Usually RSA is only used for short data, and if longer data is required to
be encrypted, then RSA is used to encrypt the key for a symmetric
algorithm, which is then used to encrypt all the data.
That being said, if your password is short, then encrypting with RSA should
be fine. From a quick scan of your code I see two obvious problems.
1. You generate a new random key for both encryption and decryption -- you
need to use the same key for both operations.
2. When you store the data by going through ASCIIEncoding, you're dropping
off the highest order bit from each byte (ASCII is a 7 bit encoding). If
your goal is to store the encrypted byte array as a string, I would suggest
using Base64 encoding instead.
-Shawn
http://blogs.msdn.com/shawnfa --
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------
[quoted text, click to view] > From: klj_mcsd@hotmail.com (KJ)
> Newsgroups: microsoft.public.dotnet.security
> Subject: RSA Encryption
> Date: 28 Sep 2004 11:32:22 -0700
> Organization:
http://groups.google.com > Lines: 57
> Message-ID: <d83a9214.0409281032.79474f3f@posting.google.com>
> NNTP-Posting-Host: 198.26.122.13
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 8bit
> X-Trace: posting.google.com 1096396343 29772 127.0.0.1 (28 Sep 2004
18:32:23 GMT)
> X-Complaints-To: groups-abuse@google.com
> NNTP-Posting-Date: Tue, 28 Sep 2004 18:32:23 +0000 (UTC)
> Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.co
m!news.maxwell.syr.edu!postnews1.google.com!not-for-mail
[quoted text, click to view] > Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:7555
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> Is RSA a good encryption method? Also I'm having a problem pulling the
> string out of the database and decrypting it. Please Help
>
> Code is below:
>
>
> Private Function EncryptPassword(ByVal a_Password As String) As
> String
> Dim ByteConverter As New ASCIIEncoding
> Dim dataToEncrypt As Byte() =
> ByteConverter.GetBytes(a_Password)
> Dim encryptedData() As Byte
>
> 'Create a new instance of the RSACryptoServiceProvider class
> ' and automatically create a new key-pair.
> Dim RSAalg As New RSACryptoServiceProvider
> Try
> 'Encrypt the byte array and specify no OAEP padding.
> 'OAEP padding is only available on Microsoft Windows XP or
> 'later.
> encryptedData = RSAalg.Encrypt(dataToEncrypt, False)
> 'Saving this string to the database 'Should I do that?
> Return ByteConverter.GetString(encryptedData)
> Catch e As CryptographicException
> 'Catch this exception in case the encryption did
> 'not succeed.
> ' Console.WriteLine(e.Message)
> End Try
>
> End Function
>
>
> Private Function DecryptPassword(ByVal strEncryptedPassword As String)
> As String
> 'I'm passing the string that I stored in the database
> Dim ByteConverter As New ASCIIEncoding
> Dim decryptedData() As Byte
> Dim encryptedPassword As Byte()
> 'Create a new instance of the RSACryptoServiceProvider class
> ' and automatically create a new key-pair.
> Dim RSAalg As New RSACryptoServiceProvider
> Try
> encryptedPassword =
> ByteConverter.GetBytes(strEncryptedPassword)
> 'Pass the data to ENCRYPT and boolean flag specifying
> 'no OAEP padding.
> decryptedData = RSAalg.Decrypt(encryptedPassword, True)
>
> Return ByteConverter.GetString(decryptedData)
>
> Catch ex As CryptographicException
> 'Catch this exception in case the encryption did
> 'not succeed.
> Throw ex
> End Try
>
> End Function
>
