I had been working on some code that would use the System.Security.Cryptography.RSACryptoServiceProvider.Encrypt method to encrypt some data by using a private key, rather than the normal was of using a public key. The encryption worked great, however when I tried to decrypt the data by using the public key I received a “Bad Key.” error. I was sort of puzzled, because I knew that this was possible, I had done it before via openssl. So off to Google I went and after some searching I found a blog entry that talked about the CAPI API not supporting RSA Private Key Encryption.

After thinking more about the goals of the project, I determined that signing the data after encoding it would be sufficient rather than trying to encrypt it. That is due to the fact that the data is not secret and only needs to be obscured from the user. Thus by adding the digital signature we can verify that the encoded data was not altered by the user.