I'm creating a library to do some REST API calls that is using OAuth2. I would like to cache the refresh token so the user doesn't have to re-authenticate at every log in, although I know almost nothing about cryptography. Microsoft Docs say that for small pieces of data like strings, asymmetric crypto is the way to go. Here is my class to store the encrypted token on a file somewhere on the computer (specified by the calling code). It works, I'm just not sure how secure it is.
string _file;
const string _containerName = "MyTokenCache";
public EncryptedTokenCache(string fileLocation)
{
_file = fileLocation;
}
public void SaveToken(string token)
{
var rsa = CreateRSAProvider(_containerName);
var encryptedData = rsa.Encrypt(Encoding.UTF8.GetBytes(token), RSAEncryptionPadding.Pkcs1);
WriteToFile(encryptedData);
}
public string GetToken()
{
var rsa = CreateRSAProvider(_containerName);
var encryptedData = ReadFromFile();
var decryptedData = rsa.Decrypt(encryptedData, RSAEncryptionPadding.Pkcs1);
return Encoding.UTF8.GetString(decryptedData);
}
private RSA CreateRSAProvider(string containerName)
{
CspParameters parameters = new CspParameters
{
KeyContainerName = containerName
};
return new RSACryptoServiceProvider(parameters);
}
private void WriteToFile(byte[] data)
{
using(var fs = new FileStream(_file, FileMode.OpenOrCreate, FileAccess.Write, FileShare.None))
{
fs.Write(data, 0, data.Length);
}
}
private byte[] ReadFromFile()
{
byte[] data;
using (var fs = new FileStream(_file, FileMode.OpenOrCreate, FileAccess.Read, FileShare.None))
{
data = new byte[fs.Length];
fs.Read(data, 0, (int)fs.Length);
}
return data;
}
Well, it's just RSA / PKCS#1 v1.5 encryption. In principle you'd better use OAEP because it is:
provable secure and
less vulnerable to padding oracle attacks.
But for storing tokens PKCS#1 v1.5 should be fine.
Furthermore, you could use symmetric encryption using AES as well, as you currently create the key pair each time you create your class. That means that the private key is available at the same location as the public key, so the security that asymmetric crypto brings is not directly used. That said, I don't see any pressing need to use AES instead for this particular use case.
Related
I am new to development. I wrote a encrypt method with X509 certificate. Now I want to write a decrypt method. I tried. but not working. Please help me to develop the decrypt method Thank you.
Encrypt method(working correctly):
private static string Encrypt(X509Certificate2 x509, string stringToEncrypt)
{
if (x509 == null || string.IsNullOrEmpty(stringToEncrypt))
throw new Exception("A x509 certificate and string for encryption must be provided");
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PublicKey.Key;
byte[] bytestoEncrypt = ASCIIEncoding.ASCII.GetBytes(stringToEncrypt);
byte[] encryptedBytes = rsa.Encrypt(bytestoEncrypt, false);
return Convert.ToBase64String(encryptedBytes);
}
Decrypt method that I tried:
private static string Decrypt(X509Certificate2 x509, string stringToDecrypt)
{
if (x509 == null || string.IsNullOrEmpty(stringToDecrypt))
throw new Exception("A x509 certificate and string for encryption must be provided");
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PrivateKey; //when i use primaryKey here rsa always null
// byte[] bytestoEncrypt = ASCIIEncoding.ASCII.GetBytes(stringToDecrypt);
byte[] bytestoDecrypt = Convert.FromBase64String(stringToDecrypt);
byte[] encryptedBytes = rsa.Decrypt(bytestoDecrypt, false);
return Convert.ToBase64String(encryptedBytes);
}
I don't have much knowledge about encryption and decryption. please help me to fix this.
The rules for decrypt are easy. Starting from the last line of your encryption method, undo everything.
But, first, some notes.
Don't use cert.PublicKey.Key. It's [Obsolete] in newer versions of .NET. Use cert.GetRSAPublicKey() (assuming it's RSA).
Similar with cert.PrivateKey
Don't use RSACryptoServiceProvider. It's old and crusty. Just use the new, shiny, methods on the RSA base class.
Encryption doesn't do text. It does bytes.
Repeat: Encryption doesn't do text. It does bytes.
