I'm using microsoft's RSACryptoServiceProvider class to Encrypt/Decrypt data.
However, decryption function throws an exception "Bad Data".
Is it something about creating new instance of the provider class everytime I use encryption/decryption?
RSA Provider Class
static public byte[] RSAEncrypt(byte[] byteEncrypt, RSAParameters RSAInfo, bool isOAEP)
{
try
{
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
RSA.ImportParameters(RSAInfo);
//Encrypt the passed byte array and specify OAEP padding.
return RSA.Encrypt(byteEncrypt, isOAEP);
}
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return null;
}
}
static public byte[] RSADecrypt(byte[] byteDecrypt, RSAParameters RSAInfo, bool isOAEP)
{
try
{
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(4096))
{
//Import the RSA Key information. This needs
//to include the private key information.
RSA.ImportParameters(RSAInfo);
//Decrypt the passed byte array and specify OAEP padding.
return RSA.Decrypt(byteDecrypt, isOAEP);
}
}
catch (CryptographicException e)
{
Console.WriteLine(e.ToString());
return null;
}
}
}
Usage
UnicodeEncoding ByteConverter = new UnicodeEncoding();
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(4096);
byte[] plainPassword;
byte[] encryptedPassword;
plainPassword = ByteConverter.GetBytes(connectionStringPasswordTextBox.Text);
encryptedPassword = CryptoHelper.RSAEncrypt(plainPassword, RSA.ExportParameters(false), false);
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(4096);
byte[] decryptedPassword = CryptoHelper.RSADecrypt(Convert.FromBase64String(connectionString.password), RSA.ExportParameters(true), false);
EDIT
The exception has changed to "The parameter is incorrect" after giving a few more try. I think it has to do with creating only one instance for rsa class instaead of creating new one everytime I use it.
The RSACryptoServiceProvider(int) constructor generates a new key (unless CAPI returns a key for the null-name; which I'm not sure is possible). So this code is encrypting with one key and attempting to decrypt with another. The resulting answer makes so little sense that an exception is thrown.
Generate your key once, and save the RSAParameters from it.
To make your code more portable, avoid saying "RSACryptoServiceProvider"; just talk about RSA, when possible.
Unfortunately, key creation is a time it isn't possible since RSACryptoServiceProvider doesn't generate a new key when KeySize is changed.
So you should really use something more like this on .NET 4.6 or higher:
public static byte[] RSAEncrypt(
byte[] byteEncrypt,
RSAParameters rsaInfo,
RSAEncryptionPadding padding)
{
try
{
using (RSA rsa = RSA.Create())
{
rsa.ImportParameters(rsaInfo);
return rsa.Encrypt(byteEncrypt, padding);
}
}
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return null;
}
}
Related
I am new to development. I wrote a encrypt method with X509 certificate. Now I want to write a decrypt method. I tried. but not working. Please help me to develop the decrypt method Thank you.
Encrypt method(working correctly):
private static string Encrypt(X509Certificate2 x509, string stringToEncrypt)
{
if (x509 == null || string.IsNullOrEmpty(stringToEncrypt))
throw new Exception("A x509 certificate and string for encryption must be provided");
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PublicKey.Key;
byte[] bytestoEncrypt = ASCIIEncoding.ASCII.GetBytes(stringToEncrypt);
byte[] encryptedBytes = rsa.Encrypt(bytestoEncrypt, false);
return Convert.ToBase64String(encryptedBytes);
}
Decrypt method that I tried:
private static string Decrypt(X509Certificate2 x509, string stringToDecrypt)
{
if (x509 == null || string.IsNullOrEmpty(stringToDecrypt))
throw new Exception("A x509 certificate and string for encryption must be provided");
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PrivateKey; //when i use primaryKey here rsa always null
// byte[] bytestoEncrypt = ASCIIEncoding.ASCII.GetBytes(stringToDecrypt);
byte[] bytestoDecrypt = Convert.FromBase64String(stringToDecrypt);
byte[] encryptedBytes = rsa.Decrypt(bytestoDecrypt, false);
return Convert.ToBase64String(encryptedBytes);
}
I don't have much knowledge about encryption and decryption. please help me to fix this.
The rules for decrypt are easy. Starting from the last line of your encryption method, undo everything.
But, first, some notes.
Don't use cert.PublicKey.Key. It's [Obsolete] in newer versions of .NET. Use cert.GetRSAPublicKey() (assuming it's RSA).
