No error encrypting / decrypting data with an expired certificate using RSACryptoServiceProvider

I currently doing a proof of concept to encrypt data using a certificate. It works well but now, I want to try a scenario when the certificate is expired. I created an expired certificate and I was surprise to notice that everthing works property even with the expired certificate. I was expecting an error.

Do you know if it's because it's a self signed certificate ?

Here's the code I using to test my case

[TestMethod]
public void Encrypt_decrypt_with_expired_certificate()
{
    //Arrange
    var baseString = "This is an encryption test";
    X509Certificate2 newX509Certificate2 = new X509Certificate2("d:\\testx509certExpired.pfx", "apassword");
    Console.WriteLine(newX509Certificate2.NotAfter); //Show the expiration date which is in the past
    var encryptor = new CertificateEncryptor(newX509Certificate2); //This class is a simple wrapper around RSACryptoServiceProvider

    //Act
    string encryptedResult = encryptor.Encrypt(baseString); //Exception expected because of the expired certificate but not thrown

    //Assert
    Console.WriteLine("Base string : {0}", baseString);
    Console.WriteLine("Encrypted string : {0}", encryptedResult);
    Assert.IsNotNull(encryptedResult);

    //revert back
    string decryptedString = encryptor.Decrypt(encryptedResult);
    Console.WriteLine("Decrypted string : {0}", decryptedString);
    Assert.AreEqual(baseString, decryptedString);
}

Thanks

Answers


As GregS said, RSACryptoServiceProvider class (not X509Certificate2) provides an ability to perform cryptographic operations. RSACryptoServiceProvider knows nothing about certificate, it knows only keys and their parameters. This is why you don't see any errors.

This means that certificate validation -- is your app responsibility. You should check certificate when encrypting data and skip all certificate checks to decrypt data.


Need Your Help

C# code returning weird numbers when converting from int to String

c# html visual-studio-2013 tostring

I've created a Time class that keeps track of hours, minutes, and am/pm.

JQ / JQM show menu when tap&hold button

jquery menu jquery-mobile slide

Iam trying to realize a menu which is opened via a button. So far, easy. The core difference is, that it is not just simply opening, I want to be able to hold that button and move the menu in. Like...