Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component

Index of Chilkat Blog Posts

February 28, 2008

Chilkat Crypt2 PKI Encryption vs. Chilkat RSA Encryption

This is a VB6 example that demonstrates the difference between the Chilkat Crypt2 component’s "PKI" encryption and the Chilkat RSA component’s encryption.

When then Chilkat Crypt2’s CryptAlgorithm property is set to "PKI" the output is a PKCS #7 object (i.e. an ASN.1 encoded PKCS7 object). A digital certificate is selected for encryption by calling SetEncryptCert prior to encrypting.

The output of the Chilkat RSA component’s encryption is a stream of RSA encrypted blocks, each padded using PKCS v1.5 or OAEP padding. The comments in the code below provide more details.

    ' Create some text for encrypting.
    Dim plainText As String
    plainText = ""
    For i = 1 To 100
        plainText = plainText & "This is a test 1234567890 ABCD." & vbCrLf
    ' Load a certificate from the Current User or Local Machine certificate store:
    Dim cert As New ChilkatCert
    success = cert.LoadByCommonName("Chilkat Software")
    If (success <> 1) Then
        MsgBox cert.LastErrorText
        Exit Sub
    End If
    Dim crypt2 As New ChilkatCrypt2
    success = crypt2.UnlockComponent("Anything for 30-day trial")
    If (success <> 1) Then
        MsgBox crypt2.LastErrorText
        Exit Sub
    End If
    ' Tell the crypt2 object to use the digital certificate.
    crypt2.SetEncryptCert cert
    ' Set the encryption algorithm and other params.
    crypt2.CryptAlgorithm = "PKI"
    crypt2.Charset = "iso-8859-1"
    crypt2.EncodingMode = "base64"
    ' Encrypt to create a base-64 encoded PKCS#7 object:
    Text1.Text = crypt2.EncryptStringENC(plainText)
    ' Write the PKCS7 object to a file.  (This is a DER-encoded (ASN.1) PKCS7 object.
    success = crypt2.WriteFile("encrypted.der", crypt2.Decode(Text1.Text, "base64"))
    If (success <> 1) Then
        MsgBox crypt2.LastErrorText
        Exit Sub
    End If
    ' Now use Chilkat RSA.  The output here
    Dim rsa As New ChilkatRsa
    success = rsa.UnlockComponent("Anything for 30-day trial")
    If (success <> 1) Then
        MsgBox rsa.LastErrorText
        Exit Sub
    End If
    ' Get the public key from the cert:
    Dim pubKey As publicKey
    Set pubKey = cert.ExportPublicKey()
    ' Use this key with the RSA component:
    rsa.ImportPublicKey pubKey.GetXml()
    ' Choose PKCS v1.5 padding
    ' If OaepPadding is set to 1, then OAEP padding is used.
    rsa.OaepPadding = 1
    ' Use Base64:
    rsa.EncodingMode = "base64"
    ' Use the public key for encrypting
    usePrivateKey = 0
    Text2.Text = rsa.EncryptStringENC(plainText, usePrivateKey)
    ' Note: You typically wouldn't use RSA encryption to encrypt a large amount of data
    ' because the algorithm is about 1000 times slower than a symmetric encryption algorithm,
    ' such as AES, Blowfish, Twofish, etc.
    ' The output of RSA encryption is a block equal in size to the key.  For example,
    ' if the key is 1024 bits, the output is equal to 128 bytes.  If more data exists
    ' than what would fit in a single block, then N blocks are output.
    ' Each output block contains both encrypted data and padding.  The amount of padding depends
    ' on whether PKCS 1.5 padding or OAEP padding is used.  If PKCS 1.5 padding is used,
    ' the padding is always equal to 11 bytes.  If OAEP padding is used, the padding is
    ' equal to the twice the size of the hash algorithm's output plus 2 extra bytes.
    ' For example, if a 1024 bit key with PKCS v1.5 padding is used, your data is divided into
    ' chunks of 117 bytes each, and the encrypted output is composed of 128-byte blocks
    ' each of which contains 11 bytes of padding and 117 bytes of encrypted data.
    ' Save this encrypted output to a file.
    ' Unlike the ChilkatCrypt2 PKI encryption, the ChilkatRsa encrypted output is NOT ASN.1.
    success = crypt2.WriteFile("rsaOutput.dat", crypt2.Decode(Text2.Text, "base64"))
    If (success <> 1) Then
        MsgBox crypt2.LastErrorText
        Exit Sub
    End If

Privacy Statement. Copyright 2000-2011 Chilkat Software, Inc. All rights reserved.
Send feedback to

Components for Microsoft Windows XP, 2000, 2003 Server, Vista, Windows 7, and Windows 95/98/NT4.