We help IT Professionals succeed at work.

How to generate RSA key pairs and provide a pasphrase used in generation (not microsoft generated!)

aquila98 asked
Last Modified: 2008-01-09

I am trying to set up using C# and .Net 2.0 a RSA public/private key system to encrypt database columns (in varbinary). I want (like I used to be able to do in an old c library) to provide my own passphrase in generation the RSA keys (2048 or more).

It seems to be very hard to do! using RSACryptoServiceProvider will generate keys but somehow I do not trust that those private keys could not be hacked somehow. I prefer to provide my own passphrase. I looked for a GNU type of package for C# and .net 2.0 but found none :(

So here is what I tried:
            CspParameters cspParam = new CspParameters();
            cspParam.Flags = CspProviderFlags.UseMachineKeyStore;
            cspParam.KeyPassword= passphrase;
            RSACryptoServiceProvider x = new RSACryptoServiceProvider(cspParam);

            String publicKey  = x.ToXmlString(false);
            String privateKey = x.ToXmlString(true);

I just want to presist the keys for now. but I get a exception in ToXmlString(false); stating only wrong type!

anyone here has any hints or tips on how to generate those RSA keys using a password. I would like to use the same keys to sign PGP email and stuff. Actually PGP does a nice job with keys asking the user to move the mouse around to generate the seeds and then a strong passphrase for the keys. I'd like to do the same. Is there sample somewhere?

thanks for any info.

Watch Question

Just curious, why you want to use the RSA algorithm for this? Why not use  aplain private key encryption for this?

Hopefully you'll get a better answer but we've been using a low-tech approach that works fine.  www.gnupg.org has their free gpg implementation.  It doesn't have an api, but the exe is great.  We just build command lines with the proper args and invoke the exe, either redirecting output or reading the resulting file(s) to get the result.


I need to allow user to add data to the database using the public key and only the application with its provate key can read the from the database. Its also a way to sign the data in the database. So I need key pairs for that and I pick RSA because it is well in use.

Since microsoft has gone into the trouble of building a RSA provided i figured there must be a way to properly use it and specify our own passphrase in the generation of the keys as opposed to just allow Microsoft to use any algorithm to generate it (and possibly re-generate it)
>> only the application with its provate key can read the from the database.

Does that mean that apart from the application holding itr private key, you also require that a application user key in a password?
If you looked at RSA algorithm, its about two prime numbers that are related with each other some way so that they are related to each other. I am not sure how you are looking at a passphrase to generate these numbers

The gnu pgp app works like you describe.  It stores public/private keys in its own database with weak protection and requires a password to get those.  This saves you some trouble but assumes your database isn't subject to strong attacks.


hmmmmmm... I looked around in google and seems MS has indeed decided to implement its own key generation (being parano I assume there is a backdor to re-create he private key and decrypt at will)...
So I turned my attention to PGP in C# instead. I found some libraries but nothing free :(

I tend to shy away from implementation of crypto algorithm where one can't analyze the source code and make sure all is indeed as it should be...

I'll see if i can convert my old gnu C and C++ libraries into managed C++ so I can compile and use them in VS 2005

it's tough doing thing right!

since this is not really answered, I consider deleting this question... any objections?

Unlock this solution and get a sample of our free trial.
(No credit card required)

Closed, 200 points refunded.
Community Support Moderator
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.