken, one way (Public->Private), implementation.
This implementation works good for the common scenario where I have a public key I can give away over the Internet, people can encrypt data and only I can decrypt it. What this doesn’t provide for is you communicating by encrypting with your private key and having your public key decrypt the data.
The common rational I see popping up, is that because the RSA is a CPU intensive process that it shouldn’t be used to encrypt anything more then a small amount of data, say a symmetric encryption key. I would agree with this but crippling the entire implementation in the .Net Framework and not having a more ‘advanced’ option is very limiting.
The scenario I recently wanted to use the asymmetric encryption, and the RSACryptoServiceProvider, for was to one time encrypt information and many time decrypt. A system would generate some data that could only be read, so using the properties of asymmetric encryption, I could just encrypt with my private key and publish my public key embedded with the software. This way the secure data could only be decrypted with the public key and not modified. This is all the benefits of symmetric encryption coupled with hashing, all in one operation.
I now use Chilkat Software’s working RSA implementation to accomplish this goal and only recently stumbled across a open source encryption library called Bouncy Castle (yes I know the name sounds weird). To me the .Net Framework is very “Pit of Success’ie"” but doesn’t provide any flexibility for other use cases, for something that should be available in the base framework. Yes asymmetric encryption can be computationally expensive, but that is not a reason not to support the 20% or more advanced scenarios.