I have the following code:
byte[] rsaKey;
using (var rsa = new RSACryptoServiceProvider(1024))
{
rsaKey = rsa.ExportCspBlob(false);
}
The result is that the length of rsaKey is 148 bytes and not 128.
Why is that?
I have to pass the public key rsaKey to other system so the other system encrypts some data, then this data is going to be sent again to me.
What key do I have to use to decrypt?
The key size for RSA is not the size of the encoded public key. The key size for asymmetric algorithms is a value that is directly related to the security strength. For RSA that is the size of the modulus, as factorization of the modulus is how you can attack RSA.
The public key consists of the modulus of 128 bytes and a public exponent, so by definition it is already larger than the key size (although the public exponent is commonly just set to 0x010001 or 65537, the fifth prime of Fermat.
Add additional information for this proprietary Microsoft format and you get to 148 bytes. As 148 - 128 - 3 is 17, you expect 17 bytes of overhead.
To decrypt you've got to use the private key. I don't know why that isn't clear and what this has to do with the other question.