Hi Bill,
If you're trying to interoperate with PGP the easiest thing for you to
do, I'm afraid, is going to be to shell out and call a PGP executable to
do the encryption. I say this because there are a bunch of pieces that
you'd need to implement yourself in order to interoperate with PGP from
within the .NET Framework or CryptoAPI, and by the time you've
implemented all these additional pieces you'll basically have completely
re-implemented PGP. Here are the two main issues I see:
1) Algorithm support: if you're using PGP to encrypt with what PGP calls
a Diffie-Hellman key, then what you're really doing is using a related
algorithm, Elgamal encryption, which isn't supported natively in either
CryptoAPI or the .NET Framework. So, you'd need to write or otherwise
acquire an implementation of Elgamal that could plug into CryptoAPI as a
CSP or System.Security.Cryptography as an AsymmetricAlgortihm in order
to perform the public key encryption/decryption.
Additionally, it's possible that you'd have to add some symmetric cipher
support. What suppetric cipher is used for bulk encryption by default by
PGP varies I believe by version. In particular, PGP used to use IDEA,
which we don't have in-the-box support for in the .NET Framework (you
could add it, of course). The OpenPGP standard specifies 3DES, which we
do have in the box, but PGP uses an uncommon cipher chaining mode (CFB
with full block size support) that we don't have support for in v1, so
even with 3DES you'd need to implement some code here too.
2) Data structure parsing: We don't have any in-the-box support for
parsing and generating PGP's message and data formats. They're now
fully specified in RFC 2440, but in order to properly parse or create a
PGP message you'd have to write the bit manipulation code to read/write
the various data structures (including both key- and data-related
packets). That's going to be a pile of work, too.
As an alternative, if you can get your business partner to use S/MIME
format messages instead of PGP format messages interop would be a lot
easier. We have support for S/MIME format messages in CryptoAPI and
CAPICOM (a COM wrapper for CryptoAPI), and you can use either of those
mechanisms from within the .NET Framework (via P/Invoke or tlbimp
CAPICOM, respectively).
Hope this helps,
--Brian LaMacchia
Co-author, .NET Framework
Security
-----Original Message-----
From: Booth, Bill [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 28, 2002 5:18 AM
To: Brian LaMacchia
Cc: dotnet discussion
Subject: RE: [DOTNET] Cryptography Namespace and Diffie-Hellman/DSS
Thanks for taking the time to answer Brian.
Unfortunately I do not have the knowledge of Crypto to fully understand
your answer. Here is the scenario, a business partner uses PGP for
encryption. They e-mail us their Diffie-Hellman public key and expect us
to use it to encrypt a text file to be sent to them.
Are you saying I can use the CryptoAPI to do a D-H exchange (not really
sure what that means) and then encrypt the file with one of the other
symmetric ciphers that System.Security.Cryptography supports?
Obviously I need your book which I ordered the other day.
Thanks in advance for any assistance.
Bill
-----Original Message-----
From: Brian LaMacchia [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 27, 2002 6:02 PM
To: [EMAIL PROTECTED]
Cc: dotnet discussion
Subject: RE: [DOTNET] Cryptography Namespace and Diffie-Hellman/DSS
Hi Bill,
There's currently no implementation of Diffie-Hellman key exchange in
the .NET Framework cryptography classes; you would need to call
CryptoAPI to do a D-H exchange. DSS is supported, but of course that
algorithm only provides signature services. Once you've done your D-H
key exchange to establish a shared secret, you can use that as your
session key with Rijndael, 3DES, or any of the other symmetric ciphers
using the System.Security.Cryptography classes.
Hope this helps,
--Brian LaMacchia
Co-author, .NET Framework
Security
-----Original Message-----
From: Booth, Bill [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 27, 2002 12:53 PM
To: [EMAIL PROTECTED]
Subject: [DOTNET] Cryptography Namespace and Diffie-Hellman/DSS
Does anyone know if you can encrypt a file using a Diffie-Hellman/DSS
public key with the .NET cryptography namespace or do you have to use
CryptoAPI?
Thanks for any info.
Bill
You can read messages from the DOTNET archive, unsubscribe from DOTNET,
or subscribe to other DevelopMentor lists at http://discuss.develop.com.
You can read messages from the DOTNET archive, unsubscribe from DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
