Using BouncyCastle in .NET Core for RSA Key Generation, PEM Handling, and Encryption/Decryption

The article introduces the current challenges of encryption across different platforms and languages, and explains why the .NET official cryptography libraries are insufficient for certain algorithms, prompting the use of BouncyCastle.

Dependencies : BouncyCastle (Portable.BouncyCastle 1.8.5) is required, supporting .NET Framework, .NET Standard, .NET Core, Xamarin, and other platforms.

RSA Key Generation

Two methods are provided for generating RSA key pairs:

public RSAKeyParameter Pkcs1(int keySize, bool format = false) { /* generate RSA key pair, return Base64-encoded private and public keys */ }

public RSAKeyParameter Pkcs8(int keySize, bool format = false) { /* generate RSA key pair using PKCS8 format, return Base64-encoded keys */ }

Private Key Operations

Conversion between PKCS1 and PKCS8 formats is implemented:

public static string PrivateKeyPkcs1ToPkcs8(string privateKey, bool format = false) { /* convert PKCS1 private key to PKCS8 */ }

public static string PrivateKeyPkcs8ToPkcs1(string privateKey, bool format = false) { /* convert PKCS8 private key to PKCS1 */ }

Methods to extract a public key from a private key are also provided:

public static string GetPublicKeyFromPrivateKeyPkcs1(string privateKey) { /* extract public key from PKCS1 private key */ }

public static string GetPublicKeyFromPrivateKeyPkcs8(string privateKey) { /* extract public key from PKCS8 private key */ }

PEM Operations

Reading and writing PEM-formatted keys:

public static string ReadPkcs1PrivateKey(string text) { /* read PKCS1 PEM and return Base64 key */ }

public static string ReadPkcs8PrivateKey(string text) { /* read PKCS8 PEM and return Base64 key */ }

public static string WritePkcs1PrivateKey(string privateKey) { /* write PKCS1 PEM */ }

public static string WritePkcs8PrivateKey(string privateKey) { /* write PKCS8 PEM */ }

public static string WritePublicKey(string publicKey) { /* write public key PEM */ }

RSA Encryption and Decryption

Core methods for raw RSA encryption/decryption:

public static byte[] Encrypt(byte[] data, AsymmetricKeyParameter parameters, string algorithm) { /* encrypt data using specified algorithm */ }

public static byte[] Decrypt(byte[] data, AsymmetricKeyParameter parameters, string algorithm) { /* decrypt data */ }

Convenient wrappers for Base64 and Hex representations:

public static string EncryptToBase64(string data, AsymmetricKeyParameter parameters, string algorithm) { return Base64.ToBase64String(Encrypt(Encoding.UTF8.GetBytes(data), parameters, algorithm)); }

public static string DecryptFromBase64(string data, AsymmetricKeyParameter parameters, string algorithm) { return Encoding.UTF8.GetString(Decrypt(Base64.Decode(data), parameters, algorithm)); }

public static string EncryptToHex(string data, AsymmetricKeyParameter parameters, string algorithm) { return Hex.ToHexString(Encrypt(Encoding.UTF8.GetBytes(data), parameters, algorithm)); }

public static string DecryptFromHex(string data, AsymmetricKeyParameter parameters, string algorithm) { return Encoding.UTF8.GetString(Decrypt(Hex.Decode(data), parameters, algorithm)); }

RSA Cipher Algorithm Constants

Several RSA transformation strings are defined, e.g., RSA_ECB_PKCS1Padding = "RSA/ECB/PKCS1Padding" , RSA_NONE_OAEPWithSHA256AndMGF1Padding = "RSA/NONE/OAEPWithSHA256AndMGF1Padding" , covering NoPadding, PKCS1Padding, and various OAEP variants.

Example Usage

A complete example demonstrates encrypting a string with both PKCS1 and PKCS8 private keys using RSA_ECB_PKCS1Padding , comparing ciphertexts, extracting the public key from a PKCS1 private key, and decrypting the data with the public key.

Preview

The next article will cover hash algorithms such as HMACSHA1, HMACSHA256, SHA1, SHA1WithRSA, SHA256, and SHA256WithRSA.