Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Asymmetric Key on .Net Core

I am trying to run code from this sample

https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-store-asymmetric-keys-in-a-key-container

Under .NetCore 2.0 (Web application).

However when I try to execute any line using

CspParameters

I get the following error

'CspParameters' requires Windows Cryptographic API (CAPI), which is not available on this platform.

Suggestions please on how I work around this. Thanks.

like image 411
MHugh Avatar asked Feb 14 '18 16:02

MHugh


People also ask

Is asymmetric key faster than symmetric?

Two different keys are now involved in encrypting and decrypting the data. Symmetric encryption is comparably much faster than asymmetric encryption, which is why it is still used massively today.

Is asymmetric key more secure?

One reason asymmetric encryption is often regarded as more secure than symmetric encryption is that asymmetric encryption, unlike its counterpart, does not require the exchange of the same encrypt-decrypt key between two or more parties.

What is asymmetric key used for?

Asymmetric encryption is used in key exchange, email security, Web security, and other encryption systems that require key exchange over the public network. Two keys (public and private), private key cannot be derived for the public, so the public key can be freely distributed without confidentially being compromised.

Is asymmetric key same as public key?

Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.


2 Answers

.NET does not store cryptographic keys, that's ultimately a feature that is (or isn't) provided by the cryptographic platform it builds on top of.

To use CspParameters with .NET Core you have to run on Windows; because that's a very thin wrapper over the (old) Windows Cryptographic API. You can't use it in UAP, because UAP only allows the newer Cryptography: Next Generation (CNG) API.

macOS can store keys in a Keychain, but .NET Core doesn't provide API to read them out.

Linux (OpenSSL) does not have any key storage mechanism other than "save this to a file and load it again", but .NET Core does not support loading asymmetric keys from files.

The only way to accomplish your goal in a cross-platform mechanism is to have your asymmetric key associated with an X.509 certificate. If you build the X509Certificate2 object for which HasPrivateKey returns true you can save it to a PFX/PKCS#12 file and then load from that file; or you can add it to an X509Store instance (the "My" store for CurrentUser is the one that works best across the platforms) and then read it back from the X509Store instance.

Despite the page you referenced claiming to be written in 2017, what it really means is the content was moved from its previous location on msdn.microsoft.com on that date. The original page was written in 2008 (at least, that's the first hit on web.archive.org), so it long predated .NET Core.

like image 113
bartonjs Avatar answered Nov 10 '22 00:11

bartonjs


You can now do it cross-platform and it works as long as you are on .netcore 3.0 or higher and you add the latest System.Security.Cryptography.Cng nuget package (NB! this will ONLY work if your project is NOT multi-targeted - it can ONLY target netcoreapp3.0) :

using (ECDsa key = ECDsa.Create())
            {
                key.ImportPkcs8PrivateKey(Convert.FromBase64String(privateKey), out _);

                return Jose.JWT.Encode
                    (
                    payload: payload,
                    key: key,
                    algorithm: JwsAlgorithm.ES256,
                    extraHeaders: extraHeader
                    );
            }
like image 30
Matthew Joughin Avatar answered Nov 09 '22 23:11

Matthew Joughin