Decrypt and Authenticate a Message
The decryption process is very similar to the encryption process. The DecryptAndAuthenticate
function calls Decrypt
, passing the KeyPair along with the encrypted text string. Decrypt
initializes the m_objRSA objectwith the private key this timeand makes repeated calls to DecryptBlock
until all of the encrypted text is decrypted. In this case, the block size is simply the size of the key in bytes (from the GetModulusSize
function), because the encrypted strings have been padded to this size. DecryptBlock
simply calls the m_objRSA's Decrypt
method. This converts the string into a byte array for decrypting and then converts the decrypted bytes back into a string. Again, the decrypted blocks are accumulated until all of the text has been decrypted.
|Figure 1:The rich text box populates with the key information, the test string, the encrypted string, and the recovered test string.
After the message has been decrypted, DecryptAndAuthenticate passes it to Authenticate. The Sign function adds a signature, with <signature> and </signature> tags around it, to the end of the message. The Authenticate function relies on these tags. StripSignature removes the signature and these tags from the message, restoring it to its original content. The string inside the signature tags is returned from the StripSignature function. AuthenticateText calls the m_objRSAs VerifyData function with the original text string (as a byte array) and the signature that was appended to the message. In order to verify the data, this function must compute the hash (message digest) for the original content and compare it to the decrypted hash from the message (that was encrypted using the senders private key and is decrypted by the VerifyData function using the m_objRSA objects public key). This hash algorithm must be the same as the one used to sign the message. So, once again, pass in a new instance of the default hash algorithm from System.Security.Cryptography.HashAlgorithm.Create().
Build the project to create the PKInfrastructure.dll file in the project's Bin subfolder.
Testing the Public Key Cryptography Infrastructure
Create a new VB.Net Windows Application project. Name the project PKInfrastructureTester. Add a reference to the project to the PKInfrastructure.dll file from the PKInfrastructure project (from the menu, project\add referencethen browse to the PKInfrastructure project folder and navigate to the BIN subfolder and select the PKInfrastructure.dll file). Double-click on the form to open the code window and replace what is there with the code from Listing 6. Build and start the application. Click the Do Test button. You should see the rich text box populate with the key information, the test string, the encrypted string and the recovered test string (Figure 1).
Public key cryptography is a powerful and essential technology. The ability to widely distribute public keys and communicate securely over an open network is truly revolutionary.
However, sometimes a combination of asymmetric and symmetric cryptography will produce the best results. Public key cryptography algorithms are very intensive and applications that involve time sensitive operations and/or large quantities of content will fare better with a symmetric cryptographic approach. In the most common scenario, a temporary symmetric key is generated specifically for a given communication session and exchanged using public key cryptography. This symmetric key is then used for the remainder of the conversation.
Public key cryptography also has applications beyond communications. For example, an application that needs to protect its data files might use a public/private key pair for reading and writing these files. If the data files are large, you might use symmetric cryptography and store the public key encrypted symmetric key at the beginning of the file. Because the symmetric key is encrypted with the application's public key, only this application can decrypt it using the corresponding private keywhich is compiled into the application. You could even publish the public key and the file format in order to allow developers and other applications to generate data files that our application can read and process. But those developers and applications would not be able to read those files or any other data files for our application.
The .NET framework provides everything needed to use public key cryptography alone or in conjunction with symmetric cryptography. However, the large volume of documentation and the lack of concise yet complete examples can be bewildering. You must be familiar with the idiosyncrasies and limitations and it helps to know a few tricks for getting around them.
This article and accompanying project files are a useful example of public key encryption in VB.Net. The example application demonstrated how a framework facilitates key generation and provides access to both public and private key information, while supporting each of the four cryptographic activities of the secure messaging model. This PKInfrastructure assembly is re-usable and offers a simple, friendly interface for using public key encryption in your projects.