Similar with cert.PrivateKey
Don't use RSACryptoServiceProvider. It's old and crusty. Just use the new, shiny, methods on the RSA base class.
Encryption doesn't do text. It does bytes.
Repeat: Encryption doesn't do text. It does bytes.
RSA isn't for general data. It's for relatively small messages, like an AES encryption key.
Here's the right way, which does AES encryption of the data, encrypts that key for the target certificate, and puts the two parts together.
private static byte[] Encrypt(X509Certificate2 targetCert, byte[] data)
{
ContentInfo contentInfo = new ContentInfo(data);
EnvelopedCms cms = new EnvelopedCms(contentInfo);
CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, targetCert);
cms.Encrypt(recipient);
return cms.Encode();
}
private static byte[] Decrypt(X509Certificate2 recipientCert, byte[] encrypted)
{
EnvelopedCms cms = new EnvelopedCms();
cms.Decode(encrypted);
cms.Decrypt(new X509Certificate2Collection(recipientCert));
return cms.ContentInfo.Content;
}
But that's no fun, so I guess we'll do it with the lower level types.
private static byte[] Encrypt(X509Certificate2 targetCert, byte[] data)
{
using (RSA key = targetCert.GetRSAPublicKey())
{
return key.Encrypt(data, RSAEncryptionPadding.OaepSHA256);
}
}
private static byte[] Decrypt(X509Certificate2 recipientCert, byte[] encrypted)
{
using (RSA key = recipientCert.GetRSAPrivateKey())
{
return key.Decrypt(encrypted, RSAEncryptionPadding.OaepSHA256);
}
}
Oh, but you wanted strings. Well, strings aren't bytes. But they could be, if you encoded them.
private static byte[] EncryptString(X509Certificate2 targetCert, string message, Encoding encoding = null)
{
return Encrypt(targetCert, (encoding ?? Encoding.UTF8).GetBytes(message));
}
private static byte[] DecryptString(X509Certificate2 targetCert, string message, Encoding encoding = null)
{
return Decrypt(targetCert, (encoding ?? Encoding.UTF8).GetBytes(message));
}
Wrapping those in Base64 is an exercise left to the reader.
I had a working RSA encryption that was basically created like this
public string DecryptFormula( byte[] WholeData )
{
// Get from container the key used to encrypt entropy bytes
RSAParameters PublicKey = GetKeyFromContainer("CorroredKeys");
byte[] KeyLengthByte = new byte[4];
Array.Copy(WholeData, KeyLengthByte, 4);
int KeyLength = BitConverter.ToInt32(KeyLengthByte, 0);
// Encrypt entropy
byte[] encryptedKey = new byte[KeyLength];
Array.Copy(WholeData, 4, encryptedKey, 0, KeyLength);
//Pass the data to ENCRYPT, the public key information
//(using RSACryptoServiceProvider.ExportParameters(false),
//and a boolean flag specifying no OAEP padding.
byte[] PrivateKey = RSADecrypt(encryptedKey, PublicKey, false);
...
}
static public byte[] RSADecrypt(byte[] DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
{
try
{
byte[] decryptedData;
//Create a new instance of RSACryptoServiceProvider.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Import the RSA Key information. This needs
//to include the private key information.
RSA.ImportParameters(RSAKeyInfo);
//Decrypt the passed byte array and specify OAEP padding.
//OAEP padding is only available on Microsoft Windows XP or
//later.
decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding);
}
return decryptedData;
}
//Catch and display a CryptographicException
//to the console.
catch (CryptographicException ex)
{
return null;
}
}
However, after joining the server, where this code is running, to the domain the decryption suddenly stopped working. I have debugged this so far that I found that the problem seems to be with
RSA.Decrypt(DataToDecrypt, DoOAEPPadding)
that gives an exception
System.Security.Cryptography.CryptographicException: The parameter is incorrect.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.RSACryptoServiceProvider.DecryptKey(SafeKeyHandle pKeyContext, Byte[] pbEncryptedKey, Int32 cbEncryptedKey, Boolean fOAEP, ObjectHandleOnStack ohRetDecryptedKey)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
at MyCalculation.ProjectBase.RSADecrypt(Byte[] DataToDecrypt, RSAParameters RSAKeyInfo, Boolean DoOAEPPadding)
How to proceed with this and where to look for possible reason for this? Note: This code was working before the server was joined to domain.
