Thoughts on Software

Implementing RSA asymmetric public-private key encryption in C#: generating public / private key pair

with 4 comments

I was originally planning a single post about implementing RSA-based encryption in C# but it quickly got unmanageable so I decided to split it into three separate posts on generating keys, encrypting and decrypting text. And so here is the first post: generating a public / private key pair in C#.

The .Net Framework makes this task remarkably easy for us: we need only instantiate the RSACryptoServiceProvider class passing the key length to use and then return the value of the ToXmlString method of the object. ToXmlString accepts a single parameter, includePrivateParameters, which is a Boolean value indicating whether to return a public / private key pair (includePrivateParameters = true) or just the public key (includePrivateParameters = false).

The key length passed to the constructor of the RSACryptoServiceProvider class is the number of bits to use and so must be a multiple of 8. As discussed in my last post, 1024 bit key length is now the minimum realistic key length to use, with 2048 or 4096 being preferable and much more secure.

The only difference between creating a 1024 bit or 2048 bit key is in the value passed to the constructor of the RSACryptoServiceProvider class: 1024 and 2048 respectively. It really is that simple!

using System.Security.Cryptography;

/// <summary>

/// Generate new 1024 bit public / private key pair

/// </summary>

/// <returns>XML containing new 1024 bit public / private key pair</returns>

public static string Generate1024BitKeys


var rsaProvider = new RSACryptoServiceProvider(1024);

return rsaProvider.ToXmlString(true);


/// <summary>

/// Generate new 2048 bit public / private key pair

/// </summary>

/// <returns>XML containing new 2048 bit public / private key pair</returns>

public static string Generate2048BitKeys


var rsaProvider = new RSACryptoServiceProvider(2048);

return rsaProvider.ToXmlString(true);


As RSACryptoServiceProvider will accept any valid value as a constructor parameter, we can also develop a much more generic method of creating public / private key pairs, one which accepts a range of bit length values and returns an XML-encoded public / private key pair to match:

using System.Security.Cryptography;

        /// <summary>

/// Ensure that only a valid key length can be requested. Below is a sample (not exhaustive) of valid values

/// </summary>

public enum RsaKeyLengths


        Bit1024 = 1024,

        Bit2048 = 2048,

        Bit4096 = 4096


        /// <summary>

/// Generate new public / private key pair at requested bit strength

/// </summary>

/// <returns>Public / private key pair</returns>

public static string GenerateKeys(RsaKeyLengths length)


var rsaProvider = new RSACryptoServiceProvider((int) length);

return rsaProvider.ToXmlString(true);


So what does the resulting XML-encoded public / private key pair look like? Here’s a sample:











Written by andrewlocatelliwoodcock

July 20, 2011 at 20:08

Posted in C#, Encryption, Security

Tagged with , , ,

4 Responses

Subscribe to comments with RSS.

  1. […] on from my last post on how to generate a public / private key pair in C#, this is the next post in my series on using […]

  2. Very nice… but it would be a lot more helpful if you post the decryption part of this process.


    February 16, 2012 at 21:26

    • That’s a very fair point! It’s been on my to-do list for a while now but I will get around to it … it’s been annoying me a bit too … Thanks for commenting!


      February 19, 2012 at 19:56

  3. Nice post!
    I have done similar work recently on encrypting large text files using RSA / AES256 in C#

    Andrew Webb (@Tech_Recipe)

    April 18, 2013 at 21:35

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: