Archived Forum Post

Index of archived forum posts

Question:

Encryption using RSASSA-PKCS1-v1_5 with Private Key from PFX file?

Sep 18 '12 at 11:45

I have a requirement of performing encryption using RSASSA-PKCS1-v1_5 with Private Key from PFX file.

I am not sure how to do it. I have gone through your examples (great list) but those are using encryption with public key.

In my scenario my recipient has my public key already and he will decrypt my private key encrypted base 64 encoded stream.


Answer

This problem can be decomposed into two tasks:

1) Fetching the private key from a PFX
and
2) Using the private key to do the RSASSA-PKCS1-v1_5 encryption..

(Note: The typical use of public/private keys with RSA encryption is to use the public key for encrypting, and the private key for decrypting. The idea is that the public key may be freely given to others to allow them to encrypt something and send it back to you, the sole owner of the private key. Because you are the only one with access to the private key, only you can decrypt the message.)

For the 1st task, this is what I would suggest. A PFX is a file that typically contains a certificate and it's associated private key. It may also contain one or more additional certificates (without private keys) in the chain of authentication to the root certificate authority. The Chilkat.Cert class (or CkCert in C++, or CkoCert in Objective-C, etc.) has a LoadPfxFile method. It will load the PFX, and if there are multiple certs within the PFX, it will choose the cert that has a private key and will load this one into the Cert object. You may then call Cert.ExportPrivateKey to get the private key in a Chilkat.PrivateKey object (or CkPrivateKey, CkoPrivateKey, etc.)

For the 2nd task, see this example: http://www.example-code.com/csharp/rsa_encryptStrings.asp

Given that you're wanting to encrypt using the private key, you would import the private key into the RSA object, and then set the "usePrivateKey" argument equal to True for the method call that does the encrypting.

Note: The Rsa.ImportPrivateKey method expects the private key in XML format. If you already have the private key in a PrivateKey object, then call PrivateKey.GetXml to get the XML.