I crypt a string text with use of Crypto++, but when want to decrypt it by C# RSA crypto service provider I have an exception.
My code produces same cipher string when encrypt a same string with constant public key by Crypto++ in several time, while there are different results (cipher string) with use of C# RSA crypto service provider.
Is main reason of this problem (run-time error) related to different type of RSA?
My encryption code using Crypto++ is in below:
string message((char*)"hi", 2);
Integer messageInteger((const byte *)message.data(), message.size());
Integer cipherMessage = hostPublicKey.ApplyFunction(messageInteger);
size_t len = cipherMessage.MinEncodedSize();
string str;
str.resize(len);
cipherMessage.Encode((byte *)str.data(), str.size(), Integer::UNSIGNED);
And the Crypto++ decryption code is:
Integer cipherMessage1((byte *)str.data(), str.size());
int size1 = cipherMessage1.ByteCount();
Integer plainInteger = privateKey.CalculateInverse(prng, cipherMessage1);
string recovered;
size_t req = plainInteger.MinEncodedSize();
recovered.resize(req);
plainInteger.Encode((byte *)recovered.data(), recovered.size());
the encryption and decryption operations are done well in same side, but there is mentioned problem in decryption operation in other side.
for encryption use this code:
RSAES_OAEP_SHA_Encryptor e(publicKey);
string cipher;
StringSource stringSource(message, true,
new PK_EncryptorFilter(rng, e,
new StringSink(cipher)
)
);
and decryption:
RSAES_OAEP_SHA_Decryptor d(privateKey);
StringSource stringSource(cipher, true,
new PK_DecryptorFilter(rng, d,
new StringSink(recovered)
)
);
Related
I am learning about Cryptography in .NET and I wrote the following function as a test:
byte[] foo(byte[] input, string keyContainerName)
{
CngKey key = CngKey.Open(keyContainerName);
RSACng rsa = new RSACng(key);
rsa.KeySize = 2048;
byte[] v = rsa.Encrypt(input, RSAEncryptionPadding.OaepSHA512);
CngKey keyb = CngKey.Open(keyContainerName);
RSACng rsab = new RSACng(keyb);
rsab.KeySize = 2048;
return rsab.Decrypt(v, RSAEncryptionPadding.OaepSHA512);
}
When I try executing it, rsab.Decrypt() throws a Cryptographic exception with the message: "The parameter is incorrect.".
Why is this happening? Where did I go wrong?
P.S. I previously created a key pair in the KSP with CngKey.Create(). foo is called with keyContainerName beeing the keyName passed to CngKey.Create().
If you want to create an app that does symmetric and asymmetric encryption and decryption, You can try integrating ExpressSecurity library via NuGet
More info: https://github.com/sangeethnandakumar/Express-Security-Library
AES - Symetric Encryption (For files)
var password = "sangeeth123";
var inputPath = "C:\sample.txt";
var outputPath = "C:\sample.txt.aes";
//AES Encription
AESEncription.AES_Encrypt(inputPath, password);
//AES Description
AESEncription.AES_Decrypt(outputPath, password);
RSA - Asymmetric Encryption (For strings and text)
//Generate Keys
var publicKeyPath = "C:\public_key.rsa";
var privateKeyPath = "C:\private_key.rsa";
RSAEncription.MakeKey(publicKeyPath, privateKeyPath);
var input = "sangeeth"
//RSA Encription
var ciphertext = RSAEncription.EncryptString(input, publicKeyPath);
//RSA Description
input = RSAEncription.DecryptString(ciphertext, privateKeyPath);
I have a X509Certificate2 variable and I'm trying to cast the private key of the variable to a RSACryptoServiceProvider
RSACryptoServiceProvider pkey = (RSACryptoServiceProvider)cert.PrivateKey;
However I get this exception.
System.InvalidCastException: 'Unable to cast object of type 'System.Security.Cryptography.RSACng' to type 'System.Security.Cryptography.RSACryptoServiceProvider'.'
