I think the first step should be figuring out exactly what this C# code does. If/when you can figure that out in full detail, translating to rust will be a lot easier.
Here's what I can interpret, with some initial research:
// Retrieves some certificate from the system store. I have no idea what
// "subjectName" here means, so unless you've got an idea, I can't really
// be of help.
X509Certificate2 certificate = GetCertificate(subjectName);
if (certificate != null)
// Encrypts using DES encryption, I assume
using (SymmetricEncryption symmetricEncryption = new SymmetricEncryption(EncryptionType.DES))
// Uses the certificates _public key_ as the encrypt key! If I'm
// interpeting this correctly, it surprises me. I would never
// recommend doing this.
// The documentation states "Returns the public key for the
// X.509v3 certificate as a hexadecimal string.", so we probably
// need to keep that in mind.
// The other troubling part is "InitialIv". I have no idea what this
// means - I assume it's some kind of initial state for the DES
symmetricEncryption.InitialIv = certificate.GetPublicKeyString();
// For some reason, it passes in the public key string again. I've got
// no idea what kind of API requires it twice - is it using it for the
// same purpose twice, or for two different things? Any idea?
result = symmetricEncryption.Encrypt(content, certificate.GetPublicKeyString());
So, we're retrieving an
X509 certificate from somewhere mysterious, grabbing its public key and using that key as an initial state in a DES cipher.
To do this in rust, you'll probably want to use two separate crates - one for retrieving the X509 certificate and grabbing its public key, and another separate crate for doing the DES symmetric encryption.
- I don't understand at all what your C# function "GetCertificate" does, so I can't really help there. I can help duplicate the behavior if you know exactly what you want, but the code gives me no idea.
- This looks like a really insecure way of encrypting data. You're using a DES cipher, and while it used to be good, for modern day cryptography, it really isn't. In addition, you're using a certificate's public key as your private encryption key, which seems really wrong, unless there's something I'm missing. If you have a particular reason for doing this, I'd love to know!
- Matching the exact C# behavior is going to be much harder than just writing code to encrypt data in Rust. If you need to get this exact behavior matched, then by all means, proceed - but know that it'll be much harder than writing equivalent (but differently behaving) code in Rust.
Now there's one part I think I can actually help with. The des crate is well-maintained, and exports a
des::Des struct to perform DES encryption. There are... some more caveats though - mainly, it only supports encrypting 8-byte chunks of data, and the key is limited to 8 bytes as well.
And that brings me to the last question: I could not find
SymmetricEncryption anywhere in .NET documentation, and thus I couldn't find exactly what it does with keys that are too long. From wikipedia, it looks like DES only takes in 56-bit keys, but your code is passing in an arbitrarily large key into SymmetricEncryption. What does it do with those extra bits? We'll need to know in order to duplicate that behavior in Rust.