rsacryptoserviceprovider using x509 certificates c#

Asked 26/10, 2009 at 5:12 Answered 16/5, 2011 at 23:30

Solved .net security cryptography encryption-asymmetric

i am using a certificate generated by makecert which has both private and public key. The java side uses this public key to encrypt the data and .net decrypts it back.

I am trying to decrypt Java's encrypted 64 bit encoded string and getting bad data.

To see if all is good on.Net end, I frist tried to encrypt with the public key and then decrypt with private using the same certificate. My code looks like this.

X509Certificate2 cert = GetCert(key, StoreName.My, StoreLocation.LocalMachine);
RSACryptoServiceProvider provider =  (RSACryptoServiceProvider)cert.PrivateKey;

RSACryptoServiceProvider publicprovider = (RSACryptoServiceProvider)cert.PublicKey.Key;

if (cert.HasPrivateKey)
    MessageBox.Show("Got private key");

byte[] encrypted = publicprovider.Encrypt(Encoding.UTF8.GetBytes(text), false);
byte[] decryptedBytes = provider.Decrypt(encrypted, false);

Even here I am getting the error. Am i Missing something?

The certificate looks valid with both public and private key.

Mcwilliams answered 26/10, 2009 at 5:12 Comment(2)

What error? and on what line? – Darlenadarlene 26/10, 2009 at 9:29

Exception : Bad Data.. No further inner exception when byte[] decryptedBytes = provider.Decrypt(encrypted, false); is called – Mcwilliams 26/10, 2009 at 14:28

I finally found the problem. I wasn't putting the key to makecert to define it as RSA Crypto key.

Mcwilliams answered 28/10, 2009 at 7:24 Comment(0)

I had the same problem with a self-signed cert, the issue was that I was generating the cert with the switch -sky signature instead of -sky exchange (you use signature for signing and exchange for encryption/decryption)

Here is my full command to makecert that works:

makecert -r -pe -a sha1 -n "CN=MyName" -ss my -sr CurrentUser -sky exchange

Jonme answered 4/10, 2010 at 17:34 Comment(0)

The following code works fine for me:

        RSACryptoServiceProvider privateKey = new RSACryptoServiceProvider();
        privateKey.FromXmlString("<RSAKeyValue><Modulus>wL8s+C8SnnlaaqR+VsyijmxOJOARNa4o7ZNsqfy3+9J9Ol2JNSjjMfQWoUnFtClzJBlZhU5KtuazQe8ZKXTX9YvKoJdRhlsonZkC04qiTMdO/FZIH00GrCRxeQ7XDnQnvPB9Bdsvs//7zrY3f7eLIkpIyK9cQHU+5jjJd5IT0eE=</Modulus><Exponent>AQAB</Exponent><P>83xxN7jvpg5z16pxz2tIQIdqd/EfmikR9Q2TjG2tosWkUSvtyx0xHZ9EqdTUbSGZZ+jgrabzkafYc7Mplylwew==</P><Q>yqcnYSZEXHwJvRWi2V09PNEENTozQZywcFptUUGar9TciaQvoNv3lpnfzUKNBRdhzq4lImxkamajZlTWE5buUw==</Q><DP>37HqilkbwyHwB6mOGhPkM3S1ujAK6qTk3JB2iEOTjMGrru9+7maJYz+Z47Wm3ARMXgyzrpZ9m8nqsJFfmoL11Q==</DP><DQ>v285tv8kMs2FkZYfuP/oOkwkkneBNejjj68Md2bmzlThZDCyQV2pvB1tmgPVHUsiPNCrCaKlFRISJzfa5rR8Ow==</DQ><InverseQ>fgJE2TRe/SS+YqW0/I+FtHrdfbbao0/R3pHD4r4oceZQUemlBgZ7DxOAetebHKthlOdjGkmfWYB8EU4XoWggqw==</InverseQ><D>FMLCwjy3wbAKiCANp6XFAJgz1o7365NFv0k41BpvasViTa4TgFFWH2ROJ7M9g0lPqJy+YrhrHcY9mqV5TVjTheQp0JeckrgO2B39XngPMAMMdne3rWGpf0Pfbj3FLfchMk6XYDXSZzCS2CmSeRA4aBMb+4R3YurixyJLrnGRMH0=</D></RSAKeyValue>");
        RSACryptoServiceProvider publicKey = new RSACryptoServiceProvider();
        publicKey.FromXmlString("<RSAKeyValue><Modulus>wL8s+C8SnnlaaqR+VsyijmxOJOARNa4o7ZNsqfy3+9J9Ol2JNSjjMfQWoUnFtClzJBlZhU5KtuazQe8ZKXTX9YvKoJdRhlsonZkC04qiTMdO/FZIH00GrCRxeQ7XDnQnvPB9Bdsvs//7zrY3f7eLIkpIyK9cQHU+5jjJd5IT0eE=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>");

        {
            string text = "foo";
            byte[] encrypted = publicKey.Encrypt(Encoding.UTF8.GetBytes(text), false);
            byte[] decryptedBytes = privateKey.Decrypt(encrypted, false);
        }

Can you double-check that the exported private key is from cert.PrivateKey and the public key is from cert.PublicKey.Key?

Stronski answered 26/10, 2009 at 13:11 Comment(4)

when cert returns back it already generates the aes symmetric key. I am not using the implementation where we have to do first create the public private key and generate providers based on that. This uses makecert. The code above doesn't give the error, but has 128 character modulus... – Mcwilliams 26/10, 2009 at 14:34

"when cert returns back it already generates the aes symmetric key." I don't really understand what that means. Where is the AES key generated? I can't see it anywhere in your codesample. – Stronski 26/10, 2009 at 19:5

if you make the certificate with makecert tool. it has the private and public key in it. So, you can go to the store get the private public key .i haven't put int he code to get the private and public key – Mcwilliams 26/10, 2009 at 22:0

But I was talking about using an AES symmetric key, which the RSA asymmetric keypair should encrypt rather than encrypting the text directly. I realize that the makecert tool generates the RSA keys. – Stronski 27/10, 2009 at 7:44

I stumbled across this page when I was trying to find examples of makcert usage with x509 certificates and rsa using c#, and unfortunately it only provided part of the solution. I put all the bits together in a blog entry that people might be interested in, and it can be found here: http://nick-howard.blogspot.com/2011/05/makecert-x509-certificates-and-rsa.html

Henbit answered 16/5, 2011 at 23:30 Comment(0)

I finally found the problem. I wasn't putting the key to makecert to define it as RSA Crypto key.

Mcwilliams answered 28/10, 2009 at 7:24 Comment(0)

Recommended topics

Hot tags