1

If I want to generate strong high quality RSA keys, is there any reason not to use Microsoft's built-in cryptography system? Or should I use something open source like OpenSSL or Bouncy Castle?

I'm not necessarily afraid of backdoors, but I'm wondering whether I can trust the process of finding quality primes. I don't want to find out in a year that all the CSP generated RSA parameters had a flaw and the primes are following a simple pattern. The successful GCD attack on one in every 200 out of thousands of publicly available RSA keys made me wonder.

The generation is a once and done issue, so I'm happy to go the extra mile generating the keys if it's any more secure.

jnm2
  • 1,762
  • 14
  • 27
  • Reading between the lines, is it fair to say your intent is to prevent copyright issues with your software? – makerofthings7 Apr 18 '12 at 17:15
  • No. The software itself is not encrypted at all. It is only processing a great deal of personal data over a network. My comment about key verification is only a practical one. – jnm2 Apr 18 '12 at 17:18
  • 2
    the question depends on if you need cross platform compatibility or anything, if it's all windows then it becomes more preference and if you trust them to have written that implementation correctly. Both MSFT's and OpenSSL have been verified by third parties. – ewanm89 Apr 18 '12 at 17:37
  • It's Windows only. Verified is good. Can I check on that? Google isn't helping. – jnm2 Apr 18 '12 at 17:48
  • 4
    FIPS140 is the US government's verification and compliance for crypto libraries: http://technet.microsoft.com/en-us/library/cc750357.aspx for microsofts implementation. – ewanm89 Apr 18 '12 at 18:03
  • 2
    @ewanm89 I think that would be a good answer... – AviD Apr 18 '12 at 22:16

1 Answers1

2

First if you're considering creating your own cryptography from the ground up, I sugguest reading the following post since there are many things that need to be considered before just using a PKI/RSA:

Lessons learned and misconceptions regarding encryption and cryptology

The benefit of using MSFT's crypto system is that the ciphers are covered by MSFT's warranty and have been analyzed by many people. You may want to ask in Crypto.SE if the MSFT implementation is vulnerable GCD attack

MSFT's implementation also allows for a FIPS only mode that is controlled by GPO. Using Bouncy Castle ignores this restriction and may cause issues for deployments if operating in a FIPS environment.

The good thing about Bouncy Castle is that it offers a higher-level implementation that covers key formats, PGP, and more.

One last thing to note; RijndaelManaged and AesManaged classes can both be used to generate RSA Keys, however they are not interchangeable. They are two different implementations of the Rijndael algorithm. For more information see this answer

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • Openssl also has some level of FIPS compliance if compiled to it. – ewanm89 Apr 18 '12 at 15:34
  • @Ewanm89 is FIPS mode controlled/enforced by GPO? (I added a link above) – makerofthings7 Apr 18 '12 at 15:41
  • I'm... not asking about building my own cryptography. I'm actually asking which prebuilt suite to use. Other than that, what I'm doing with it is straightforward textbook stuff. :-) Nothing new. – jnm2 Apr 18 '12 at 15:48
  • Also, how do you generate RSA keys from RijndaelManaged or AesManaged? Those classes are all about symmetric ciphers. I'm talking about public-key cryptography. – jnm2 Apr 18 '12 at 15:50
  • @jnm2 I hear you about wanting to use easy and simple PKI/RSA keys. The Crypto API offers too much flexibility that can get the layman developer into trouble. There are many samples on the internet (and MSFT's support site) [that violate at least one of the lessons learned](http://security.stackexchange.com/q/2202/396). What is the end to end encryption scenario you are considering? Where are the keys held? How are keys published? How are keys validated? This is where things get thorny. Perhaps update your question with this info... – makerofthings7 Apr 18 '12 at 15:55
  • I updated it. Still curious about RijndaelManaged and AesManaged. – jnm2 Apr 18 '12 at 16:14
  • @makerofthings7 GPO only ever applies to windows, if you replaced the .dll files with ones that didn't check the GPO it the GPO would be irrelevant, one can compile an openssl.dll that is only in FIPS mode (there are various FIPS levels, not sure what exactly it's certified to, it was a while ago). Surely better to only allow known openssl.dll with a particular hash on the system where you know it has been compiled for FIPS (I'm pretty sure this can be done with GPO's)? – ewanm89 Apr 18 '12 at 17:31
  • @ewanm89 He's referring to my software calling advapi.dll, which is part of Windows and contains Microsoft CSP. With CSP I can't use a library like OpenSSL. I'm calling into the operating system on the end users' computer, which is controlled by GPO. – jnm2 Apr 18 '12 at 17:50