Public key exchange across .Net and Windows Store Apps RRS feed

  • Question

  • It seems the more I learn about developing on Windows Store Apps, I learn more about what I can't do rather than what I can do. I'm hoping this isn't another case.  Here is my scenario.

    I'm developing a solution that uses Symmetric cryptography to securely exchange data across devices and apps (using Windows Store apps, and standard WPF .Net apps). This allows two different devices to securely exchange data. Being a good boy, I follow best practices and generate temporary session keys to use for the encryption. This pattern requires that both parties know what the symmetric key is. In the .Net world, I could use both X509Certificates to encrypt the session key, and then send to the other party. The WinRT developers at Microsoft have taken that capability away from  me. Thus, I have to resort to plan B, which is using RSA Keys to do this encryption.

    In .Net, I can use RSACryptoServiceProvider coupled with a RSAOAEPKeyExchangeFormatter to build a secure key exchange. RSAOAEPKeyExchangeFormatter doesn't exist in WinRT, so I have to resort to another option. This requires that both parties have the same RSA keys (the sender would need to have the recipient's Public Key, and the recipient would need to have the RSA private key).  This requires a mechanism that copies RSA keys across devices. So my question is how do I sync the keys? How do I facilitate this key export/import from .Net based apps on one device, to Windows Store Apps on another device?

    On the recipient side (.Net app), I can use the RSACryptoServiceProvider.ExportCSPBlob() function to extract the public key to a byte array, and then send that the other party (Modern app). However, I cannot figure out how to import the RSA Public key into the Windows store app site. I tried using the AsymmetricKeyAlgorithmProvider.ImportKeyPair() method to import the public key, but I get an exception. I doesn't work.  I'm looking for options. Here is my use case

    Sending application contacts Receiving application to start an exchange.

    Receiving application exports his public key (using RSACryptoServiceProvider::ExportCSPBlob()), and sends to Sender application

    Sender application imports Receiving application's public key (using AsymmetricKeyAlgorithmProvider::ImportKeyPair()) into local key from byte array

    Sender application generates a symmetric key, encrypts it with the receivers public key.

    Sender application sends encrypted symmetric key to receiving application

    Sender application sends encrypted data (using the symmetric key) to receiver

    Receiver received encrypted symmetric key, and decrypts it using it's private key

    Receiver application receives encrypted data, and decrypts it using the decrypted symmetric key

    life is good

    Thursday, January 9, 2014 10:06 PM

All replies