c# - How to determine the Encryption Algorithm for Azure.Security.KeyVault.Keys.Cryptography.CryptographyClient.Decrypt on Keys

Question

The CryptographyClient requires EncryptionAlgorithm for the Decrypt operation. How can I determine what to use for a Self-Signed Key I created in OpenSSL or whatever for whatever key?

The EncryptionAlgorithm offers enum values of

1. Rsa15
2. RsaOaep
3. RsaOaep256

How do I choose out of the above if I already created Self-Signed RSA Key using OpenSSL?

question from:https://stackoverflow.com/questions/65841089/how-to-determine-the-encryption-algorithm-for-azure-security-keyvault-keys-crypt

Answer 1

Those algorithms are encryption algorithms, not key types. Which you should use depends on your application. Rsa15 (algorithm "RSA1_5") is old and not recommended for secure applications. RsaOaep (algorithm "RSA-OAEP") is probably more prolific but uses SHA-1 to hash, so RsaOaep256 (algorithm (RSA-OAEP-256) is more secure since it uses SHA-256.

You can read about these algorithms from various sources including Wikipedia.

In the Key Vault SDK for C#, we also support those algorithms locally if you have the key material (like public key for encryption) locally, since those same algorithms are supported locally. Some algorithms may not always be supported, like EC keys on .NET Framework 4.6.1 which will throw a NotSupportedException.