Use RSACryptoServiceProvider Instead of RSA for Asymmetric Encryption
RSACryptoServiceProvider inherits from RSA under System.Security.Cryptography and used for asymmetric encryption and decryption purposes in .NET Framework. RSA inherits from AsymmetricAlgorithm.
In order to use either of them need to create RSA instance. It is possible either via RSA.Create method or using RSACryptoProvider constructor. I advice to use RSACryptoProvider constructor method.
Performance
Let's look closely at RSA.Create method. Since RSA is an abstract class we cannot use its constructor directly but need to call for RSA.Create in order to get RSA instance. RSA.Create calls for CryptoConfig.CreateFromName method passing string parameter ("System.Security.Cryptography.RSA"). CreateFromName uses Reflection to create instance. So performance sucks. Actually RSA.Create is 2 times more expensive than RSACryptoProvider constructor. Relevant lines from Log 10 Costs file by Rico Mariani:
System.Security.Cryptography.RSA.Create 3.8 System.Security.Cryptography.RSACryptoServiceProvider.#ctor 1.9
Impersonation
Using RSACryptoProvider (instead of using RSA directly) is a more flexible way to operate when running on limited security environment. For example - RSA uses private and public keys stored in the user profile of the calling user. Since user profile is not loaded in ASP.NET for performance reasons - RSA will throw runtime exceptions when impersonating or running Application Pool under an account whose user profile is not loaded.
In this case set the static UseMachineKeyStore property to use the machine key store instead of the user profile key store. All code in the current application domain will use this setting.
RSACryptoServiceProvider.UseMachineKeyStore = true;
Hope, this was useful...
Friday, March 2, 2007 4:15 AM
