Data Encryption/Decryption using RSACryptoServiceProvider and X509Certificate2

Introduction

Data Encryption/Decryption using RSACryptoServiceProvider and X509Certificate2

Background

Before you write Encryption/Decryption, you must ensure your have genate valid certificate with having private key option. and can be achieved by following command.

makecert -r -pe -n "CN=MyTestServer" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

Using the code

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;

string DigitalCertificateName = "";
/// <summary>
/// Constructor
/// Author : Ranajit Biswal
/// Date : 24th May 2007
/// Pupose : Used to Encrypt and Decrypt string using Digital signature which having Private Key.
/// Requirement : WSE 2.0 and .Net Framework 2.0
/// </summary>

//Read digital certificate from Current User store.
public string GetEncryptedText(string PlainStringToEncrypt)
{
X509Store store = new X509Store(StoreName.My);
X509Certificate2 x509_2 = null;
store.Open(OpenFlags.ReadWrite);
if (DigitalCertificateName.Length > 0)
{
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.SubjectName.Name.Contains(DigitalCertificateName))
{
x509_2 = cert;
break;
}
}

if (x509_2 == null)
throw new Exception("No Certificate could be found in name " + DigitalCertificateName);
}
else
{
x509_2 = store.Certificates[0];
}

try
{
string PlainString = PlainStringToEncrypt.Trim();
byte[] cipherbytes = ASCIIEncoding.ASCII.GetBytes(PlainString);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PublicKey.Key;
byte[] cipher = rsa.Encrypt(cipherbytes, false);
return Convert.ToBase64String(cipher);
}
catch (Exception e)
{
//Hadle exception
throw e;
}

}//Method ends here

/// <summary>
/// To Decrypt clear text using RSACryptoServer Provider and Digital Certificate having Private Key.
/// </summary>
/// <param name="EncryptedStringToDecrypt"></param>
/// <returns></returns>
public string GetDecryptedText(string EncryptedStringToDecrypt)
{
X509Store store = new X509Store(StoreName.My);
X509Certificate2 x509_2 = null;
store.Open(OpenFlags.ReadWrite);
if (DigitalCertificateName.Length > 0)
{
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.SubjectName.Name.Contains(DigitalCertificateName))
{
x509_2 = cert;
break;
}
}
if (x509_2 == null)
throw new Exception("No Certificate could be found in name " + DigitalCertificateName);
}
else
{
x509_2 = store.Certificates[0];
}

try
{
byte[] cipherbytes = Convert.FromBase64String(EncryptedStringToDecrypt);
if (x509_2.HasPrivateKey)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PrivateKey;
byte[] plainbytes = rsa.Decrypt(cipherbytes, false);
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
return enc.GetString(plainbytes);
}
else
{
throw new Exception("Certificate used for has no private key.");
}
}
catch (Exception e)
{
//Hadle exception
throw e;
}
}//method ends here

History