RSA isn't for general data. It's for relatively small messages, like an AES encryption key.
Here's the right way, which does AES encryption of the data, encrypts that key for the target certificate, and puts the two parts together.
private static byte[] Encrypt(X509Certificate2 targetCert, byte[] data)
{
ContentInfo contentInfo = new ContentInfo(data);
EnvelopedCms cms = new EnvelopedCms(contentInfo);
CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, targetCert);
cms.Encrypt(recipient);
return cms.Encode();
}
private static byte[] Decrypt(X509Certificate2 recipientCert, byte[] encrypted)
{
EnvelopedCms cms = new EnvelopedCms();
cms.Decode(encrypted);
cms.Decrypt(new X509Certificate2Collection(recipientCert));
return cms.ContentInfo.Content;
}
But that's no fun, so I guess we'll do it with the lower level types.
private static byte[] Encrypt(X509Certificate2 targetCert, byte[] data)
{
using (RSA key = targetCert.GetRSAPublicKey())
{
return key.Encrypt(data, RSAEncryptionPadding.OaepSHA256);
}
}
private static byte[] Decrypt(X509Certificate2 recipientCert, byte[] encrypted)
{
using (RSA key = recipientCert.GetRSAPrivateKey())
{
return key.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA256);
}
}
Oh, but you wanted strings. Well, strings aren't bytes. But they could be, if you encoded them.
private static byte[] EncryptString(X509Certificate2 targetCert, string message, Encoding encoding = null)
{
return Encrypt(targetCert, (encoding ?? Encoding.UTF8).GetBytes(message));
}
private static byte[] DecryptString(X509Certificate2 targetCert, string message, Encoding encoding = null)
{
return Decrypt(targetCert, (encoding ?? Encoding.UTF8).GetBytes(message));
}
Wrapping those in Base64 is an exercise left to the reader.
I'm working on a CryptSharp SCrypt implementation in VS2015. I need to encrypt/decrypt text files meant to be sent as email attachments. Initially I was using AES but considering that HMAC-SHA1 is outdated I opted to use SCrypt for password hashing. However, SCrypt does not expose public methods for the data encryption itself, so would it make sense to pass the SCrypt hashed password to AES, then use the latter for data encryption? Or perhaps there is a better approach?
In this scenario, I would imagine something like this, yet I would need to find a way to reliably randomize the IV...
private static Aes SetAes(string userName, string password)
{
var passBytes = Encoding.UTF8.GetBytes(password);
var saltBytes = Encoding.UTF8.GetBytes(userName);
var cost = 131072; // around 5 secs with block at 16(on Xeon 1241 v3)
var blockSize = 16; // 8 is default but might not suffice against modern GPUs(?)
var parallel = 1;
var maxThreads = (int?)null;
byte[] derivedKey = new byte[32]; // 256 bits
SCrypt.ComputeKey(passBytes, saltBytes, cost, blockSize, parallel, maxThreads, derivedKey);
Aes aes = new AesManaged();
aes.Padding = PaddingMode.PKCS7;
aes.Key = derivedKey;
byte[] IV = new byte[16];
Array.Copy(derivedKey, IV, 16); // how to reliably randomize the IV?
aes.IV = IV;
return aes;
}
Then for file encryption:
internal static void EncryptText(string text, string userName, string password, string file)
{
// omitting argument checks for readability
using (Aes aes = SetAes(userName, password))
{
using (FileStream fileStream = new FileStream(file, FileMode.Create, FileAccess.ReadWrite, FileShare.None))
{
using (CryptoStream cryptoStream = new CryptoStream(fileStream, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
BinaryFormatter bf = new BinaryFormatter();
bf.Serialize(cryptoStream, text); // I'm using a class to wrap the text for serialization, not shown here for readability
}
}
}
}
Even though it seems to work, I'm not sure it makes sense, so thank you very much for any insight.
