RSACryptoServiceProvider Class (System.Security.Cryptography)

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

RSACryptoServiceProvider Class

Updated: May 2009

Performs asymmetric encryption and decryption using the implementation of the RSA algorithm provided by the cryptographic service provider (CSP). This class cannot be inherited.

Namespace: System.Security.Cryptography
Assembly: mscorlib (in mscorlib.dll)

Syntax

Visual Basic (Declaration)

<ComVisibleAttribute(True)> _
Public NotInheritable Class RSACryptoServiceProvider _
    Inherits RSA _
    Implements ICspAsymmetricAlgorithm

Visual Basic (Usage)

Dim instance As RSACryptoServiceProvider

[ComVisibleAttribute(true)]
public sealed class RSACryptoServiceProvider : RSA, 
    ICspAsymmetricAlgorithm

Visual C++

[ComVisibleAttribute(true)]
public ref class RSACryptoServiceProvider sealed : public RSA, 
    ICspAsymmetricAlgorithm

JScript

public final class RSACryptoServiceProvider extends RSA implements ICspAsymmetricAlgorithm

Remarks

This is the default implementation of RSA.

The RSACryptoServiceProvider supports key lengths from 384 bits to 16384 bits in increments of 8 bits if you have the Microsoft Enhanced Cryptographic Provider installed. It supports key lengths from 384 bits to 512 bits in increments of 8 bits if you have the Microsoft Base Cryptographic Provider installed.

Important Note:
You should IDisposable when finished with the RSACryptoServiceProvider instantiat the object in a using statement for example using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()). For more information about the using statement, see using Statement (C# Reference) or Using Statement (Visual Basic).

Interoperation with the Microsoft Cryptographic API (CAPI)

Unlike the RSA implementation in unmanaged CAPI, the RSACryptoServiceProvider class reverses the order of an encrypted array of bytes after encryption and before decryption. By default, data encrypted by the RSACryptoServiceProvider class cannot be decrypted by the CAPI CryptDecrypt function and data encrypted by the CAPI CryptEncrypt method cannot be decrypted by the RSACryptoServiceProvider class.

If you do not compensate for the reverse ordering when interoperating between APIs, the RSACryptoServiceProvider class throws a CryptographicException.

To interoperate with CAPI, you must manually reverse the order of encrypted bytes before the encrypted data interoperates with another API. You can easily reverse the order of a managed byte array by calling the Array..::.Reverse method.

Topic	Location
How to: Decrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Decrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Decrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Decrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Encrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Encrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Encrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Encrypt XML Elements with Asymmetric Keys	.NET Framework: Security
How to: Sign XML Documents with Digital Signatures	.NET Framework: Security
How to: Sign XML Documents with Digital Signatures	.NET Framework: Security
How to: Sign XML Documents with Digital Signatures	.NET Framework: Security
How to: Sign XML Documents with Digital Signatures	.NET Framework: Security
How to: Store Asymmetric Keys in a Key Container	.NET Framework: Security
How to: Store Asymmetric Keys in a Key Container	.NET Framework: Security
How to: Store Asymmetric Keys in a Key Container	.NET Framework: Security
How to: Store Asymmetric Keys in a Key Container	.NET Framework: Security
How to: Verify the Digital Signatures of XML Documents	.NET Framework: Security
How to: Verify the Digital Signatures of XML Documents	.NET Framework: Security
How to: Verify the Digital Signatures of XML Documents	.NET Framework: Security
How to: Verify the Digital Signatures of XML Documents	.NET Framework: Security

Examples

The following code example uses the RSACryptoServiceProvider class to encrypt a string into an array of bytes and then decrypt the bytes back into a string.

Visual Basic

Imports System
Imports System.Security.Cryptography
Imports System.Text

 _

Class RSACSPSample


    Shared Sub Main()
        Try
            'Create a UnicodeEncoder to convert between byte array and string.
            Dim ByteConverter As New UnicodeEncoding()

            'Create byte arrays to hold original, encrypted, and decrypted data.
            Dim dataToEncrypt As Byte() = ByteConverter.GetBytes("Data to Encrypt")
            Dim encryptedData() As Byte
            Dim decryptedData() As Byte

            'Create a new instance of RSACryptoServiceProvider to generate
            'public and private key data.
            Using RSA As New RSACryptoServiceProvider

                'Pass the data to ENCRYPT, the public key information 
                '(using RSACryptoServiceProvider.ExportParameters(false),
                'and a boolean flag specifying no OAEP padding.
                encryptedData = RSAEncrypt(dataToEncrypt, RSA.ExportParameters(False), False)

                'Pass the data to DECRYPT, the private key information 
                '(using RSACryptoServiceProvider.ExportParameters(true),
                'and a boolean flag specifying no OAEP padding.
                decryptedData = RSADecrypt(encryptedData, RSA.ExportParameters(True), False)

                'Display the decrypted plaintext to the console. 
                Console.WriteLine("Decrypted plaintext: {0}", ByteConverter.GetString(decryptedData))
            End Using
        Catch e As ArgumentNullException
            'Catch this exception in case the encryption did
            'not succeed.
            Console.WriteLine("Encryption failed.")
        End Try
    End Sub


    Public Shared Function RSAEncrypt(ByVal DataToEncrypt() As Byte, ByVal RSAKeyInfo As RSAParameters, ByVal DoOAEPPadding As Boolean) As Byte()
        Try
            Dim encryptedData() As Byte
            'Create a new instance of RSACryptoServiceProvider.
            Using RSA As New RSACryptoServiceProvider

                'Import the RSA Key information. This only needs
                'toinclude the public key information.
                RSA.ImportParameters(RSAKeyInfo)

                'Encrypt the passed byte array and specify OAEP padding.  
                'OAEP padding is only available on Microsoft Windows XP or
                'later.  
                encryptedData = RSA.Encrypt(DataToEncrypt, DoOAEPPadding)
            End Using
            Return encryptedData
            'Catch and display a CryptographicException  
            'to the console.
        Catch e As CryptographicException
            Console.WriteLine(e.Message)

            Return Nothing
        End Try
    End Function


    Public Shared Function RSADecrypt(ByVal DataToDecrypt() As Byte, ByVal RSAKeyInfo As RSAParameters, ByVal DoOAEPPadding As Boolean) As Byte()
        Try
            Dim decryptedData() As Byte
            'Create a new instance of RSACryptoServiceProvider.
            Using RSA As New RSACryptoServiceProvider
                'Import the RSA Key information. This needs
                'to include the private key information.
                RSA.ImportParameters(RSAKeyInfo)

                'Decrypt the passed byte array and specify OAEP padding.  
                'OAEP padding is only available on Microsoft Windows XP or
                'later.  
                decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding)
                'Catch and display a CryptographicException  
                'to the console.
            End Using
            Return decryptedData
        Catch e As CryptographicException
            Console.WriteLine(e.ToString())

            Return Nothing
        End Try
    End Function
End Class

using System;
using System.Security.Cryptography;
using System.Text;

class RSACSPSample
{

    static void Main()
    {
        try
        {
            //Create a UnicodeEncoder to convert between byte array and string.
            UnicodeEncoding ByteConverter = new UnicodeEncoding();

            //Create byte arrays to hold original, encrypted, and decrypted data.
            byte[] dataToEncrypt = ByteConverter.GetBytes("Data to Encrypt");
            byte[] encryptedData;
            byte[] decryptedData;

            //Create a new instance of RSACryptoServiceProvider to generate
            //public and private key data.
            using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
            {

                //Pass the data to ENCRYPT, the public key information 
                //(using RSACryptoServiceProvider.ExportParameters(false),
                //and a boolean flag specifying no OAEP padding.
                encryptedData = RSAEncrypt(dataToEncrypt, RSA.ExportParameters(false), false);

                //Pass the data to DECRYPT, the private key information 
                //(using RSACryptoServiceProvider.ExportParameters(true),
                //and a boolean flag specifying no OAEP padding.
                decryptedData = RSADecrypt(encryptedData, RSA.ExportParameters(true), false);

                //Display the decrypted plaintext to the console. 
                Console.WriteLine("Decrypted plaintext: {0}", ByteConverter.GetString(decryptedData));
            }
        }
        catch (ArgumentNullException)
        {
            //Catch this exception in case the encryption did
            //not succeed.
            Console.WriteLine("Encryption failed.");

        }
    }

    static public byte[] RSAEncrypt(byte[] DataToEncrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
    {
        try
        {
            byte[] encryptedData;
            //Create a new instance of RSACryptoServiceProvider.
            using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
            {

                //Import the RSA Key information. This only needs
                //toinclude the public key information.
                RSA.ImportParameters(RSAKeyInfo);

                //Encrypt the passed byte array and specify OAEP padding.  
                //OAEP padding is only available on Microsoft Windows XP or
                //later.  
                encryptedData = RSA.Encrypt(DataToEncrypt, DoOAEPPadding);
            }
            return encryptedData;
        }
        //Catch and display a CryptographicException  
        //to the console.
        catch (CryptographicException e)
        {
            Console.WriteLine(e.Message);

            return null;
        }

    }

    static public byte[] RSADecrypt(byte[] DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
    {
        try
        {
            byte[] decryptedData;
            //Create a new instance of RSACryptoServiceProvider.
            using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
            {
                //Import the RSA Key information. This needs
                //to include the private key information.
                RSA.ImportParameters(RSAKeyInfo);

                //Decrypt the passed byte array and specify OAEP padding.  
                //OAEP padding is only available on Microsoft Windows XP or
                //later.  
                decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding);
            }
            return decryptedData;
        }
        //Catch and display a CryptographicException  
        //to the console.
        catch (CryptographicException e)
        {
            Console.WriteLine(e.ToString());

            return null;
        }

    }
}

Visual C++

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Text;
array<Byte>^ RSAEncrypt( array<Byte>^DataToEncrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding )
{
   try
   {

      //Create a new instance of RSACryptoServiceProvider.
      RSACryptoServiceProvider^ RSA = gcnew RSACryptoServiceProvider;

      //Import the RSA Key information. This only needs
      //toinclude the public key information.
      RSA->ImportParameters( RSAKeyInfo );

      //Encrypt the passed byte array and specify OAEP padding.  
      //OAEP padding is only available on Microsoft Windows XP or
      //later.  

      array<Byte>^encryptedData = RSA->Encrypt( DataToEncrypt, DoOAEPPadding );
      delete RSA;
      return encryptedData;
   }
   //Catch and display a CryptographicException  
   //to the console.
   catch ( CryptographicException^ e ) 
   {
      Console::WriteLine( e->Message );
      return nullptr;
   }

}

array<Byte>^ RSADecrypt( array<Byte>^DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding )
{
   try
   {

      //Create a new instance of RSACryptoServiceProvider.
      RSACryptoServiceProvider^ RSA = gcnew RSACryptoServiceProvider;

      //Import the RSA Key information. This needs
      //to include the private key information.
      RSA->ImportParameters( RSAKeyInfo );

      //Decrypt the passed byte array and specify OAEP padding.  
      //OAEP padding is only available on Microsoft Windows XP or
      //later.  
      
      array<Byte>^decryptedData = RSA->Decrypt( DataToDecrypt, DoOAEPPadding );
      delete RSA;
      return decryptedData;
   }
   //Catch and display a CryptographicException  
   //to the console.
   catch ( CryptographicException^ e ) 
   {
      Console::WriteLine( e );
      return nullptr;
   }

}

int main()
{
   try
   {

      //Create a UnicodeEncoder to convert between byte array and string.
      UnicodeEncoding^ ByteConverter = gcnew UnicodeEncoding;

      //Create byte arrays to hold original, encrypted, and decrypted data.
      array<Byte>^dataToEncrypt = ByteConverter->GetBytes( "Data to Encrypt" );
      array<Byte>^encryptedData;
      array<Byte>^decryptedData;

      //Create a new instance of RSACryptoServiceProvider to generate
      //public and private key data.
      RSACryptoServiceProvider^ RSA = gcnew RSACryptoServiceProvider;

      //Pass the data to ENCRYPT, the public key information 
      //(using RSACryptoServiceProvider.ExportParameters(false),
      //and a boolean flag specifying no OAEP padding.
      encryptedData = RSAEncrypt( dataToEncrypt, RSA->ExportParameters( false ), false );

      //Pass the data to DECRYPT, the private key information 
      //(using RSACryptoServiceProvider.ExportParameters(true),
      //and a boolean flag specifying no OAEP padding.
      decryptedData = RSADecrypt( encryptedData, RSA->ExportParameters( true ), false );

      //Display the decrypted plaintext to the console. 
      Console::WriteLine( "Decrypted plaintext: {0}", ByteConverter->GetString( decryptedData ) );
      delete RSA;
   }
   catch ( ArgumentNullException^ ) 
   {

      //Catch this exception in case the encryption did
      //not succeed.
      Console::WriteLine( "Encryption failed." );
   }

}

The following code example exports the key information created using the RSACryptoServiceProvider into an RSAParameters object.

Visual Basic

        Try

            'Create a new RSACryptoServiceProvider object. 
            Dim RSA As New RSACryptoServiceProvider()

            'Export the key information to an RSAParameters object.
            'Pass false to export the public key information or pass
            'true to export public and private key information.
            Dim RSAParams As RSAParameters = RSA.ExportParameters(False)


        Catch e As CryptographicException
            'Catch this exception in case the encryption did
            'not succeed.
            Console.WriteLine(e.Message)
        End Try

        try
        {
            //Create a new RSACryptoServiceProvider object.
            RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();


            //Export the key information to an RSAParameters object.
            //Pass false to export the public key information or pass
            //true to export public and private key information.
            RSAParameters RSAParams = RSA.ExportParameters(false);


        }
        catch(CryptographicException e)
        {
            //Catch this exception in case the encryption did
            //not succeed.
            Console.WriteLine(e.Message);

        }

Visual C++

try
{
   //Create a new RSACryptoServiceProvider Object*.
   RSACryptoServiceProvider^ RSA = gcnew RSACryptoServiceProvider;

   //Export the key information to an RSAParameters object.
   //Pass false to export the public key information or pass
   //true to export public and private key information.
   RSAParameters RSAParams = RSA->ExportParameters( false );
}
catch ( CryptographicException^ e ) 
{
   //Catch this exception in case the encryption did
   //not succeed.
   Console::WriteLine( e->Message );
}

Inheritance Hierarchy

System..::.Object
  System.Security.Cryptography..::.AsymmetricAlgorithm
    System.Security.Cryptography..::.RSA
      System.Security.Cryptography..::.RSACryptoServiceProvider

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 3.5, 2.0

Reference

RSACryptoServiceProvider Members

System.Security.Cryptography Namespace

Other Resources

Cryptographic Services

Change History

Date	History	Reason
May 2009	Added a note about ensuring that IDisposable is called after you use this class.	Information enhancement.

Date

History

Reason

May 2009

Added a note about ensuring that IDisposable is called after you use this class.

Information enhancement.