andrewlocatelliwoodcock

Thoughts on Software

Introduction to RSA asymmetric encryption

with 5 comments


Protecting data has never been more important and yet in my experience a surprising number of people think that data protection starts and ends with SSL. But HTTPS only protects data in transit, not at either end of the pipeline. This becomes increasingly important once we are persisting sensitive data such as user passwords. Such data needs to be encrypted so that even if intercepted it cannot be used by an attacker, or the attacker can at least be put to an awful lot of trouble to decrypt the data.

When encrypting under a key, we can use either symmetric or asymmetric keys. A symmetric key is a piece of information that both parties have agreed on previously and the key must be known to both parties in order to allow encryption and decryption. Asymmetric keys have the property however that two keys are used in the encryption process but only one of these need be known to both parties, the other is kept secret and only the agent or agents who have this secret key can decrypt the encrypted message: the decrypting key need not be shared.

Asymmetric encryption uses a pair of keys, one public and one private, to encrypt and decrypt data: data is encrypted under the public key and then decrypted under the private. The keys are formed from a pair of very large prime numbers and the secrecy of the data is protected by the (presumed) difficulty of factoring large primes.

One of the most well-known asymmetric encryption algorithms is the RSA family. The strength of RSA lies in the key length and the already-mentioned difficulty of factoring large primes. A minimum secure key length is now 1024 bits although as primes of 768 bits are now known to have been factored, a key length of at least 2048 bits is preferable.

Whilst obviously this is a very brief introduction to a huge topic, it is a useful scene-setter to my next post: as we have come to expect, C# and the .Net Framework naturally support asymmetric encryption. Using that implementation is not exactly simples but it is not complete rocket-science either as long as someone is there to hold your hand …

Written by andrewlocatelliwoodcock

July 18, 2011 at 22:06

Posted in C#, Encryption, Security

Tagged with , , ,

5 Responses

Subscribe to comments with RSS.

  1. […] class is the number of bits to use and so must be a multiple of 8. As discussed in my last post, 1024 bit key length is now the minimum realistic key length to use, with 2048 or 4096 being […]

  2. Some genuinely interesting points you have written. Assisted me a lot, just what I was searching for : D.

    best reseller hosting india

    July 30, 2011 at 12:34

  3. As a website owner I believe the material here is reallyexcellent. I thank you for your time. You should keep it up forever! Best of luck..

    Jerry

    August 16, 2011 at 15:59

  4. Really great article with very interesting information. You might want to follow up to this topic!?! 2012

    celexa

    August 24, 2011 at 17:39


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: