Share via

Asymmetric Cryptography

S Abijith 466 Reputation points
2023-01-20T07:10:30.98+00:00

Hi All,

We have a C# application built on .Net Framework 4.7. It is a windows application. We have received a new requirement regarding 'Asymmetric Cryptography'.

The application has to implement RSA with a key length of 3072 bits or above or Elliptic Curve (EC) with a key length of 384 bits or above for Public key Signature or asymmetric cryptography and must deny usage of key below these sizes for TLS handshake.

Can anyone please explain as to how to achieve this in C#.

And also if this has to be taken care at the application level or will it be taken care at the OS level.

Any help is appreciated. Thank you in advance!!

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,307 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dimple Rane 921 Reputation points MVP
    2023-01-20T07:19:35.1533333+00:00

    In C#, you can implement RSA with a key length of 3072 bits or above or Elliptic Curve (EC) with a key length of 384 bits or above for Public key Signature or asymmetric cryptography using the classes in the System.Security.Cryptography namespace.

    Here is an example of how to generate an RSA key pair with a key length of 3072 bits:

    using (RSA rsa = RSA.Create(3072))
{
    // Generate public and private key
    RSAParameters rsaParams = rsa.ExportParameters(true);
    // Use the keys for encryption/decryption or signing/verifying
}

    And this is how you can generate an Elliptic Curve key pair with a key length of 384 bits:

    using (ECDsa ecdsa = ECDsa.Create(ECCurve.NamedCurves.brainpoolP384r1))
{
    // Generate public and private key
    ECParameters ecParams = ecdsa.ExportParameters(true);
    // Use the keys for signing/verifying
}

    You can also use the Cng class to create an RSA or ECDsa key with a specific key size.

    Regarding the implementation of the key size restriction for the TLS handshake, it depends on the implementation of your application's transport layer security (TLS) protocol.

    If the application uses the built-in .NET Framework classes for TLS, such as SslStream, then you will need to implement the key size restriction at the application level, by validating the key size of the certificate used during the TLS handshake and rejecting connections that do not meet the minimum key size requirement.

    If the application uses a third-party library for the TLS implementation, you should check the library's documentation to see if it has built-in support for key size restrictions.

  2. Bruce (SqlWork.com) 71,586 Reputation points
    2023-01-20T21:00:28.24+00:00

    as you are talking about a TSL handshake, then you will need to validate the certificate to ensure its public key has enough bit to fullfill your requirements. see:

    [https://learn.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.servercertificatevalidationcallback?view=net-7.0

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.