exportrsakeycode2

Cancel Edit [WikiEntry.PreviewButtonText] Save
Return to HomePage


Export the Public Key from an RSA Key Pair for Distribution (VB)


Applies to

* .NET Framework 2.0
* C#

Summary

The purpose of this code snippet is to illustrate how the owner of an RSA key pair should export public key data for distribution. We save the key data to an XML file that can be communicated to recipients, who will then be able to send encrypted messages to the owner that only the key owner can read.

Objectives

* Securely distribute the public component of a registry-stored keypair that other parties can use to only encrypt messages for the key owner

Scenarios

* Distributed client-server architecture where clients need to send confidential encrypted messages to the server but don't need to ever read those messages
* Application does not want to maintain a dedicated key store for encryption purposes

Solution Example

Public Sub SerializeAndSaveRSAPublicKey(ByVal RSA As RSACryptoServiceProvider, ByVal fileName As String)
		    		' Convert the RSA public key to an xml string (passing "false" retrieves
		    		' only the public key instead of both the private and public key    
		    		Dim [publicKeyXml] As String = [RSA.ToXmlString(False)]
	

		    		' Write the XML data out to the file location of your choosing
		    		Dim keyWriter As New [StreamWriter(fileName)]
		    		[keyWriter.Write(publicKeyXml)]
		    		keyWriter.Close()
End Sub


Problem Example

The following example demonstrates the generation of an RSA key pair and storage of both the public and private keys on the file system. 

		 	' The RSA CSP class automatically generates public and private key material
' during construction
myRSA = New RSACryptoServiceProvider()

*' Store in the registry using DPAPI and a Registry ACL *'
' Convert the RSA public key to an xml string - passing "true" retrieves
' both the private and public key data from the RSA CSP
Dim keyPairXml As String = myRSA.ToXmlString(True)

' Open up the key pair file and read into a string
Dim keyWriter As New StreamWriter("C:\temp\rsakeypair.xml")
keyWriter.Write(keyPairXml)
keyWriter.Close()

* If the file system becomes compromised the private key may be exposed and the confidentiality of any encrypted messages using this keypair could be compromised.
* Distributing both public and private keys will allow anyone with access to the private key to decrypt messages that should have been intended for only the owner of the keypair.
* Default encryption key size may not provide sufficient strength and security


Test Case

The following classes must be included in any project making use of the sample code provided above:

Imports System.IO
Imports System.Security
Imports System.Security.AccessControl
Imports System.Security.Cryptography
Imports System.Text
Imports Microsoft.Win32

Execute the following code and then open up the file 
		  	C:\temp\rsa_publickey.xml
to see only the public key data included.

Sub Main(args() As String)
		   		' Generate an RSA keypair and a filename for export
		   		myRSA = New [RSACryptoServiceProvider(2048)]
		   		Dim fileName As String = "C:\temp\publickey.xml"
	

		   		' Serialize the public key from an RSA key pair and write to a file
		   		[SerializeAndSaveRSAPublicKey(myRSA,] fileName)
End Sub 'Main

Expected Result

The following data is output to the file "C:\temp\rsa_publickey.xml":

<RSAKeyValue>
		   		<Modulus>
tnLAgAJwXXxYj+2QPX6q/mHZZf23xSvvovoBlZ1Y7RbTlkY4N2nlcGxfR6mQcTTWKf
WShQ7yEaX6rVfhhRhdaHLCsg7g3AmW2BsoBxWUijD81ZeNKyWrw8t0gjnigNR46+Pq
O1Xi7R9aA+PgaluhuZBBgJK2wIAlRJSPlTr5OjDr4vJlZiAG/VqmJVXioPfv1QI2hf
LM86JgIcrD47L0K44tKwyhAj4PN1nsomjPeb0P9m9t3od/cyZGKkiJ1nwQwG02H/
EXROaO6YFKb3xijNv69gvZLGcqssXs7Bs7CdzqmQvSylxuXkYz5bQG++raYWm4l0
56WhtIRG8mqQ==
		   		</Modulus>
		   		<Exponent>
AQAB
		   			</Exponent>
</RSAKeyValue>

More Information

RSA is an algorithm for public key (also knows as asymmetric) cryptography in which distinct public and private keys are created. Encryption operations makes use of the public key while decryption requires the private key. This offers an advantage over symmetric cryptography because the secret key used to decrypt a message does not need to be shared in order to support encryption of messages to a recipient.

The RSA private key must be securely stored in order to maintain the confidentiality of data encrypted using an individual's public RSA key. However, the public key can be freely distributed by the owner of the key pair to anyone who wishes to send an encrypted message to that owner.


Additional Resources

* RSACryptoServiceProvider (.NET): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritycryptographyrsacryptoserviceproviderclassctortopic.asp
* Cryptography (.NET): http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0003.asp?frame=true#pagguidelines0003_cryptography


Attributes

* Applies To: .NET Framework 2.0, C#
* Category: Cryptography
* Author: Jonathan Bailey



Return to HomePage
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities