exportrsakeycode

Cancel Edit [WikiEntry.PreviewButtonText] Save
Return to HomePage



Export the Public Key from an RSA Key Pair for Distribution (C#)


Applies to

* .NET Framework 2.0
* C#


Summary

The purpose of this code snippet is to illustrate how the owner of an RSA key pair should export public key data for distribution. We save the key data to an XML file that can be communicated to recipients, who will then be able to send encrypted messages to the owner that only the key owner can read.


Objective

* Securely distribute the public component of a registry-stored keypair that other parties can use to only encrypt messages for the key owner


Scenarios

* Distributed client-server architecture where clients need to send confidential encrypted messages to the server but don't need to ever read those messages
* Application does not want to maintain a dedicated key store for encryption purposes


Solution Example

public void SerializeAndSaveRSAPublicKey(RSACryptoServiceProvider myRSA, string fileName)
{
		    		// Convert the RSA public key to an xml string (passing "false" retrieves
		    		// only the public key instead of both the private and public key
		    		string [publicKeyXml] = [myRSA.ToXmlString(false);]
	

		    		// Write the XML data out to the file location of your choosing
		    		[StreamWriter] keyWriter = new [StreamWriter(fileName);]
		    		[keyWriter.Write(publicKeyXml);]
		    		keyWriter.Close();
}


Problem Example

The following example demonstrates the generation of an RSA key pair and storage of both the public and private keys on the file system.

// The RSA CSP class automatically generates public and private key material
// during construction
myRSA = new RSACryptoServiceProvider();

///// Store in the registry using DPAPI and a Registry ACL /////

// Convert the RSA public key to an xml string - passing "true" retrieves
// both the private and public key data from the RSA CSP
string keyPairXml = myRSA.ToXmlString(true);

// Open up the key pair file and read into a string
StreamWriter keyWriter = new StreamWriter(@"C:\temp\rsakeypair.xml");
keyWriter.Write(keyPairXml);
keyWriter.Close();

* If the file system becomes compromised the private key may be exposed and the confidentiality of any encrypted messages using this keypair could be compromised.
* Distributing both public and private keys will allow anyone with access to the private key to decrypt messages that should have been intended for only the owner of the keypair.
* Default encryption key size may not provide sufficient strength and security

Test Case

The following classes must be included in any project making use of the sample code provided above:

using System.IO;
using System.Security;
using System.Security.AccessControl;
using System.Security.Cryptography;
using System.Text;
using Microsoft.Win32;

Execute the following code and then open up the file 
		  	C:\temp\rsa_publickey.xml
to see only the public key data included.

static void Main(string[] args)
{
		    		// Generate an RSA keypair and a filename for export
		    		myRSA = new [RSACryptoServiceProvider(2048);]
		    		string fileName = @"C:\temp\publickey.xml";
	

		    		// Serialize the public key from an RSA key pair and write to a file
		    		[SerializeAndSaveRSAPublicKey(myRSA,] fileName);
}


Expected Result

The following data is output to the file "C:\temp\rsa_publickey.xml":

<RSAKeyValue>
		   		<Modulus>
tnLAgAJwXXxYj+2QPX6q/mHZZf23xSvvovoBlZ1Y7RbTlkY4N2nlcGxfR6mQcTTWKf
WShQ7yEaX6rVfhhRhdaHLCsg7g3AmW2BsoBxWUijD81ZeNKyWrw8t0gjnigNR46+Pq
O1Xi7R9aA+PgaluhuZBBgJK2wIAlRJSPlTr5OjDr4vJlZiAG/VqmJVXioPfv1QI2hf
LM86JgIcrD47L0K44tKwyhAj4PN1nsomjPeb0P9m9t3od/cyZGKkiJ1nwQwG02H/
EXROaO6YFKb3xijNv69gvZLGcqssXs7Bs7CdzqmQvSylxuXkYz5bQG++raYWm4l0
56WhtIRG8mqQ==
		   		</Modulus>
		   		<Exponent>
AQAB
		   		</Exponent>
</RSAKeyValue>




More Information

RSA is an algorithm for public key (also knows as asymmetric) cryptography in which distinct public and private keys are created. Encryption operations makes use of the public key while decryption requires the private key. This offers an advantage over symmetric cryptography because the secret key used to decrypt a message does not need to be shared in order to support encryption of messages to a recipient.

The RSA private key must be securely stored in order to maintain the confidentiality of data encrypted using an individual's public RSA key. However, the public key can be freely distributed by the owner of the key pair to anyone who wishes to send an encrypted message to that owner.


Additional Resources

* RSACryptoServiceProvider (.NET): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritycryptographyrsacryptoserviceproviderclassctortopic.asp
8 Cryptography (.NET): http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0003.asp?frame=true#pagguidelines0003_cryptography


Attributes

* Applies To: .NET Framework 2.0, C#
* Category: Cryptography
* Author: Jonathan Bailey




Return to HomePage
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities