Re: ASN1 bad tag value met on EnvelopedData.Decrypt str

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 09/24/04 

Date: Fri, 24 Sep 2004 22:28:51 +0200

looks just as RSA encrypted blob (1024 bit). It's not ASN1 DER encodded
data, ie. it's not PKCS7 enveloped data (which is expected by CAPICOM's
EnvelopedData) - no wonder you get ASN1 error. BTW base 64 is encoding (not
encryption). And RSA without padding ... sounds like a really bad idea.

-Valery.
http://www.harper.no/valery

"Kristine" <wingsforwheels@hotmail.com> wrote in message
news:37603010.0409240728.2ca0298e@posting.google.com...
> Yes, Message contains the following encryption:
> cVrs0PXb8sbWIILKsgJyeiy+g1+mm9Dcoiq80AnsHeGaFq3Dfal/iEkHLC+fsqytY8KnBpEf86UV
> 5dIo59Kr2td27iS56H3BHq5xu6H5+wdwsYS6BDlHoEXHW8jCJu8Ld987jsCoexQchQ3noincQPx9
> yWvpjym6fPP6vgoXqJ4=
>
> Additionally, I found out that my "provider" is using BouncyCastle to
> encrypt; they wanted me to verify that I was using a RSA/ECB/NoPadding
> Algorithm and Base 64 decryption. I'm not sure how to verify this
> with CAPICOM.
>
> As a follow up, I did verify that the private key was found by using
> PrivateKey.IsAccessible
>
> Thanks so much for your help, I do appreciate it!
>
> "Daniel Sie [MSFT]" <dsie@online.microsoft.com> wrote in message
> news:<#NHItzeoEHA.1664@tk2msftngp13.phx.gbl>...
>> Can you dump out Message just before Decrypt to see what the value is?
>>
>> --
>> Thanks,
>>
>> Daniel Sie [MSFT]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "Kristine" <wingsforwheels@hotmail.com> wrote in message
>> news:37603010.0409230741.901fa32@posting.google.com...
>> > Users are being linked to our site, and the URL passed to us contains
>> > encrypted data (encrypted by JAVA). The site that is passing the URL
>> > to us and encrypting the parameter has my public key/certificate.
>> > When I try to decrypt using CAPICOM the "ASN1 bad tag value met" error
>> > is raised. I checked the decoded text on the ANS1 dump tool and it
>> > did not raise any errors. I've included my code below, if anyone sees
>> > anything wrong with it please let me know (this is the first time I've
>> > implemented the asynchronous/key pair).
>> >
>> > Would this error be raised if my private key was not found? Is there
>> > anyway to check that it was found? I did verify that the private key
>> > is associated with the certificate.
>> >
>> > Set Store = Server.CreateObject("CAPICOM.Store")
>> > Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,0
>> > Set Certificates =
>> > Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME,
>> > SubjectName)
>> >
>> > Response.Write("<br>Certificate found: " & Store.Certificates.Count)
>> >
>> > If Store.Certificates.Count > 0 then
>> > Set EnvelopedData = Server.CreateObject("CAPICOM.EnvelopedData")
>> > EnvelopedData.Recipients.Add Store.Certificates(1)
>> > Message = Request.QueryString("query")
>> > Response.write "<p>Encrypt= " & Message
>> > 'EnvelopedData.Decrypt Message <---ERROR HERE
>> > 'str_out = EnvelopedData.Content
>> > 'response.write "<p>Decrypt= " & str_out
>> > Else
>> > response.write "<P>Could not find certificate."
>> > End If

Relevant Pages

  • RE: MS EFS Question
    ... Leon, ... I tried to verify this in some of my MS books, ... Subject: MS EFS Question ... pretty sure that in the 2nd case it retains the encryption. ...
    (Security-Basics)
  • Re: Temporary FTP Server - Security
    ... Very secure if you use FTP over SSL and verify the certificate by telephone. ... Either you were forgetting or omitting the obvious: need for encryption, ...
    (comp.security.misc)
  • Re: Decryption applications
    ... That is no problem for a human-being, but an app has ... to find another way to verify that a keyword is right. ... But doesn't that make an encryption weak? ...
    (sci.crypt)
  • Re: online banking account
    ... To verify that your computer is using 128-bit encryption, ... click About Internet Explorer. ... The level of encryption on your computer appears next to the words Cipher Strength. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: CRC4 Abbreviation ???
    ... It's goal is to verify ... the integrity of a message for errors. ... > I am looking CRC4 stands for which abbreviation in encryption ... > using XOR operator and can retrieve the data vice versa. ...
    (sci.crypt)