Re: 512 bit encryption with RSACryptoServiceProvider results in "Bad Key"

From: Mike Mazar (mazar_at_mazsoft.com)
Date: 06/05/03 

Date: Thu, 5 Jun 2003 16:38:15 -0400

Maybe I did not describe the problem correctly. Let me give you actual code
fragments so you can do the test yourself. This code is a combination of
.net classes and CAPICOM and some code that I had to figure out by myself.
If you know a better way to do this (without WSE) I appreciate if you let me
know.
Both these tests will get a Machine Certificate and then Encrypt and Decrypt
a short text. One of these uses "Public Key" to Encrypt and then "Private
Key" to decrypt. This one works fine. But in second code, if I use the
"Private Key" to encrypt and "Public Key" to decrypt, it gives me the "Bad
Key" error at the Decrypt method call.

Here is the first code segment which runs correctly:

'---------------- Get Server Certificate
Dim CAPI_Store As New CAPICOM.Store()
CAPI_Store.Open(CAPICOM.CAPICOM_STORE_LOCATION.CAPICOM_LOCAL_MACHINE_STORE,
"MY")
Dim CAPI_Cert As CAPICOM.Certificate = CAPI_Store.Certificates.Item(1)
'---------------- Create RSA Using Public Key
Dim PublicKey As Byte() =
Encoding.Unicode.GetBytes(CAPI_Cert.PublicKey.EncodedKey.Value(CAPICOM.CAPIC
OM_ENCODING_TYPE.CAPICOM_ENCODE_BINARY))
Dim Encryptor As New RSACryptoServiceProvider()
Encryptor.ImportParameters(RSAKeyInfo(PublicKey))
'---------------- Encrypt
Dim CAPI_Encrypted As Byte() =
Encryptor.Encrypt(Encoding.ASCII.GetBytes(txtOriginal.Text), False)
txtEncrypted.Text = Encoding.ASCII.GetString(CAPI_Encrypted)
'---------------- Create RSA Using Private Key
Dim CAPI_Params As New CspParameters(CAPI_Cert.PrivateKey.ProviderType, _
CAPI_Cert.PrivateKey.ProviderName, _
CAPI_Cert.PrivateKey.ContainerName)
CAPI_Params.Flags = CspProviderFlags.UseMachineKeyStore
Dim Decryptor As New RSACryptoServiceProvider(CAPI_Params)
'---------------- Decrypt
Dim CAPI_Result As Byte() = Decryptor.Decrypt(CAPI_Encrypted, False)
txtDecrypted.Text = Encoding.ASCII.GetString(CAPI_Result)

And this one (second code) returns the "Bad Key" error:

'---------------- Get Client Certificate
Dim CAPI_Store As New CAPICOM.Store()
CAPI_Store.Open(CAPICOM.CAPICOM_STORE_LOCATION.CAPICOM_LOCAL_MACHINE_STORE,
"MY")
Dim CAPI_Cert As CAPICOM.Certificate = CAPI_Store.Certificates.Item(1)
'---------------- Create RSA Using Private Key
Dim CAPI_Params As New CspParameters(CAPI_Cert.PrivateKey.ProviderType, _
CAPI_Cert.PrivateKey.ProviderName, _
CAPI_Cert.PrivateKey.ContainerName)
CAPI_Params.Flags = CspProviderFlags.UseMachineKeyStore
Dim Encryptor As New RSACryptoServiceProvider(CAPI_Params)
'---------------- Encrypt
Dim CAPI_Encrypted As Byte() =
Encryptor.Encrypt(Encoding.ASCII.GetBytes(txtOriginal.Text), False)
txtEncrypted.Text = Encoding.ASCII.GetString(CAPI_Encrypted)
'---------------- Create RSA Using Public Key
Dim PublicKey As Byte() =
Encoding.Unicode.GetBytes(CAPI_Cert.PublicKey.EncodedKey.Value(CAPICOM.CAPIC
OM_ENCODING_TYPE.CAPICOM_ENCODE_BINARY))
Dim Decryptor As New RSACryptoServiceProvider()
Decryptor.ImportParameters(RSAKeyInfo(PublicKey))
'---------------- Decrypt
Dim CAPI_Result As Byte() = Decryptor.Decrypt(CAPI_Encrypted, False)
txtDecrypted.Text = Encoding.ASCII.GetString(CAPI_Result)

To test these examples, you will need the following functions:

Private Function RSAKeyInfo(ByVal PublicKey As Byte()) As RSAParameters
    RSAKeyInfo.Modulus = GetASN1Value(GetASN1Value(PublicKey))
    RSAKeyInfo.Modulus = ArrayPart(RSAKeyInfo.Modulus, 1,
RSAKeyInfo.Modulus.Length - 1)
    Dim Exponent As Byte() = {1, 0, 1}
    RSAKeyInfo.Exponent = Exponent
End Function

Private Function GetASN1Value(ByVal ASN1 As Byte()) As Byte()
    Dim temp, I, Len1 As Short
    If ASN1(1) And 128 Then
        temp = ASN1(1) Xor 128
        For I = 1 To temp
            Len1 += ASN1(1 + I) * 256 ^ (temp - I)
        Next
    Else
        Len1 = ASN1(1)
    End If
    Return ArrayPart(ASN1, 2 + temp, Len1)
End Function

Public Shared Function ArrayPart(ByVal ByteArray As Byte(), ByVal StartIndex
As Integer, ByVal Length As Integer) As Byte()
    Dim Temp(Length - 1) As Byte
    Array.Copy(ByteArray, StartIndex, Temp, 0, Length)
    Return Temp
End Function

"Michel Gallant" <neutron@istar.ca> wrote in message
news:u$UxcA4KDHA.2244@TK2MSFTNGP11.phx.gbl...
> Not too clear what you are doing:
> Are you encrypting the 64 bytes with a clients *public key* ?
> That is what the final paragraph seems to indicate, but the first
> paragraph says " ... with client's private key".
>
> In that case, you of course need the client's private key to decrypt,
> instantiating with the public key is not sufficient.
>
> By default, RSACryptoServiceProvider uses Current User keys.
>
> - Michel Gallant
> MVP Security
>
> "Mike Mazar" <mazar@mazsoft.com> wrote in message
news:uE1W6uwKDHA.2052@TK2MSFTNGP11.phx.gbl...
> > I have wasted a lot of time on this problem. I hope someone can help me:
> >
> > My server application receives a client Certificate as a byte array
which I
> > can successfully load it in a X509Certificate object. This certificate
has a
> > public key with a 512 bit modulus. I can extract the Modulus and
Exponent
> > from this public key and create a RSACryptoServiceProvider object with
no
> > problem. When I try to Decrypt 64 bytes of data (encrypted with
client's
> > private key) using the Decryptor object, the "Bad Key" exception
happens.
> > Here is a part of my code:
> >
> > Dim Cert As New X509Certificates.X509Certificate(Certificate)
> > Dim Decryptor As New RSACryptoServiceProvider(512)
> > Decryptor.ImportParameters(RSAKeyInfo(Cert.GetPublicKey))
> >
> > I tested this logic with a Computer certificate which I read from
> > LOCAL_MACHINE_STORE. I can encrypt some data using public key and then
> > decrypt it with private key with no problem. But if I use a certificate
from
> > CURRENT_USER_STORE, "Bad Key" exception happens. Is there any difference
> > between keys used in Computer certificates and User (client)
certificates?
> > These certificates are all being used by another application (which I'm
> > trying to re-engineer) so there is no problem with the certificates.
> >
> >
>
>

Relevant Pages
Quantcast