It's weird that this happens because other answers in SO suggested the same procedure as mine but I get an exception. Any solutions to this?
So after a few tries and discussions in the comments I came up with the following solution.
RSA rsa = (RSA)cert.PrivateKey;
(cert.PrivateKey as RSACng).Key.SetProperty(
new CngProperty(
"Export Policy",
BitConverter.GetBytes((int)CngExportPolicies.AllowPlaintextExport),
CngPropertyOptions.Persist));
RSAParameters RSAParameters = rsa.ExportParameters(true);
AsymmetricCipherKeyPair keypair = DotNetUtilities.GetRsaKeyPair(RSAParameters);
The problem was that the variable rsa wasn't exportable. To change this I set a new CngProperty for the export policy. Works perfectly now
Just wanted to note that there's also an extension method that can be used:
using System.Security.Cryptography.X509Certificates;
...
//certificate is a X509Certificate2
using (var rsa = certificate.GetRSAPrivateKey())
{
//the var rsa is an RSA object
//...
}
In my case the same problem was happening when trying to convert local store certificate to RSACryptoServiceProvider as below:
RSACryptoServiceProvider encryptProvider =
certificate.PrivateKey as RSACryptoServiceProvider;
Issue fixed by using RSA instead of RSACryptoServiceProvider.
Putting instructions here in case if someone will be curious how to do that )).
To store some certificate into your machine open Visual Studio Developer Command and type following:
makecert -n "CN=JohnDoe" -sr currentuser -ss someCertStore
...where you can specify and values instead of "JohnDoe" and "demoCertStore".
Now you can use the below code to access certificates from the local certificate store:
public class Program
{
static void DumpBytes(string title, byte[] bytes)
{
Console.Write(title);
foreach (byte b in bytes)
{
Console.Write("{0:X} ", b);
}
Console.WriteLine();
}
static void Main(string[] args)
{
// This will convert our input string into bytes and back
var converter = new ASCIIEncoding();
// Get a crypto provider out of the certificate store
// should be wrapped in using for production code
var store = new X509Store("someCertStore", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
// should be wrapped in using for production code
X509Certificate2 certificate = store.Certificates[0];
RSA rsa = (RSA)certificate.PrivateKey;
(certificate.PrivateKey as RSACng)?.Key.SetProperty(
new CngProperty(
"Export Policy",
BitConverter.GetBytes((int)CngExportPolicies.AllowPlaintextExport),
CngPropertyOptions.Persist));
string messageToSign = "This is the message I want to sign";
Console.WriteLine("Message: {0}", messageToSign);
byte[] messageToSignBytes = converter.GetBytes(messageToSign);
// need to calculate a hash for this message - this will go into the
// signature and be used to verify the message
// Create an implementation of the hashing algorithm we are going to us
// should be wrapped in using for production code
DumpBytes("Message to sign in bytes: ", messageToSignBytes);
HashAlgorithm hasher = new SHA1Managed();
// Use the hasher to hash the message
byte[] hash = hasher.ComputeHash(messageToSignBytes);
DumpBytes("Hash for message: ", hash);
// Now sign the hash to create a signature
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pss);
DumpBytes("Signature: ", messageToSignBytes);
// Now use the signature to perform a successful validation of the mess
bool validSignature = rsa.VerifyHash(hash: hash,
signature: signature,
hashAlgorithm: HashAlgorithmName.SHA1,
padding: RSASignaturePadding.Pss);
Console.WriteLine("Correct signature validated OK: {0}", validSignature);
// Change one byte of the signature
signature[0] = 99;
// Now try the using the incorrect signature to validate the message
bool invalidSignature = rsa.VerifyHash(hash: hash,
signature: signature,
hashAlgorithm: HashAlgorithmName.SHA1,
padding: RSASignaturePadding.Pss);
Console.WriteLine("Incorrect signature validated OK: {0}", invalidSignature);
Console.ReadKey();
}
You can avoid the code that is setting the export policy altogether by simply creating the certificate with the export policy already being correct. I used the New-SelfSignedCertificate PowerShell utility to create a certificate that was exportable from inception.
