Hi Urs, If you don't have the high encryption pack installed, RSA keys are limited to 512 bits in size. The default for the RSACryptoServiceProvider class is 1024 bits, so you need to explicitly tell the RSACryptoServiceProvider class to use a smaller key size. For example:
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(512); The rsa object will hold a random 512-bit key, and that should work on any platform on which the .NET Framework is installed. A couple of additional notes: 1) I *strongly* encourage you to apply the high encryption updates to your machines; the old, export-limited key lengths are not considered secure today. 2) On systems prior to Win2K, RSACryptoServiceProvider is limited to encrypting at most 5 or 16 bytes (40 or 128 bits, depending on whether you have the high encryption pack). (Basically the OS allows you to encrypt a random symmetric session key, but not data all the way up to the size of the modulus.) Depending on your application, you will likely want to use a randomly-generated session key to bulk encrypt your sensitive data with a symmetric cipher (like Rijndael) and then encrypt the session key with RSA. For more information on crypto support in the .NET Framework, including pointers to the high encryption packs, check out the Cryptography FAQ on GotDotNet (http://www.gotdotnet.com/compare/clr/cryptofaq.htm) and Chapters 30 and 31 of ".NET Framework Security" (http://www.amazon.com/exec/obidos/ASIN/067232184X/). --Brian LaMacchia Co-author, .NET Framework Security -----Original Message----- From: Urs Eichmann [mailto:[EMAIL PROTECTED]] Sent: Monday, May 27, 2002 7:16 AM To: [EMAIL PROTECTED] Subject: [DOTNET] Encryption on NT4 and Win98 Hi Group To encrypt certain data in a XML file, I successfully use the RSACryptoServiceProvider as long as I'm on XP or W2K. However, if the program is used on NT4 (without high encryption pack) or Win98, there is an Exception thrown saying that the key size is invalid. I'm not a cryptography expert - can anyone tell me how I can encrypt something in a way ALL Windows OS can handle it (if possible without installing additional DLLs)? Thanks for any help! Urs You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