Edit:
Alex K. asked if the key container I'm using is empty. That is what I also suspected. However, at least the Modulus field of my public key had some data. I'm not able to run debugger in the production environment, but I wrote some code that writes byte arrays into a log file.
RSAParameters PublicKey = GetKeyFromContainer("CorroredKeys");
WriteLog("PublicKey, modulus: " + BytesToString(PublicKey.Modulus));
Just for information, the public key is generated like this:
public static RSAParameters GenKey_SaveInContainer(string ContainerName)
{
// First, to get a fresh key, delete the key from the container.
DeleteKeyFromContainer(ContainerName);
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container MyKeyContainerName and generates new public and private key data
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(cp))
{
byte[] Keyblob = RSA.ExportCspBlob(true);
// Return saved key information to the caller
return RSA.ExportParameters(false);
}
}
/// <summary>
/// Clears and deletes an asymmetric key pair from given key container
/// </summary>
/// <param name="ContainerName">Key container name where RSA key pair is saved</param>
public static void DeleteKeyFromContainer(string ContainerName)
{
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);
// Delete the key entry in the container.
rsa.PersistKeyInCsp = false;
// Call Clear to release resources and delete the key from the container.
rsa.Clear();
}
The key is read from container like this:
public static RSAParameters GetKeyFromContainer(string ContainerName)
{
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container MyKeyContainerName.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(cp))
{
// Return saved key information to the caller
return RSA.ExportParameters(true);
}
}
The problem was that after joining the server to the domain the two processes that encode and decode the data were running on two different user ids. When this was corrected and data first encoded again the encoded data could be decoded again.
This was so silly case, that I should have discovered this immediately. Lesson learned: Never trust that settings remain as they were.
I have a server written in Java which sends converts its RSA key to the XML format used by .NET before sending it to the client:
public String getPublicKeyXML() {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec publicKey = factory.getKeySpec(this.keyPair.getPublic(), RSAPublicKeySpec.class);
byte[] modulus = publicKey.getModulus().toByteArray();
byte[] exponent = publicKey.getPublicExponent().toByteArray();
String modulusStr = Base64.encodeBytes(modulus);
String exponentStr = Base64.encodeBytes(exponent);
String format =
"<RSAKeyValue>" +
"<Modulus>%s</Modulus>" +
"<Exponent>%s</Exponent>" +
"</RSAKeyValue>";
return String.format(format, modulusStr, exponentStr);
} catch (Exception e) {
this.server.logException(e);
return "";
}
}
The client, written in C#, then loads the key and uses it to encrypt a 256 bit AES key:
public static byte[] encrypt(string xmlKey, byte[] bytes)
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlKey);
byte[] cipherBytes = rsa.Encrypt(bytes, false);
rsa.Clear();
return cipherBytes;
}
The server is then supposed to decrypt the AES key using its private RSA key:
public byte[] decrypt(byte[] data) {
try {
PrivateKey privateKey = this.keyPair.getPrivate();
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] cipherData = cipher.doFinal(data);
return cipherData;
} catch (Exception e) {
this.server.logException(e);
return new byte[0];
}
}
However, the server fails with an error stating "Data must not be longer than 384 bytes." Looking at the data to be decrypted, I noticed that it's 385 bytes. I tried increasing the RSA key length, and now the server tells me the data must be no longer than 512 bytes, while the encrypted data from the client is 513 bytes. Why is the encrypted data always one byte longer than expected?
EDIT:
Here's a sample XML-formatted key as is transmitted from the server to the client:
<RSAKeyValue><Modulus>ANsMd2dCF6RsD5v5qjlHEjHm0VWD99gSYHP+pvyU8OgNL9xM5+o+yMAxWISOwMii9vJk1IzYGf18Fj2sMb5BsInlG2boZHb6KHh7v8ObPa4MuwB/U63i8AVU3N/JTugaPH0TKvo1WNUooXEHT23nOk+vh1QipzgKQYGl68qU35vKmpNAa79l1spXA66LckTWal4art9T08Rxgn9cMWujlF+wh9EQKQoxxgj4gCoXWRDTFYjRo/Mp5xDPwNjloTs/vFCPLvY7oI+lVrHhrPyz1R473ZuEhZm+rSeGBcY9I8vhg0AIixN7KYBLhrIecmqoNZHi6LohjD2F9zhdLaTU0IIU8eeKpbEZ5eB1kYngMONBq3A/IoG0Qa/7EcSAMMspBEObffK9kCNzvnbFg5wLuy8EHNaK3nmnuTppgCwCyNqZyHeAbZaUBjNguLhHtqkHFiPJ063Xesj9UbSsCmlBliGTDXWfeJANnjGP6D3R+uLXVy9SZe+cY92JW3eZA2k//w==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
I have verified that the data sent is the same as the data being received.