EDIT:
Following vcsjones recommendations, the SetAes function would rather look like this, if I understand correctly:
private static Aes SetAes(string userName, string password, byte[] IV = null)
{
var passBytes = Encoding.UTF8.GetBytes(password);
var saltBytes = Encoding.UTF8.GetBytes(userName);
var cost = 131072;
var blockSize = 16;
var parallel = 1;
var maxThreads = (int?)null;
byte[] derivedKey = new byte[32];
SCrypt.ComputeKey(passBytes, saltBytes, cost, blockSize, parallel, maxThreads, derivedKey);
Aes aes = new AesManaged();
aes.Padding = PaddingMode.PKCS7;
aes.Key = derivedKey;
if (IV == null) // when encrypting, generate IV
{
RandomNumberGenerator rn = RandomNumberGenerator.Create();
rn.GetBytes(aes.IV);
}
else aes.IV = IV; // when decrypting, read IV from file and pass it to aes through IV parameter for decryption
return aes;
}
However, SCrypt does not expose public methods for the data encryption itself, so would it make sense to pass the SCrypt hashed password to AES
SCrypt is a Key Derivation Function, so yes, that is an acceptable thing to do.
how to reliably randomize the IV?
Don't use the output of the KDF in the IV. The IV should be random for AES-CBC, so use RandomNumberGenerator.Create() to create a CSPRNG for the IV. Using the KDF output as part of the IV actually leaks the key since the IV is stored in plaintext.
An IV in AES-CBC should be random, and it should not be reused. Don't derive it from the password. You do need to store the IV somewhere. Since it looks like you're trying to encrypt files, you may just want to put the IV in at the beginning of the file. The IV is not a secret - it's OK if someone can read it. Then, when it comes time to decrypt the file, read the IV from the file, and then decrypt everything past the IV.
I would also recommend that you MAC the file, as well, as right now your application does not authenticate the encryption.
I'm using VS 2012, C#.NET and creating a form to authenticate through LDAP.
I have this code, and it's working well:
root = new DirectoryEntry(
"LDAP://192.168.116.20:389",
username,
password
);
Both username and password are plain-text.
But I want to create a "Remember password?" checkbox where I can save the username and password md5-hashed in a file.
So, how can I authenticate using the md5-hash with DirectoryEntry and LDAP?! Is it possible?
I don't believe so, LDAP is a protocol, and it works against LM / NT hashes, which are DES & MD4 respectfully, but that's lower level. What you probably want to do is encrypt the password, save it, then decrypt it and pass it to the LDAP string.
If you chose to encrypt the data to a a file, you should use the System.Security.ProtectedData class.
The data you encrypt can be bounded to the current user or the current machine that the encoding/decoding is taking place on.
There are two simple method you should use:
Protect - Takes a byte array and encrypt the data.
Unprotect - Takes an encrypted data and returns a byte array.
Examples:
private static void EncryptData(string data, Stream stream)
{
if (stream.CanWrite == false)
throw new IOException("Cannot write to stream.");
var bytes = Encoding.UTF8.GetBytes(data);
var encryptedBytes = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser);
stream.Write(encryptedBytes , 0, encryptedBytes .Length);
}
private static string DecryptData(Stream stream)
{
if (stream.CanRead == false)
throw new IOException("Cannot read fromstream.");
using (MemoryStream memoryStream = new MemoryStream())
{
stream.CopyTo(memoryStream);
var encryptedBytes = memoryStream.ToArray();
var decryptedBytes = ProtectedData.Unprotect(encryptedBytes, null, DataProtectionScope.CurrentUser)
return Encoding.UTF8.GetString(decryptedBytes);
}
}
Now in order to use these with a FileStream simply:
public static void Encrypt(string password)
{
using (var fileStream = new FileStream(#"MyFile.dat", FileMode.Create))
{
EncryptData(password, fileStream);
fileStream.Close();
}
}
public static string Decrypt()
{
string password;
using (var fileStream = new FileStream(#"MyFile.dat", FileMode.Open))
{
password = DecryptData(fileStream);
fileStream.Close();
}
return password;
}
By the way, if you want to increase the complexity of the encryption you can pass an Entropy to the Protect and Unprotect methods.
For more information see: http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.protect(v=vs.110).aspx
I don't believe so, LDAP is a protocol, and it works against LM / NT
hashes, which are DES & MD4 respectfully, but that's lower level.
Well LDAP is a protocol, but LDAP does NOT use LM / NT hashes.
From LDAP the LM/NT/Kerboros AND md5-hash could be done via SASL from LDAP, but only if the LDAP client and LDAP server has those capabilities to utilize SASL.
