Implement RSA Encryption with Standard Keys#32
Merged
Conversation
… size This commit introduces comprehensive RSA encryption/decryption functionality with enhanced security through conservative key size requirements: Changes: - Increased minimum RSA key size from 1024 to 2048 bits per NIST recommendations - Removed 1024-bit from accepted key sizes (now: 2048, 3072, 4096, 8192, 16384) - Added RsaEncryptionService with support for: - Key generation with configurable key sizes (default: 2048-bit) - Public key encryption with PKCS#1 and OAEP padding modes - Private key decryption with matching padding support - Async operations for CPU-bound encryption/decryption - Proper input validation and error handling - Secure memory management for sensitive key material - Updated RsaDigitalSignatureServiceTests to use 2048-bit keys - Added comprehensive test suite for RsaEncryptionService covering: - Key generation and derivation - Encryption/decryption with multiple padding modes - Round-trip data preservation - Security validation (tampered data detection) - Edge cases (max message size, different key sizes) - Async operation correctness Security rationale: - 1024-bit RSA is deprecated and considered insecure by modern standards - NIST recommends 2048-bit minimum for current use - Default OAEP padding provides better security than PKCS#1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…ptionService Added the HeroCrypt.Abstractions namespace import to resolve compilation error for ISecureMemoryManager type reference. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…ions-011CUYvsS13HdootLX3eB6As
…rvice Added type alias 'SystemHashAlgorithmName' for System.Security.Cryptography.HashAlgorithmName to disambiguate from HeroCrypt.Abstractions.HashAlgorithmName. Updated all references throughout the RsaEncryptionService to use the aliased type. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…um RSA keys Updated test cases to reflect the new 2048-bit minimum key size requirement: - Renamed GenerateRsaKeyPair_1024Bits_ReturnsValidKeyPair to use 2048 bits - Updated GenerateRsaKeyPair_InvalidKeySize_ThrowsException to test with 1024 bits (now invalid) - Updated expected error message from "1024 bits" to "2048 bits" - Updated GenerateRsaKeyPairAsync_WorksCorrectly to use 2048-bit keys These changes align with the enhanced security requirements enforced in InputValidator. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated RSA key size validation tests to reflect the new 2048-bit minimum: - Removed 1024 from ValidateRsaKeySize_ValidSizes_DoesNotThrow test cases - Added 3072 as a valid size (2048, 3072, 4096 now tested) - Added 1024 to ValidateRsaKeySize_InvalidSizes_ThrowsArgumentException (now correctly rejected) These changes align with the enhanced security requirements enforced in InputValidator. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…ptionService Removed the unused _memoryManager field and memoryManager constructor parameter. The service already uses SecureMemoryOperations.SecureClear() directly for memory clearing, and ISecureMemoryManager is for buffer allocation/pooling which is not needed for RSA operations. This eliminates an unnecessary optional dependency that was never used. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…rvices Removed the unused _memoryManager field and memoryManager constructor parameter from three services that declared but never used it: - Blake2bHashingService - CryptographicKeyGenerationService - RsaDigitalSignatureService These services don't need ISecureMemoryManager (which is for buffer allocation/ pooling). They either don't handle sensitive memory or use SecureMemoryOperations directly for memory clearing. This eliminates unnecessary optional dependencies across the codebase. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Type of Change
Related Issues
Fixes #
Closes #
Related to #
Changes Made
Summary of Changes
Technical Details
Testing
Test Coverage
Test Scenarios Covered
Manual Testing
Cryptographic Implementation Checklist
Standard/Specification:
Documentation
Code Quality
Breaking Changes
Breaking Changes Description
Migration Guide
Performance Impact
Benchmark Results (if applicable)
Security Considerations
Security Impact Description
Deployment Notes
Screenshots / Logs
Checklist
Additional Context
By submitting this pull request, I confirm that my contribution is made under the terms of the MIT License.