Knocking off the last byte results in a BadPaddingException. I also tried knocking off the first byte, with the same result.
I found the problem. The BigInteger's toByteArray() function included a leading zero for some reason. I just removed the leading zeros from the array and it now works like a charm!
This will not fix the problem (I tested it to no avail), but I wanted to call to your attention that RSACryptoServiceProvider implements the IDisposable interface and therefore should be properly disposed of when complete. Your C# encrypt method can be written a bit better (and more concise!) as such:
public static byte[] encrypt(string xmlKey, byte[] bytes)
{
using (var rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(xmlKey);
return rsa.Encrypt(bytes, false);
}
}
I'm having a problem setting up RSA encryption/decryption mechanism between flex client and web service written in c#. The idea is this: I'll encrypt some text from flex and then decrypt it from web service. I'm using as3crypto library from google. It is encrypting/decrypting text properly. I also have the code on the web service side to encrypt/decrypt properly. My problem is synchronizing them - basically sharing the public key to flex and keeping the private key to the web service.
My flex "encrypt" function takes modulus and exponent of RSA to do text encryption, so how do i get these modulus and exponent attributes from the web service's RSACryptoServiceProvider, so they speak the same standard.
I tried the
RSAKeyInfo.Modulus
RSAKeyInfo.Exponent
from the web service and fed them to the flex client.
After doing encryption on flex I took the cipher text and fed it to decrypt method on web service, but it is giving me "bad data" error message.
System.Security.Cryptography.CryptographicException: Bad Data.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._DecryptKey(SafeKeyHandle hPubKey, Byte[] key, Int32 dwFlags)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
at Microsoft.Samples.Security.PublicKey.App.RSADecrypt(Byte[] DataToDecrypt, RSAParameters RSAKeyInfo, Boolean DoOAEPPadding) in C:\Users
\Me\Desktop\After Release\5-24-2011-webServiceCrypto\publickeycryptography\CS\PublicKeyCryptography\PublicKey.cs:line 219
Encryption failed.
How do i make sure they are both using the same byte 64 or 128 byte encryption . ie the input from flex should fit to what is expected by the web service RSACryptoServiceProvider's decrypt method.
(I'm assuming the size might be a problem, may be it's not - i'm lost)
Here is the code, first flex client followed by web service c# code
private function encrypt():void {
var rsa:RSAKey = RSAKey.parsePublicKey(getModulus(), getExponent());
trace("Modulus Lenght: " + getModulus().length);
trace("Exponent Lenght : " + getExponent().length);
var data:ByteArray = getInput(); //returns byteArray of plainText
var dst:ByteArray = new ByteArray;
rsa.encrypt(data, dst, data.length);
trace("Enc Data: " + dst.toString() );
currentResult = Hex.fromArray(dst);
encryptedText = currentResult;
trace("Encrypted:: " + currentResult);
}
//For testing purposes
private function decrypt():void {
var rsa:RSAKey = RSAKey.parsePrivateKey(getModulus(), getExponent(), getPrivate(), getP(), getQ(), getDMP1(), getDMQ1(), getCoeff());
var data:ByteArray = Hex.toArray(encryptedText);
trace("Byte array: " + data.toString());
var dst:ByteArray = new ByteArray;
rsa.decrypt(data, dst, data.length);
decryptedText = Hex.fromArray(dst);
trace("Decrypted text: " + Hex.toString(decryptedText));
}
And web service part is as follows:
try
{
//Create a UnicodeEncoder to convert between byte array and string.
UnicodeEncoding ByteConverter = new UnicodeEncoding();
//Create byte arrays to hold original, encrypted, and decrypted data.
byte[] dataToEncrypt = ByteConverter.GetBytes("Data to Encrypt");
byte[] encryptedData;
byte[] decryptedData;
//Create a new instance of RSACryptoServiceProvider to generate
//public and private key data.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Pass the data to ENCRYPT, the public key information
//(using RSACryptoServiceProvider.ExportParameters(false),
//and a boolean flag specifying no OAEP padding.
encryptedData = RSAEncrypt(dataToEncrypt, RSA.ExportParameters(false), false);
//Pass the data to DECRYPT, the private key information
//(using RSACryptoServiceProvider.ExportParameters(true),
//and a boolean flag specifying no OAEP padding.
decryptedData = RSADecrypt(encryptedData, RSA.ExportParameters(true), false);
//Display the decrypted plaintext to the console.