A quik look at a (I think wk3 server) shows int he ROOTDSE:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
which implies that DIGEST-MD5 is supported in AD. I do not know if this is supported in the Directory Services API.
I'm having a problem setting up RSA encryption/decryption mechanism between flex client and web service written in c#. The idea is this: I'll encrypt some text from flex and then decrypt it from web service. I'm using as3crypto library from google. It is encrypting/decrypting text properly. I also have the code on the web service side to encrypt/decrypt properly. My problem is synchronizing them - basically sharing the public key to flex and keeping the private key to the web service.
My flex "encrypt" function takes modulus and exponent of RSA to do text encryption, so how do i get these modulus and exponent attributes from the web service's RSACryptoServiceProvider, so they speak the same standard.
I tried the
RSAKeyInfo.Modulus
RSAKeyInfo.Exponent
from the web service and fed them to the flex client.
After doing encryption on flex I took the cipher text and fed it to decrypt method on web service, but it is giving me "bad data" error message.
System.Security.Cryptography.CryptographicException: Bad Data.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._DecryptKey(SafeKeyHandle hPubKey, Byte[] key, Int32 dwFlags)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
at Microsoft.Samples.Security.PublicKey.App.RSADecrypt(Byte[] DataToDecrypt, RSAParameters RSAKeyInfo, Boolean DoOAEPPadding) in C:\Users
\Me\Desktop\After Release\5-24-2011-webServiceCrypto\publickeycryptography\CS\PublicKeyCryptography\PublicKey.cs:line 219
Encryption failed.
How do i make sure they are both using the same byte 64 or 128 byte encryption . ie the input from flex should fit to what is expected by the web service RSACryptoServiceProvider's decrypt method.
(I'm assuming the size might be a problem, may be it's not - i'm lost)
Here is the code, first flex client followed by web service c# code
private function encrypt():void {
var rsa:RSAKey = RSAKey.parsePublicKey(getModulus(), getExponent());
trace("Modulus Lenght: " + getModulus().length);
trace("Exponent Lenght : " + getExponent().length);
var data:ByteArray = getInput(); //returns byteArray of plainText
var dst:ByteArray = new ByteArray;
rsa.encrypt(data, dst, data.length);
trace("Enc Data: " + dst.toString() );
currentResult = Hex.fromArray(dst);
encryptedText = currentResult;
trace("Encrypted:: " + currentResult);
}
//For testing purposes
private function decrypt():void {
var rsa:RSAKey = RSAKey.parsePrivateKey(getModulus(), getExponent(), getPrivate(), getP(), getQ(), getDMP1(), getDMQ1(), getCoeff());
var data:ByteArray = Hex.toArray(encryptedText);
trace("Byte array: " + data.toString());
var dst:ByteArray = new ByteArray;
rsa.decrypt(data, dst, data.length);
decryptedText = Hex.fromArray(dst);
trace("Decrypted text: " + Hex.toString(decryptedText));
}
And web service part is as follows:
try
{
//Create a UnicodeEncoder to convert between byte array and string.
UnicodeEncoding ByteConverter = new UnicodeEncoding();
//Create byte arrays to hold original, encrypted, and decrypted data.
byte[] dataToEncrypt = ByteConverter.GetBytes("Data to Encrypt");
byte[] encryptedData;
byte[] decryptedData;
//Create a new instance of RSACryptoServiceProvider to generate
//public and private key data.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Pass the data to ENCRYPT, the public key information
//(using RSACryptoServiceProvider.ExportParameters(false),
//and a boolean flag specifying no OAEP padding.
encryptedData = RSAEncrypt(dataToEncrypt, RSA.ExportParameters(false), false);
//Pass the data to DECRYPT, the private key information
//(using RSACryptoServiceProvider.ExportParameters(true),
//and a boolean flag specifying no OAEP padding.
decryptedData = RSADecrypt(encryptedData, RSA.ExportParameters(true), false);
//Display the decrypted plaintext to the console.
Console.WriteLine("\n\nDecrypted plaintext: {0}", ByteConverter.GetString(decryptedData));
}
}
static public byte[] RSAEncrypt(byte[] DataToEncrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
{
try
{
byte[] encryptedData;
//Create a new instance of RSACryptoServiceProvider.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Import the RSA Key information. This only needs
//toinclude the public key information.
