RE: Problems with public key decryption with RSA

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 01/31/05 

Date: Mon, 31 Jan 2005 03:37:04 -0800

You need to use MACHINE_KEYSET (in CryptAcquireContext)

Laszlo Elteto
SafeNet, Inc.

"pike" wrote:

> I have created an encryption class whose main encryption method encrypts
> small amounts of bytes (in this case the Key & IV for Rijndael encryption of
> main data) using .NET's RSA methods.
>
> This had all been working fine until I tried using the class within a
> "Windows Service" application. The application fails on a Decrypt with a "bad
> key" error in the "Windows Service" but runs fine (with same key & encrypted
> data) in a normal windows application.
>
> The main sections of code from within my class are the following:-
>
> I generate my Public / Private keys in a function like this:-
>
> // Create RSA Crypto object
> RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
>
> // get public & private key xml
> sPublicKeyXml = rsaCSP.ToXmlString(false);
> sPrivateKeyXml = rsaCSP.ToXmlString(true);
>
>
> I encrypt like this:-
>
> // encrypt symmetric key
> // Create CSPParameters required object
> CspParameters cspParam = new CspParameters();
> cspParam.Flags = CspProviderFlags.UseDefaultKeyContainer;
>
> // encrypt byte[] using asymmetric method RSA
> RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider(cspParam);
> // load the private key
> rsaCSP.FromXmlString(sPrivateKeyXml);
> // encrypt using private key
> byte[] byteEncrypted = rsaCSP.Encrypt(byteToEncrypt, false);
>
>
> And I decrypt later like this:-
>
>
> // Create CSPParameters required object
> CspParameters cspParam = new CspParameters();
> cspParam.Flags = CspProviderFlags.UseDefaultKeyContainer;
>
> // decrypt byte[] using method RSA
> RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider(cspParam);
> // load the public key
> rsaCSP.FromXmlString(sPublicKeyXml);
>
> // decrypt using public key
> byte[] byteDecrypt = rsaCSP.Decrypt(byteEncrypted, false);
>
>
> I have tried running the Windows Service as Administrator but got the same
> "bad key" error.
>
> The stack trace here is
> "System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(IntPtr hPubKey, Byte[] rgbKey, Boolean fOAEP)"
>
> I also tried :-
>
> * changing the CspProviderFlags property to to "UseMachineKeyStore" and the
> code doesn't work at all, even in the normal windows application running as
> my user.
>
> * Importing key using RSAParameters object - will not work encrypting with
> private key / decrypting with public key - works other way round.
>
> * Various combinations of setting up CspParameters - with KeyContainerName
> set, Flags = UseMachineKeyStore, to no avail
>
> My suspicion is that Key stores are somehow involved but with a deadline
> looming I now require someone with more knowledge on the subject to help me!
>
> Also, can you encrypt using the private key and decrypt using the public
> key? The above code works like this, but the UseMachineStore solution would
> only work encrypting with Public Key & decrypting with the Private Key.
> Really, I need to be able to Encrypt with the Private Key.
>
> The customer requirement is to be able to receive encrypted (& signed) data
> packages where I can also verify they have come from a specific sender.
>
> My solution is to encrypt the data with Rijndael encryption, encrypt the
> Rijndael Key & IV with the RSA Private Key & package that up in one file. To
> decrypt this use the public key to obtain the Rijndael Key & IV (and know who
> that this can only have come from someone with the private key) & then
> finally retrieve the data.
>
> Sorry for such a long posting, and there are probably multiple issues here
> but any help would be hugely appreciated!
>
> --
> Best Regards,
> Pike :-)