Geek Answers Handbook

.Net: Do my RSA keys still function after August 2012?

I just read this article RSA keys under 1024 bits are blocked , and in my .NET software I widely use 384-bit keys. Will my program still be able to create / store / read keys from MachineKeyStore using RSACryptoServiceProvider? Or will I be forced to send a patch?

+8
cryptography rsa cryptoapi rsacryptoserviceprovider
source share
3 answers

I got a response from Microsft (Kurt L Hudson), and this update should only affect the build chain, so RSACryptoServiceProvider will continue to function with small keys after August 2012.

+4
source share

This is the recommended answer to the question that arose in the comments.

You may have found a way to use the symmetric client authentication method. I assume that now you are using a typical RSA signing scheme, in which a message hash is signed with the clients private key, which can then be verified with the public key.

Perhaps you can exchange the permanent key, and then encrypt the message digest with this key, instead of asymmetric. You will still be guaranteed that the person who sent the message knew the secret key, although you would have no way to check whether the message was sent by the client or server (since both know the key). If the client requested the server during authentication, this would help prevent people from taking medium attacks (although the client would need to have the public key of the server built in locally)

0
source share

If you minimize the size of the signature, then RSA is a bad choice to start with. DSA and ECDSA both provide shorter signatures with much greater strength than RSA. However, neither the DSA nor ECDSA will come close to the signature verification speed for the RSA 384.

If, however, you must continue to use the keys that you have, you will have to change your code to avoid using the Microsoft Cryptography API. You can use, for example, the Bouncycastle C # library if you use C #. Finally, you can complain to Microsoft about it. I doubt that everything will be fine, but you can always try.

0
source share

More articles:


All Articles