RSA.ImportParameters(RSAKeyInfo);
//Encrypt the passed byte array and specify OAEP padding.
//OAEP padding is only available on Microsoft Windows XP or
//later.
encryptedData = RSA.Encrypt(DataToEncrypt, DoOAEPPadding);
}
return encryptedData;
}
//Catch and display a CryptographicException
//to the console.
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return null;
}
}
static public byte[] RSADecrypt(byte[] DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
{
try
{
Console.WriteLine("Modulus Lenghth :" + RSAKeyInfo.Modulus.Length);
Console.WriteLine("Exponent Length :" + RSAKeyInfo.Exponent.Length);
byte[] decryptedData;
//Create a new instance of RSACryptoServiceProvider.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Import the RSA Key information. This needs
//to include the private key information.
RSA.ImportParameters(RSAKeyInfo);
//Decrypt the passed byte array and specify OAEP padding.
//OAEP padding is only available on Microsoft Windows XP or
//later.
decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding);
}
return decryptedData;
}
//Catch and display a CryptographicException
//to the console.
catch (CryptographicException e)
{
Console.WriteLine(e.ToString());
return null;
}
}
I'm not quite sure if this RSA set up is the way to go...
Any kinda comment / advice/ or recommended solution is welcome,
thanks guys
Eureka! Eureka! I got it.
The problem was after decryption from web service, the encrypted byte array missed 0's in between, so that when changed to string it gets unreadable '????????' text. So I just put paddWithZeros() function to pad the decrypted byte array with 0's between bytes and it worked.
Thanks Kevin, your solution gave me an insight into what things I should consider. So during decrypting I specify parameter fOAEP as false, so it would use PKCS#1 for padding (making both libraries use the same standard).
RSA.Decrypt(DataToDecrypt, DoOAEPPadding); // DoOAEPPadding = false
another error that i was getting is Bad Data exception. This was fixed when i shared the RSA cryptoServiceProvider's parameters (modulus and exponent) to actionScript methods.
I also changed the byte[] array of c# RSA attributes (like Modulus n, Exponent e, Private d..etc) to hexa string so that I'd be able to share with as3crypto library.
I'd love to share what worked for me; save others some time.
<?xml version="1.0" encoding="utf-8"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600">
<fx:Script>
<![CDATA[
import com.hurlant.crypto.Crypto;
import com.hurlant.crypto.rsa.RSAKey;
import com.hurlant.crypto.symmetric.ICipher;
import com.hurlant.crypto.symmetric.IPad;
import com.hurlant.util.Hex;
private var currentResult:String;
private var encryptedText:String;
private var decryptedText:String;
private function encrypt(plainText:String):String {
var rsa:RSAKey = RSAKey.parsePublicKey(getModulus(), getExponent());
var data:ByteArray = Hex.toArray(Hex.fromString(plainText)); //returns byteArray of plainText
var dst:ByteArray = new ByteArray;
rsa.encrypt(data, dst, data.length);
currentResult = Hex.fromArray(dst);
encryptedText = currentResult;
trace ("Cipher: " + currentResult);
return currentResult;
}
private function getInput():ByteArray {
return null;
}
private function getModulus():String {
return "b6a7ca9002b4df39af1ed39251a5d"; //read this value from web service.
}
private function getExponent():String {
return "011"; //read this value from web service.