PS C:>New-SelfSignedCertificate -CertStoreLocation "Cert:\CurrentUser\" -Subject "CN=JUSTIN" -KeyExportPolicy Exportable
This negates the need for:
(certificate.PrivateKey as RSACng)?.Key.SetProperty(new CngProperty("Export Policy", BitConverter.GetBytes((int)CngExportPolicies.AllowPlaintextExport),CngPropertyOptions.Persist));
I tried to split up the sample for .NET RSAPKCS1KeyExchangeFormatter Class from https://msdn.microsoft.com/EN-US/library/8kkwbeez(v=VS.110,d=hv.2).aspx into 2 console apps (Alice, Bob) using a common class named KeyExchange. This class contains two methods:
GenerateEncryptedSessionKeyAndIV: runs on Alice, encrypts the session key, and for test purposes decrypts it.
ProcessEncryptedSessionKeyAndIV: runs on Bob, fails to decrypt the session key with Exception "The parameter is incorrect". Although the byte arrays look correct. Please help.
public KeyExchange()
{
rsaKey = new RSACryptoServiceProvider(); // asymmetric encryption/decryption
aes = new AesCryptoServiceProvider(); // symmetric encryption/decryption
}
public byte[] PublicKey
{
get { return rsaKey.ExportCspBlob(false); } // used by partner who wants to send secret session key
set { rsaKey.ImportCspBlob(value); } // used by partner who receives secret session key
}
public void GenerateEncryptedSessionKeyAndIV(out byte[] iv, out byte[] encryptedSessionKey)
{
iv = aes.IV; // Gets the initialization vector (IV) for the symmetric algorithm.
// Encrypt the session key
RSAPKCS1KeyExchangeFormatter keyFormatter = new RSAPKCS1KeyExchangeFormatter(rsaKey); // Initializes a new instance of the RSAPKCS1KeyExchangeFormatter class with the specified key.
encryptedSessionKey = keyFormatter.CreateKeyExchange(aes.Key, typeof(Aes)); // Create and return the encrypted key exchange data
// test only: the next 2 lines are to prove that the secret key can be obtained from the the encrypted key exchange data here on Alice,
// the same code failes executed on Bob (see method ProcessEncryptedSessionKeyAndIV)
RSAPKCS1KeyExchangeDeformatter keyDeformatter = new RSAPKCS1KeyExchangeDeformatter(rsaKey);
byte[] helper = keyDeformatter.DecryptKeyExchange(encryptedSessionKey);
}
public void ProcessEncryptedSessionKeyAndIV(byte[] iv, byte[] encryptedSessionKey)
{
aes.IV = iv; // Sets the initialization vector (IV) for the symmetric algorithm.
// Decrypt the session key, Create a KeyExchangeDeformatter
RSAPKCS1KeyExchangeDeformatter keyDeformatter = new RSAPKCS1KeyExchangeDeformatter(rsaKey);
// obtain the secret key (32 bytes) from from the encrypted key exchange data (128 bytes)
aes.Key = keyDeformatter.DecryptKeyExchange(encryptedSessionKey); // this results in CryptographicException: The parameter is incorrect.
}
Okay, psychic debugging time.
You have Alice construct one of these and call GenerateEncryptedSessionKeyAndIV(). She sends that value, and the value of PublicKey (which shouldn't be a property because it does a lot more work than you want happening in a debugger every time you hit F10).
You have Bob construct one of these and assign PublicKey, then call ProcessEncryptedSessionKeyAndIV.
The exception is because Bob doesn't have the private key, so he can't decrypt.
