System.IO.IOException: -----END RSA PRIVATE KEY not found

Asked 23/10, 2015 at 11:40 Answered 13/9, 2022 at 7:10

Solved c#encryption cryptography rsa bouncycastle

I am trying to create an online database application using PHP for the server and C# form application for the client. On the server I encrypt a simple string using a public RSA key with the PHPSecLib. Then the C# application receives the string and tries to decrypt it using the corresponding private key. The bytes are base64 encoded on the server and decoded to bytes again by C#. I created the key pair using the PHPSecLib.

This is the code I use on the client application:

public string rsa_decrypt(string encryptedText, string privateKey) {
        byte[] bytesToDecrypt = Convert.FromBase64String(encryptedText);
        Pkcs1Encoding decrypter = new Pkcs1Encoding(new RsaEngine());
        //the error occurs on this line:
        AsymmetricCipherKeyPair RSAParams = (AsymmetricCipherKeyPair)new PemReader(new StringReader(privateKey)).ReadObject();

        decrypter.Init(false, RSAParams.Private);
        byte[] decryptedBytes = decrypter.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length);
        string decryptedString = Convert.ToBase64String(decryptedBytes);
        return decryptedString;
    }

But, I get the following error on the line specified above^.

An unhandled exception of type 'System.IO.IOException' occurred in BouncyCastle.Crypto.dll

Additional information: -----END RSA PRIVATE KEY not found

I believe there's nothing wrong with the key pair combo as I get an error before I even try to decrypt anything. The privateKey parameter is currently hardcoded into the script using this format:

string privateKey = "-----BEGIN RSA PRIVATE KEY-----XXXXXXXX-----END RSA PRIVATE KEY-----";

So it seems to me the footer actually is included in the string... I have debugged and googled everywhere but I can't seem to solve it. I'm pretty new to RSA&Bouncycastle so maybe I'm just using wrong methods.

Hope you can help, thanks! - G4A

P.S. This is my first Stackoverflow question, I just created an account, so if you could also give me some feedback on the way I formulated this question; great!

Menispermaceous answered 23/10, 2015 at 11:40 Comment(4)

IIRC you need a line between the pre-eb boundary; "-----BEGIN RSA PRIVATE KEY-----\r\nXXXXXXXX\r\n-----END RSA PRIVATE KEY-----" – Strepitous 23/10, 2015 at 11:47

Welcome to SO, G4A! There is not much wrong with the question, good question, excellent formatting. Four things for further improvement: 1) end with an actual question (you know, something that ends with a question mark) 2) the "Hope you can help, thanks! -4GA" is not required and actually not preferred 3) the PS should be a comment below the question and 4) please try and humor us by replying to e.g. AlexK. when he proposes a solution (which he is unsure of, hence the comment instead of the answer). – Quadroon 23/10, 2015 at 16:33

That did the trick @AlexK.! I did actually already try that but I forgot the carriage return. Could you please delete your comment and make it into an answer so I can give you karma, or whatever it's called. And thank you @Maarten Bodewes I'll remember it. And finally, sorry for the late answer; I guess my email isn't set up properly yet. – Menispermaceous 23/10, 2015 at 19:16

This happened to me when moving from a local secrets.json file to Azure settings. I had to .Replace("\\n", "\n") right before using the key and then it worked. – Zashin 1/5, 2019 at 6:40

You need to add a new line between the pre/post encapsulation boundary text and the Base64 data, so:

 string privateKey = "-----BEGIN RSA PRIVATE KEY-----\r\nXXX\r\n-----END RSA PRIVATE KEY-----";

This is because the pem specification allows for the existence of other textual headers between the two.

Strepitous answered 24/10, 2015 at 12:7 Comment(2)

Pro tip - make sure you don't use a verbatim string literal (@"...") which would ignore the \n and \r escape sequences. – Germain 7/9, 2017 at 17:11

Hi, we want to refer from Azure key vault, there @ is required ex: "@Microsoft.KeyVault(SecretUri=dev..)". – Tallowy 16/12, 2021 at 9:31

If this doesn't work "-----BEGIN RSA PRIVATE KEY-----\r\nXXXXXXXX\r\n-----END RSA PRIVATE KEY-----"

please try this "-----BEGIN RSA PRIVATE KEY-----
XXXXXXXX
-----END RSA PRIVATE KEY-----"

Ganges answered 12/1, 2019 at 12:19 Comment(2)

This worked with the 
 in Visual Studio .Net Framework 4.8 but not when I ported it over to an Azure Web App. I tried using the \r\n in Azure and that didn't work either. Any ideas? – Kazak 5/2, 2021 at 19:53

Hi @Alessandro Alves : facing same issue, any solution? – Tallowy 16/12, 2021 at 9:52

We converted the BOX Private Key to Base64 Format and stored the same in Azure Vault.

Convert key to Base64 using Base64Encode method, store in Azure Key Vault.

Retrieve the encoded string in code, decoded back using Base64Decode Method.

public static string Base64Encode(string plainText) 
{
    var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
    return System.Convert.ToBase64String(plainTextBytes);
}

public static string Base64Decode(string base64EncodedData) 
{
    var base64EncodedBytes = System.Convert.FromBase64String(base64EncodedData);
    return System.Text.Encoding.UTF8.GetString(base64EncodedBytes);
}

Tallowy answered 16/12, 2021 at 11:29 Comment(0)

I recommend use \x0A instead of \r\n and 
. Because only this option worked for me.

So :

"-----BEGIN RSA PRIVATE KEY-----\x0AXXXXXXXX\x0A-----END RSA PRIVATE KEY-----"

Mannes answered 13/9, 2022 at 7:10 Comment(0)

Recommended topics

Hot tags