Interoperability between RSACryptoServiceProvider and openSSL

Question

I\'ve used the .NET class RSACryptoServiceProvider to get a keypair:

using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
  File.         


        

Answer 1

This blog post on using OpenSSL and RSACryptoServiceProvider states that it is possible, but the author ended up using the Chilkat RSA Library to ultimately interoperate with OpenSSL from within C#. The PEM format is not supported in the .NET world so you could use this library from JavaScience called OpenSSLKey.cs; however, as the author of the blog post mentions they had problems due to this (quoted):

OpenSSL: Can only sign small bits of data that fit within a single block. The data is padded and signed. The reverse is called "verify" and in that case the data is "unsigned" and then unpadded and the original data is returned.

[Windows]: Can sign any amount of data. The Sign* methods first hash the data and then the hash is padded and signed. The Verify* methods expect three inputs: the original data, a hash algorithm name, and the signature data. The original data is hashed and the result of unsigning/unpadding is compared with the hash of the original data.

So I recommend you go with the Chilkat RSA library.

Answer 2

I really needed to achieve Openssl interoperability with RSACryptoServiceProvider, so that I could implement a software licence key system (Ref).

I needed to be able to create the private and public keys in Linux using openssl so that they could later be used for license management in a PHP web application. Yet, also use them as the basis of an RSA signature license system in a VB.Net applciation.

After a week of searching, I eventually discovered that this is perfectly possible, so I thought I would share it.

Start on Linux (or any other useful OS) and use openssl to create a private key (private.pem), a public key (public.pem), a certificate (certificate.crt) and a Personal Information Exchange File (certificate.pfx). Don't worry about the CN and emailAddress fields, the certificate and pfx files are only being used as a vehicle to get the public or private key into the RSACryptoServiceProvider object.

openssl genrsa -out private.pem 1024
openssl rsa -in private.pem -out public.pem -pubout
openssl req -nodes -x509 -days 3650 -subj '/CN=www.example.com/emailAddress=info@example.com' -new -key private.pem -out certificate.crt
openssl pkcs12 -export -out certificate.pfx -inkey private.pem -in certificate.crt

Now to get the private key into the code:

Dim cert As New X509Certificate2("certificate.pfx", "", X509KeyStorageFlags.Exportable)
Dim rsaProvider As RSACryptoServiceProvider = DirectCast(cert.PrivateKey, RSACryptoServiceProvider)

If you need the private key or public key try this:

msgbox(rsaProvider.ToXmlString(True))  'Private key in XML format
msgbox(rsaProvider.ToXmlString(False)) 'Public key in XML format

To get the public key into the code:

Dim cert As New X509Certificate2("certificate.crt")
Dim rsaProvider As RSACryptoServiceProvider = DirectCast(cert.PublicKey.Key, RSACryptoServiceProvider)

If you need the public key try this:

msgbox(rsaProvider.ToXmlString(False))  'Public key in XML format

More to come .....