You're doing KeyExchange, which suggests you're online, which suggests you should just use TLS and call it a day. If you're offline you want KeyAgreement (Diffie-Hellman, or EC Diffie-Hellman).
Nevertheless, the right way is
Private-key-holder sends their public key, preferably as a certificate
Other party verifies the public key (which is much easier when it's a certificate... nigh on impossible if it's just key data)
Other party generates some data to hide
Other party encrypts the data using the received public key
Other party sends the encrypted data back
Private-key-holder decrypts the data (with the private key)
Now both sides know what the data was (which could be a key, could be a key+algorithm, could be an input into a KDF, ...)
For KeyExchange these roles are usually called Server (private-key-holder) and Client (other party).
I'm trying to encrypt some data in Mono C#, send it to a NodeJS server and decrypt it there. I'm trying to figure out what algorithms to use to match the two.
I send the encrypted string encoded with base64. So I do something like this in Javascript, where I know the key which was used to encrypt the data in my C# application:
var decipher = crypto.createDecipher('aes192',binkey, biniv);
var dec = decipher.update(crypted,'base64','utf8');
dec += decipher.final('utf8');
console.log("dec", dec);
In Mono I create my Cypher with:
using System.Security.Cryptography;
using (Aes aesAlg = Aes.Create("aes192"))
I need to pass the correct string to Aes.Create() in order to have it use the same algorithm, but I can't find what it should be. "aes192" is not correct it seems.
I don't need aes192 this was just a tryout. Suggest a different encryption flavor if it makes sense. Security is not much of an issue.
Here are links to .NET and Nodejs docs:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aes.aspx
http://nodejs.org/api/crypto.html
This code works for my Node.js side, but please replace the static iv, otherwhise aes encryption would be useless.
var crypto = require('crypto');
function encrypt(data, key) {
key = key || new Buffer(Core.config.crypto.cryptokey, 'binary'),
cipher = crypto.createCipheriv('aes-256-cbc', key.toString('binary'), str_repeat('\0', 16));
cipher.update(data.toString(), 'utf8', 'base64');
return cipher.final('base64');
}
function decipher(data, key) {
key = key || new Buffer(Core.config.crypto.cryptokey, 'binary'),
decipher = crypto.createDecipheriv('aes-256-cbc', key.toString('binary'), str_repeat('\0', 16));
decipher.update(data, 'base64', 'utf8');
return decipher.final('utf8');
}
function str_repeat(input, multiplier) {
var y = '';
while (true) {
if (multiplier & 1) {
y += input;
}
multiplier >>= 1;
if (multiplier) {
input += input;
} else {
break;
}
}
return y;
}
I hope this helps You.
NOTE: You need to deliver an 265bit aka 32 character key for this algorithm to work.
POSSIBLE .NET SOLUTION: This may help you Example
You should simply write new AesManaged().
You don't need to call Create().
You then need to set Key and IV, then call CreateDecryptor() and put it in a CryptoStream.
It turned out to be a stupid mistake. I thought the create function in Node.js could take a variable argument count. Turns out you need to call the createDecipheriv() instead.
Just for the record, you can easily check the padding and mode by looking at those properties in the Aes object. The defaults are CBC and PKCS7. That padding is also used in nodejs crypto. So a for a 128 key size my code to decrypt a base64 encoded string would be:
var crypto = require('crypto');
var binkey = new Buffer(key, 'base64');
var biniv = new Buffer(iv, 'base64');
var decipher = crypto.createDecipheriv('aes-128-cbc', binkey, biniv);
var decrypted = decipher.update(crypted,'base64','utf8');
decrypted += decipher.final('utf8');
console.log("decrypted", decrypted);
We're trying to do this for our C# (.net 3.5) application on our XP SP2 machines (Win7 later).
In our installer (created by VS2008), we're encrypting our connection string with AES key and iv, and then creating a RSA key-pair and storing them in MachineKeyStore. The installer will use the RSA public key to encrypt the AES key and iv, and store the encrpted key and iv with the encrypted connection string.
