none
Change the default KeyEncryptionAlgorithm of EnvelopedCms.Encrypt Method RRS feed

  • Question

  • When i'm using the EnvelopedCms.Encrypt() Method the KeyEncryptionAlgorithm used by default is rsaesOaep (OID 1.2.840.113549.1.1.7).

    But i have to use rsaEncryption (OID 1.2.840.113549.1.1.1), because the recipient does not support the default algorithm

    Is it possible to change the KeyEncryptionAlgorithm?


    Thursday, March 26, 2015 12:51 PM

Answers

  • Hello prometeus2015,

    >>Is it possible to change the KeyEncryptionAlgorithm?

    The third constructor of the EnvelopedCms Class(EnvelopedCms(ContentInfo, AlgorithmIdentifier)) creates an instance of the EnvelopedCms class by using the specified content information and encryption algorithm. The second parameter AlgorithmIdentifier class defines the algorithm used for a cryptographic operation and it could accepts an OID to create an instance of the AlgorithmIdentifier class with the specified algorithm identifier. You could have a try it as:

    var i3 = new EnvelopedCms(new ContentInfo(Encoding.UTF8.GetBytes("ahoj")), new AlgorithmIdentifier(new System.Security.Cryptography.Oid("2.16.840.1.101.3.4.1.42")));

    Or since you are trying with a rsaEncryption, you could have a try with the RSACryptoServiceProvider Class:

    https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider(v=vs.110).aspx

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, March 27, 2015 8:53 AM
    Moderator

All replies

  • Hello prometeus2015,

    >>Is it possible to change the KeyEncryptionAlgorithm?

    The third constructor of the EnvelopedCms Class(EnvelopedCms(ContentInfo, AlgorithmIdentifier)) creates an instance of the EnvelopedCms class by using the specified content information and encryption algorithm. The second parameter AlgorithmIdentifier class defines the algorithm used for a cryptographic operation and it could accepts an OID to create an instance of the AlgorithmIdentifier class with the specified algorithm identifier. You could have a try it as:

    var i3 = new EnvelopedCms(new ContentInfo(Encoding.UTF8.GetBytes("ahoj")), new AlgorithmIdentifier(new System.Security.Cryptography.Oid("2.16.840.1.101.3.4.1.42")));

    Or since you are trying with a rsaEncryption, you could have a try with the RSACryptoServiceProvider Class:

    https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider(v=vs.110).aspx

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, March 27, 2015 8:53 AM
    Moderator
  • I mean this isn't the right answer.

    Cryptographic Message Syntax use two algorithms to envelop a file.

    First, the file is encrypted generaly using an AES algorithm (AES-128-CBC for example) with a session key.

    The session key is common to all recipients of the message. But we need to encrypt the session key to unable any "human in the middle" from reading the key and decrypt the message.

    Then, the session key is encrypted using another asymetric algorithm (like RSA Encryption, RAS-OAEP...) using the public key of each recipient. 

    When any recipient needs to decrypt the message, he uses his private key to decrypt the part of the message containing the session key encrypted for him. Then, with the session key, the recipient is able to decrypt the message.

    The first algorithm is the second parameters of the EnvelopedCms constructor.

    The second algorithm (to encrypt the session key) depends on the recipient certificate. 

    It seems the .NET framework doesn't handle this dependency and always uses RSA-OAEP algorithm instead of the algorithm requested in the certificate. 

    I mean this question is related to this other one:

    https://social.msdn.microsoft.com/Forums/en-US/cd4e2cce-c827-4969-84b1-1fe45de24bca/key-encryption-algorithm




    • Edited by stlaur Tuesday, August 11, 2015 6:54 AM
    Tuesday, August 11, 2015 6:44 AM
  • This is not the correct answer. Please remove the "answered" flag.
    Thursday, September 15, 2016 2:10 PM