}
//For debugging and testing purposes
// private function decrypt(cipherText:String):String {
// var rsa:RSAKey = RSAKey.parsePrivateKey(getModulus(), getExponent(), getPrivate(), getP(), getQ(), getDMP1(), getDMQ1(), getCoeff());
// var data:ByteArray = Hex.toArray(cipherText);
// var dst:ByteArray = new ByteArray;
// rsa.decrypt(data, dst, data.length);
// decryptedText = Hex.fromArray(dst);
//trace('decrypted : ' + decryptedText);
// return Hex.toString(decryptedText);
// }
]]>
</fx:Script>
<fx:Declarations>
<!-- Place non-visual elements (e.g., services, value objects) here -->
</fx:Declarations>
<mx:VBox >
<s:Button label="Encrypt Text" click="encrypt('my plain text')" />
<s:Button label="Decrypt Text" click="decrypt({encryptedText})" />
</mx:VBox>
</s:Application>
And the web service part of decryption looks like this:
static public string RSADecrypt(string cipherText)
{
UnicodeEncoding ByteConverter = new UnicodeEncoding();
byte[] DataToDecrypt = StringToByteArray(cipherText);
bool DoOAEPPadding = false;
try
{
byte[] decryptedData;
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
KeyInfo keyInfo = new KeyInfo();
RSAParameters RSAKeyInfo = keyInfo.getKey();
RSA.ImportParameters(RSAKeyInfo);
decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding);
}
byte[] paddedOutput = paddWithZeros(decryptedData); //to sync with as3crypto
return (ByteConverter.GetString(paddedOutput));
}catch (CryptographicException e)
{
//handle error
return null;
}
}
I'll do some reading about padding schemes for RSA, see if there is any misconception.
Thanks
Seems overly complicated. I've worked on some high security systems before, but this is ludicrous. Why would you need this kind of level of encryption at the text being sent unless you don't want the user to know the text he just inputted?
Just use a strong SSL key (256bit is max for IE6, you could use 512 but only compatible with newer browsers) for the actual transfer protocol (I imagine HTTP) with a binary data format (AMF) and everything should be fine. I doubt your system is that important to leverage the use of encrypting text.
I use as3crypto and JAVA web-services. Here are some thoughts:
a. I generated my public and private RSA keys via openssl
b. My client loads the public .cer file at application startup (if you just hardcoded them in from the generated key that works too).
var pemString : String = new String(data.target.data);
var x509Cert : X509Certificate = new X509Certificate(pemString);
var publicRSAKey : RSAKey = x509Cert.getPublicKey();
c. Encrypt my strings via
var inputByteArray : ByteArray = Hex.toArray(Hex.fromString(inputString));
var outputByteArray : ByteArray = new ByteArray();
appSettingsModel.publicRSAKey.encrypt(inputByteArray, outputByteArray, inputByteArray.length);
d. I didn't write the JAVA side of things but you aren't using JAVA anyways. I know that as3crypto uses PKCS1 padding by default:
RSAKEY.as
private function _encrypt(op:Function, src:ByteArray, dst:ByteArray, length:uint, pad:Function, padType:int):void {
// adjust pad if needed
if (pad==null) pad = pkcs1pad;
This can be changed but I haven't tried it yet. Based on your code it looks like you might be trying to decrypt with OAEP scheme, but I can't tell how you are setting that bool. You may want to take a look at what padding scheme is being used with the bool as false and try to change one side or the other to match padding strategies.
I'm busy trying to port Java code that looks like this
Cipher rsa = Cipher.getInstance("RSA/ECB/nopadding");
rsa.init(Cipher.DECRYPT_MODE, RSAPrivateKey);
decryptedData = rsa.doFinal(data, 0, 128);
to C#, but as it seems the RSACryptoServiceProvider, forces you to either use OEAP or PKCS1 padding. I know no padding isn't secure, but in this case Im working with a closed source client, so I can't do anything about that. Is there any way around this padding issue?
You might want to get the code from BouncyCastle, http://www.bouncycastle.org/csharp/, and modify the code from the link below, and ensure that it can use the encryption that you list above.
http://www.java2s.com/Code/Java/Security/Whatisinbouncycastlebouncycastle.htm
BouncyCastle will help us to make nopadding RSA encryption.
public string RsaEncryptWithPublic(string clearText, string publicKey)
{
// analogue of Java:
// Cipher rsa = Cipher.getInstance("RSA/ECB/nopadding");
try
{
var bytesToEncrypt = Encoding.ASCII.GetBytes(clearText);
var encryptEngine = new RsaEngine(); // new Pkcs1Encoding (new RsaEngine());
using (var txtreader = new StringReader("-----BEGIN PUBLIC KEY-----\n" + publicKey+ "\n-----END PUBLIC KEY-----"))
{
var keyParameter = (AsymmetricKeyParameter)new PemReader(txtreader).ReadObject();
encryptEngine.Init(true, keyParameter);
}
var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length));
return encrypted;
}
catch
{
return "";
}
}
also dont forget to put it at top:
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.OpenSsl;