After installation, our application will read the encrypted connection string with the encrypted AES key and iv back, and use the RSA private key (from MachineKeyStore) to decrypt the AES key and iv and then decrypt the connection string with the AES key and iv.
The installer and our application share a constant string for the container name of the MachineKeyStore.
I know where the key-pair is stored, so I can monitor it to see if key-pair is deleted, updated or created.
I did some tests and found some interesting things (unexpected) but don't know why it is like that. My user account is Admin account.
The installer can delete the stored key-pair created by our application and create a new one immediately with the same container name;
The installer can update key-pair created by our application (not delete and create again, it is overwriting, I think - but this should not happen according to the doc)
Our application cannot delete the key-pair created by the installer: CryptographicException: Keyset does not exist. exception will happen when the key-pair actually exists there;
Our application cannot create a new one when the installer-created key-pair is there: CryptographicException: Keyset does not exist.
Our application cannot access the key-pair created by the installer,
CryptographicException: Access is denied. will happen in that case. The encryption in the installer works with AES and RSA public key. When the application tries to use the stored private key to do decryption, an "Access is denied" exception will occur.
Our code follows:
public static void CreateRSAKeyPair(string keyContainerName)
{
DeleteRSAKeyPair(keyContainerName);
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = keyContainerName;
cspParams.Flags |= CspProviderFlags.UseMachineKeyStore;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParams))
{
rsa.PersistKeyInCsp = false;
}
}
public static void DeleteRSAKeyPair(string keyContainerName)
{
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = keyContainerName;
cspParams.Flags |= CspProviderFlags.UseMachineKeyStore;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParams))
{
rsa.PersistKeyInCsp = false;
try
{
rsa.Clear();
}
catch (CryptographicException ex)
{
Log.logItem(LogType.Exception, "RSA key clear error, can be ignored", "SecurityMgr::DeleteRSAKeyPair()", "CryptographicException msg=" + ex.ToString());
}
}
}
Code to access private key for decryption:
private static byte[] RSADecrypt(byte[] inputData, string keyContainerName)
{
byte[] resultData = null;
try
{
CspParameters cspParams = new CspParameters();
cspParams.Flags |= CspProviderFlags.UseMachineKeyStore;
cspParams.KeyContainerName = keyContainerName;
using (RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParams))
{
//rsaProvider.PersistKeyInCsp = true;
//private key
RSAParameters rsaParams = rsaProvider.ExportParameters(true);
rsaProvider.ImportParameters(rsaParams);
resultData = rsaProvider.Decrypt(inputData, false);
}
}
catch (CryptographicException ex)
{
string msg = "CryptographicException: keyContainerName=" + keyContainerName + "\nmsg=" + ex.ToString();
Log.logItem(LogType.Exception, "RSA decryption exception", "SecurityMgr::RSADecrypt()", msg);
}
return resultData;
}
Can RSA asymmetric encryption be used like this?
EDIT:
Doing the same thing (with AES and RSA encryption) for the connection string within our application (without the installer involved) works fine.
The actual question is not very clear. However, I see a few things in your code:
You export the key pair (private and public) from the Provider into the parameters. People get confused about the boolean parameter. IT does not mean it exports ONLY the private key. If you set it to true (export private key) both your PUBLIC and PRIVATE keys will be exported.
The same keys you exported from your RSA Provider instance, you are importing back into the same provider. That does not make any sense.
Remove the ExportParameters and ImportParameters lines, they accomplish nothing. Your key(s) should already be into the RSA Provider if the container name you specified in the constructor is valid and exists.
With asymmetric cryptography you use the PRIVATE key to encrypt because that you do not share. You then use the PUBLIC key to decrypt because the other party (receiver) should only hold your PUBLIC key to be able to decrypt. If they have your PRIVATE key the whole scheme is compromised.