Console.WriteLine("\n\nDecrypted plaintext: {0}", ByteConverter.GetString(decryptedData));
}
}
static public byte[] RSAEncrypt(byte[] DataToEncrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
{
try
{
byte[] encryptedData;
//Create a new instance of RSACryptoServiceProvider.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Import the RSA Key information. This only needs
//toinclude the public key information.
RSA.ImportParameters(RSAKeyInfo);
//Encrypt the passed byte array and specify OAEP padding.
//OAEP padding is only available on Microsoft Windows XP or
//later.
encryptedData = RSA.Encrypt(DataToEncrypt, DoOAEPPadding);
}
return encryptedData;
}
//Catch and display a CryptographicException
//to the console.
catch (CryptographicException e)
{
Console.WriteLine(e.Message);
return null;
}
}
static public byte[] RSADecrypt(byte[] DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding)
{
try
{
Console.WriteLine("Modulus Lenghth :" + RSAKeyInfo.Modulus.Length);
Console.WriteLine("Exponent Length :" + RSAKeyInfo.Exponent.Length);
byte[] decryptedData;
//Create a new instance of RSACryptoServiceProvider.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Import the RSA Key information. This needs
//to include the private key information.
RSA.ImportParameters(RSAKeyInfo);
//Decrypt the passed byte array and specify OAEP padding.
//OAEP padding is only available on Microsoft Windows XP or
//later.
decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding);
}
return decryptedData;
}
//Catch and display a CryptographicException
//to the console.
catch (CryptographicException e)
{
Console.WriteLine(e.ToString());
return null;
}
}
I'm not quite sure if this RSA set up is the way to go...
Any kinda comment / advice/ or recommended solution is welcome,
thanks guys
Eureka! Eureka! I got it.
The problem was after decryption from web service, the encrypted byte array missed 0's in between, so that when changed to string it gets unreadable '????????' text. So I just put paddWithZeros() function to pad the decrypted byte array with 0's between bytes and it worked.
Thanks Kevin, your solution gave me an insight into what things I should consider. So during decrypting I specify parameter fOAEP as false, so it would use PKCS#1 for padding (making both libraries use the same standard).
RSA.Decrypt(DataToDecrypt, DoOAEPPadding); // DoOAEPPadding = false
another error that i was getting is Bad Data exception. This was fixed when i shared the RSA cryptoServiceProvider's parameters (modulus and exponent) to actionScript methods.
I also changed the byte[] array of c# RSA attributes (like Modulus n, Exponent e, Private d..etc) to hexa string so that I'd be able to share with as3crypto library.
I'd love to share what worked for me; save others some time.
<?xml version="1.0" encoding="utf-8"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600">
<fx:Script>
<![CDATA[
import com.hurlant.crypto.Crypto;
import com.hurlant.crypto.rsa.RSAKey;
import com.hurlant.crypto.symmetric.ICipher;
import com.hurlant.crypto.symmetric.IPad;
import com.hurlant.util.Hex;
private var currentResult:String;
private var encryptedText:String;
private var decryptedText:String;
private function encrypt(plainText:String):String {
var rsa:RSAKey = RSAKey.parsePublicKey(getModulus(), getExponent());
var data:ByteArray = Hex.toArray(Hex.fromString(plainText)); //returns byteArray of plainText
var dst:ByteArray = new ByteArray;
rsa.encrypt(data, dst, data.length);
currentResult = Hex.fromArray(dst);
encryptedText = currentResult;
trace ("Cipher: " + currentResult);
return currentResult;
}
private function getInput():ByteArray {
return null;
}
private function getModulus():String {
return "b6a7ca9002b4df39af1ed39251a5d"; //read this value from web service.
}
private function getExponent():String {
return "011"; //read this value from web service.
