Asymmetric Encryption and Decryption within .NET Framework

Asymmetric is different from symmetric in one major way. It does not require both parties to have a key. It’s the best solution for the internet since we have clients who don’t have keys while loading encrypted content to their computers.

Asymmetric Encryption and Decryption relies on the key pair where we have public and private key. Both keys are needed to encrypt and decrypt text. Public key is freely available but will do nothing without private key. However Asymmetric encryption has an overhead and not suitable for large texts. As a result, combination of two methods is employed for secure transmission on the web. HTTPS and SSL are using this combination. It starts with Asymmetric communication between client and server during which key is transferred in asymmetrically encrypted form. Once key is delivered it is then used to decrypt symmetrically encrypted text.

All classes for asymmetric algorithm are based on System.Security.Cryptography.AsymmetricAlgorithm class with the following properties.

  • KeyExchangeAlgorithm – get key exchange algorithm name.
  • KeySize – works with the size of the secret key for symmetric algorithm. Size is in bits.
  • LegalKeySizes - KeySizes array with array member contains MinSize and MaxSize.
  • SignatureAlgorithm – receives the URL of an XML document with the signature algorithm.
Two implementations of System.Security.Cryptography.AsymmetricAlgorithm class are available for us to use.

RSACryptoServiceProvider – is primarily used for asymmetric encryption and decryption and is used for RSA algorithm. There is an overhead since it asymmetric, so heavy in processing.



PersistKeyInCsp key is persistent in the CSP
UseMachineKeyStore key is persistent on the key store



Decrypt Decrypt with RSA algorithm
Encrypt Encrypt with RSA algorithm
ExportParameters Exports RSAParameters
FromXmlString Import key pair from XML string
ImportParameters Imports to key pair RSAParameters
SignData Computes Hash
SignHash Computes signature
VerifyData Verifies signature
VerifyHash Verifies signature to hash
DSACryptoServiceProvider Digital signature

DSACryptoServiceProvider – is used for signing messages digitally. Can guarantee Data confidentiality and is very light in comparison to RSACryptoServiceProvider

Asymmetric RSA Keys are structure and as such represented by RSAParameters structure.


D The private key
Exponent Short Public key
Modulus Long Public key

You will always need to export your public key and you do it in the following way

RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider();

RSAParameters publicKey = myRSA.ExportParameters(false);

You can also export key via CryptoAPI key storage and you will do it this way

CspParameters persistantCsp = new CspParameters();
persistantCsp.KeyContainerName = "AsymmetricExample";

RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider(persistantCsp);

myRSA.PersistKeyInCsp = true;

RSAParameters privateKey = myRSA.ExportParameters(true);

foreach (byte thisByte in privateKey.D)
    Console.Write(thisByte.ToString("X2") + " ");

Once key is stored .NET Framework will always reuse it.

Encryption and Decryption is done with the help of Decrypt and Encrypt methods of the class RSACryptoServiceProvider.

string messageString = "Hello, World!";
RSACryptoServiceProvider myRsa = new RSACryptoServiceProvider();
byte[] messageBytes = Encoding.Unicode.GetBytes(messageString);
byte[] encryptedMessage = myRsa.Encrypt(messageBytes, false);
byte[] decryptedBytes = myRsa.Decrypt(encryptedMessage, false);