Hi All,

I am new bie to RSA. I am trying to use the RSA for my requirement of
handling the license management.

My requirement is as below:

I want to issue a license to the client. The license will be generated by a
desktop application using .Net 2.0 and client will have another desktop
application. The license will be encrypted using a private key generated by
RSA. The public key will be emailed to the client seperately. The client
should enter the public key and decrypt the license.

I have used the following source code taking guidence from your code but
getting "Bad Data" when executing the encryption and decryption from the
same form.(This I am doing for the test purpose).

When I am trying to decrypt the license from another desktop application
where I am accepting "Public Key " from the user, I am getting the error as
"Bad Key".

I am pasting the code below for your reference.
*******
Form1.cs
*******
CspParameters cp = new CspParameters();
cp.KeyContainerName = "ApplicatioKeyContainer";


RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, cp);
// rsa.PersistKeyInCsp = true;

string privateKey = rsa.ToXmlString(true);
string publicKey = rsa.ToXmlString(false);
#region Not in USE
//CspKeyContainerInfo cinfo = rsa.CspKeyContainerInfo;
//string str = cinfo.UniqueKeyContainerName;
//string s = cinfo.KeyNumber.ToString();

////bool flg = rsa.PublicOnly;
//// Console.WriteLine("RSA Key Size :" + rsa.KeySize);
//// Console.WriteLine("RSA Key is : \n" + rsa.ToXmlString(true));
#endregion
string licData = "test";//"<?xml version='1.0'
encoding='utf-8'?><License><ExpiryDate>6/3/2006</ExpiryDate></License>";
rsa.FromXmlString(privateKey);
byte[] licEncrypt = rsa.Encrypt(Encoding.UTF8.GetBytes(licData), false);
string sEncLic = Encoding.UTF8.GetString(licEncrypt);

string path = Environment.CurrentDirectory;
StreamWriter sw = new StreamWriter(path + "/PrivateKey.txt");
sw.WriteLine(rsa.ToXmlString(true));
sw.Close();

sw = new StreamWriter(path + "/license.lic");
sw.WriteLine(sEncLic);
sw.Close();

sw = new StreamWriter(path + "/PublicKey.txt");
sw.WriteLine(rsa.ToXmlString(false));
sw.Close();
********
Form2.cs(Another desktop application accessed by client)
********
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(textBox1.Text);

string path = Environment.CurrentDirectory;
StreamReader sr = new StreamReader(path + "/license.lic");
string sDecrypt = sr.ReadLine();
sr.Close();
try
{
byte[] decryptLic = rsa.Decrypt(Encoding.Unicode.GetBytes(sDecrypt), false);
string validLic = Encoding.Unicode.GetString(decryptLic);
}
catch (CryptographicException excr)
{
string s = excr.Message;
}

********

Please guide me where I am going wrong and how to resolve this.

Also in one of the post on Microsoft newsgroup I have come across the
following :

******
RSA is intended to encrypt messages with public keys only. Usually, when
people say they want to encrypt with the private key, they really want to
sign a message. The Microsoft crypto stack goes to some lengths to prevent
you from using RSA the wrong way by designing the APIs so that you encrypt
with public keys and sign with private keys.
*******

As per the above lines, I have tried using publicKey for encryption and
private key for decryption but the same error is occuring. :(
Please clear me on this as well.

Awaiting your reply.

Thanks in advance.

-S

[quoted text, click to view]

Can you explain me a couple of things:

- what are you trying to achieve with that???
- what could be the reason for use of RSA here??????

Looking at your description, my imagination simply fails to grasp any
plausible answer to these questions...
Let me see: you encrypt message on a server, send key to client, who
uses the key to decrypt it. So, what does RSA do here???
Any symmetric algorithm will give you what you want: you generate
random key on server, encrypt and send message to client, send randomly
generated key to the client who uses it for decrypting message...
....Whoever gave you these requirements has very little idea about
cryptography generally and RSA particularly (little knowledge is far
more dangerous than no knowledge at all).
Tell them to use Google!... and also learn a simple phrase:

"- public key is for ENCRYPTION;
private key is for DECRYPTION;"

not the other way around!

-Valery.
http://www.harper.no/valery