C# RSA Encrypting text using a given PKCS#1 public key

Question

I am trying to write a function the receives a string to encode and a public key as base64 encoded string in PKCS#1 format, and returns an encoded string.

    public static string EncryptRsa(string stringPublicKey, string stringDataToEncrypt)
{
    byte[] publicKey = Convert.FromBase64String(stringPublicKey);

    // Code to create an RSACryptoServiceProvider with the public key
    // var rsa = new RSACryptoServiceProvider(??)

    byte[] dataToEncrypt = Encoding.UTF8.GetBytes(stringDataToEncrypt);
    var encryptedData = rsa.Encrypt(dataToEncrypt, true);
    return Convert.ToBase64String(encryptedData);
}

I've seen many questions and answers over past few day about how to encrypt using the RSA algorithm, but haven't found information on how to create a RSACryptoServiceProvider when I already have an existing key (specifically, in a PKCS#1 format), only how to generate a key pair.

for example: given the following string, how would I encrypt data using RSA encryption?

-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0 FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/ 3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB

-----END PUBLIC KEY-----

Thanks!!

Answer 1

You can use BouncyCastle, a .NET library that allows you to convert from PKCS#1 formatted key to actual key parameters that can be used to encrypt and decrypt.

Since the public key you have is formatted as PKCS#1 base64-encoded value. Then you can decode the public key as an ASN.1 object using BouncyCastle as the following

You have to strip out '-----BEGIN PUBLIC KEY-----' and '-----END PUBLIC KEY-----' from the stringPublicKey before you continue.

Asn1Object obj = Asn1Object.FromByteArray(Convert.FromBase64String(stringPublicKey));

Then, as specified in RFC 3447 (A 1.1):

DerSequence publicKeySequence = (DerSequence)obj;

DerBitString encodedPublicKey = (DerBitString)publicKeySequence[1];
DerSequence publicKey = (DerSequence)Asn1Object.FromByteArray(encodedPublicKey.GetBytes());

DerInteger modulus = publicKey[0];
DerInteger exponent = publicKey[1];

Here, you have all you need to create a public key:

RsaKeyParameters keyParameters = new RsaKeyParameters(false, modulus.PositiveValue, exponent.PositiveValue);

Then, BouncyCastle provides an easy way to convert this to .NET compatible RSAParameters:

RSAParameters parameters = DotNetUtilities.ToRSAParameters(keyParameters);

You can then easily import the key parameters into RSACryptoServiceProvider:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(parameters);

Finally, do your encryption:

byte[] dataToEncrypt = Encoding.UTF8.GetBytes(stringDataToEncrypt);
byte[] encryptedData = rsa.Encrypt(dataToEncrypt, true);
return Convert.ToBase64String(encryptedData);