Problems with public key decryption with RSA

From: pike (pike_at_discussions.microsoft.com)
Date: 01/28/05

  • Next message: sabs: "Re: Which type of digital certificate to get from VeriSign for SignedXML" 
    Date: Fri, 28 Jan 2005 05:27:03 -0800

    I have created an encryption class whose main encryption method encrypts
    small amounts of bytes (in this case the Key & IV for Rijndael encryption of
    main data) using .NET's RSA methods.

    This had all been working fine until I tried using the class within a
    "Windows Service" application. The application fails on a Decrypt with a "bad
    key" error in the "Windows Service" but runs fine (with same key & encrypted
    data) in a normal windows application.

    The main sections of code from within my class are the following:-

    I generate my Public / Private keys in a function like this:-

                            // Create RSA Crypto object
                            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();

                            // get public & private key xml
                            sPublicKeyXml = rsaCSP.ToXmlString(false);
                            sPrivateKeyXml = rsaCSP.ToXmlString(true);

    I encrypt like this:-

                            // encrypt symmetric key
                            // Create CSPParameters required object
                            CspParameters cspParam = new CspParameters();
                            cspParam.Flags = CspProviderFlags.UseDefaultKeyContainer;

                            // encrypt byte[] using asymmetric method RSA
                            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider(cspParam);
                            // load the private key
                            rsaCSP.FromXmlString(sPrivateKeyXml);
                            // encrypt using private key
                            byte[] byteEncrypted = rsaCSP.Encrypt(byteToEncrypt, false);

    And I decrypt later like this:-

                            // Create CSPParameters required object
                            CspParameters cspParam = new CspParameters();
                            cspParam.Flags = CspProviderFlags.UseDefaultKeyContainer;

                            // decrypt byte[] using method RSA
                            RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider(cspParam);
                            // load the public key
                            rsaCSP.FromXmlString(sPublicKeyXml);
                            
                            // decrypt using public key
                            byte[] byteDecrypt = rsaCSP.Decrypt(byteEncrypted, false);

    I have tried running the Windows Service as Administrator but got the same
    "bad key" error.

    The stack trace here is
    "System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(IntPtr hPubKey, Byte[] rgbKey, Boolean fOAEP)"

    I also tried :-

    * changing the CspProviderFlags property to to "UseMachineKeyStore" and the
    code doesn't work at all, even in the normal windows application running as
    my user.

    * Importing key using RSAParameters object - will not work encrypting with
    private key / decrypting with public key - works other way round.

    * Various combinations of setting up CspParameters - with KeyContainerName
    set, Flags = UseMachineKeyStore, to no avail

    My suspicion is that Key stores are somehow involved but with a deadline
    looming I now require someone with more knowledge on the subject to help me!

    Also, can you encrypt using the private key and decrypt using the public
    key? The above code works like this, but the UseMachineStore solution would
    only work encrypting with Public Key & decrypting with the Private Key.
    Really, I need to be able to Encrypt with the Private Key.

    The customer requirement is to be able to receive encrypted (& signed) data
    packages where I can also verify they have come from a specific sender.

    My solution is to encrypt the data with Rijndael encryption, encrypt the
    Rijndael Key & IV with the RSA Private Key & package that up in one file. To
    decrypt this use the public key to obtain the Rijndael Key & IV (and know who
    that this can only have come from someone with the private key) & then
    finally retrieve the data.

    Sorry for such a long posting, and there are probably multiple issues here
    but any help would be hugely appreciated! 

    -- 
Best Regards,
Pike :-)
  • Next message: sabs: "Re: Which type of digital certificate to get from VeriSign for SignedXML"