}
//For debugging and testing purposes
// private function decrypt(cipherText:String):String {
// var rsa:RSAKey = RSAKey.parsePrivateKey(getModulus(), getExponent(), getPrivate(), getP(), getQ(), getDMP1(), getDMQ1(), getCoeff());
// var data:ByteArray = Hex.toArray(cipherText);
// var dst:ByteArray = new ByteArray;
// rsa.decrypt(data, dst, data.length);
// decryptedText = Hex.fromArray(dst);
//trace('decrypted : ' + decryptedText);
// return Hex.toString(decryptedText);
// }
]]>
</fx:Script>
<fx:Declarations>
<!-- Place non-visual elements (e.g., services, value objects) here -->
</fx:Declarations>
<mx:VBox >
<s:Button label="Encrypt Text" click="encrypt('my plain text')" />
<s:Button label="Decrypt Text" click="decrypt({encryptedText})" />
</mx:VBox>
</s:Application>
And the web service part of decryption looks like this:
static public string RSADecrypt(string cipherText)
{
UnicodeEncoding ByteConverter = new UnicodeEncoding();
byte[] DataToDecrypt = StringToByteArray(cipherText);
bool DoOAEPPadding = false;
try
{
byte[] decryptedData;
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
KeyInfo keyInfo = new KeyInfo();
RSAParameters RSAKeyInfo = keyInfo.getKey();
RSA.ImportParameters(RSAKeyInfo);
decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding);
}
byte[] paddedOutput = paddWithZeros(decryptedData); //to sync with as3crypto
return (ByteConverter.GetString(paddedOutput));
}catch (CryptographicException e)
{
//handle error
return null;
}
}
I'll do some reading about padding schemes for RSA, see if there is any misconception.
Thanks
Seems overly complicated. I've worked on some high security systems before, but this is ludicrous. Why would you need this kind of level of encryption at the text being sent unless you don't want the user to know the text he just inputted?
Just use a strong SSL key (256bit is max for IE6, you could use 512 but only compatible with newer browsers) for the actual transfer protocol (I imagine HTTP) with a binary data format (AMF) and everything should be fine. I doubt your system is that important to leverage the use of encrypting text.
I use as3crypto and JAVA web-services. Here are some thoughts:
a. I generated my public and private RSA keys via openssl
b. My client loads the public .cer file at application startup (if you just hardcoded them in from the generated key that works too).
var pemString : String = new String(data.target.data);
var x509Cert : X509Certificate = new X509Certificate(pemString);
var publicRSAKey : RSAKey = x509Cert.getPublicKey();
c. Encrypt my strings via
var inputByteArray : ByteArray = Hex.toArray(Hex.fromString(inputString));
var outputByteArray : ByteArray = new ByteArray();
appSettingsModel.publicRSAKey.encrypt(inputByteArray, outputByteArray, inputByteArray.length);
d. I didn't write the JAVA side of things but you aren't using JAVA anyways. I know that as3crypto uses PKCS1 padding by default:
RSAKEY.as
private function _encrypt(op:Function, src:ByteArray, dst:ByteArray, length:uint, pad:Function, padType:int):void {
// adjust pad if needed
if (pad==null) pad = pkcs1pad;
This can be changed but I haven't tried it yet. Based on your code it looks like you might be trying to decrypt with OAEP scheme, but I can't tell how you are setting that bool. You may want to take a look at what padding scheme is being used with the bool as false and try to change one side or the other to match padding strategies.
I'm trying to set up a simple server side RSA encryption of a small chunk of info which is to be decrypted on the client side. Just as a proof of concept I wrote a few lines to ensure that the public and private key could be loaded from xml. However, I'm struggling to make even the most simple stuff work on my machine:
byte[] bytes = Encoding.UTF8.GetBytes("Some text");
bool fOAEP = true;
// seeding a public and private key
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
var publicKey = rsa.ToXmlString(false);
var privateKey = rsa.ToXmlString(true);
//server side
RSACryptoServiceProvider rsaServer = new RSACryptoServiceProvider();
rsaServer.FromXmlString(privateKey);
var encrypted = rsaServer.Encrypt(bytes, fOAEP);
//client side
RSACryptoServiceProvider rsaClient = new RSACryptoServiceProvider();
rsaClient.FromXmlString(publicKey);
var decrypted = rsaClient.Decrypt(encrypted, fOAEP);
The last call to Decrypt throw a CryptographicException with the message "Error occurred while decoding OAEP padding.". I must be missing something totally obvious here. Do I need more setup of the rsa instances or maybe the initial rsa seeding instance?
You should use public key for encryption and private key for decryption.
Take a look here: RSACryptoServiceProvider decrypt with public key
Now, let's get back to the
RSACryptoServiceProvider class. The
Encrypt method ONLY encrypts using
the public key and the Decrypt method
only decrypts using the private key.