There should be no problem not at all.
The MS Base Cryptographic Service Provider (that the standard RSA class
implementation is based on) is compatible with export limitations (unless
you export it to a country the US has sanctions with, that is).
I think you are confusing the issue of symmetric key lengths with asymmetric
key lengths.
DES is a symmetric cipher, and there is a cap on symmetric cipher key
lengths of 56 to 128 bits, depending on which document you are looking at,
and various other factors. However, RSA is an asymmetric (public/private
key) cipher. Asymmetric key lengths can't exceed 512 bit last time i
checked. And as an aside, the "secure" recommendation is at least 1024 bits
for an RSA key, so if it were up to me, I'd use the largest possible key
(512).
-Rob Teixeira [MVP]
[quoted text, click to view] "EP" <ep@newsgrouponly.com> wrote in message
news:%23K7ZtM4cEHA.688@TK2MSFTNGP11.phx.gbl...
> I'm trying to build an exportable secure system and am having a hard time
> finding the definitive answer on export laws. Can't find it on msdn and
> everything I come accross on the net is from '96-'97
>
> I want to use an asymmetric RSA public/private handshake to establish a
> weaker 40-bit key for conversation (will be doing this on a message-based
> architecture).
>
> So, I go to use RSA encryption for the handshake.. But is RSA limited to
384
> bit minimum? At least the RSACryptoServiceProvider is. If I cannot use
RSA
> for exportable systems, what private/public asymmetric algorithms are
> exportable?
>
> Can someone confirm the current exportable algorithms? I know I can use
> 40-bit DES once I've established the session but what can I use for the
> handshake?
>
>
