.Net & Java - RSA Encryption/Decryption Problem.

From: Ali Khawaja (alikha_at_gmail.com)
Date: 09/28/04 

Date: 28 Sep 2004 10:08:15 -0700

I am encrypting some text using java bouncyCastle RSA provider, and
trying to decrypt using .Net.

I was given a pfx file. I installed it in my system's certificate
store. Then I exported the public key in an x509 certificate, used
that in my java code to encrypt the data and write it to a file as
follows:
----------------------------------------
InputStream inStream = getClass().getResourceAsStream("pubkey.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (X509Certificate)cf.generateCertificate(inStream);

String info = "Hello how are you"; // string to encode
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
rsaCipher.init(Cipher.ENCRYPT_MODE, cert);
byte[] encryptedData = rsaCipher.doFinal(info.getBytes());

FileOutputStream fos = new FileOutputStream(encfilePath,false);
fos.write(encryptedData);
fos.close();
------------------------------------------
If I print the public key from java code after creating the
certificate, its same as the public key of the certificate in my
system's certificate store.

After writing the encyrpted data to a file, I try to open the file and
decrypt using the certificate. I have tried three different ways.

-----CAPICOM -----------
First, I tried CAPICOM, and it said "ASN1 bad tag value met."

CAPICOM.EnvelopedData env = new CAPICOM.EnvelopedDataClass();
Certificate cert = GetCAPICertificate();
env.Recipients.Add(cert);
env.Decrypt(txtEncryptedData.Text);

GetCAPICertificate is my method that gets the Certificate from system
certificate store. i have made sure that the certificate is the
correct one.

I opened the encoded file in asndump utitlity and it did not complain
about anything. Following is the output:

File: H:\Documents and Settings\Ali\.coltencrypted
Time: 11:51:41, 09/28/2004
---------------------------------------------------------------------
<51 0F>
[APPLICATION 17]
  07 93 A2 EF 30 74 39 81 ....0t9.
  77 9C AD F3 DE B7 DA w......

---------------------------------------------------------------------

Second thing I tried was to use Security Guru Mitch Gallant's pfxopen
utility, that allows you to load a pfx file in a keycontainer, and
initialize RSA using CSP that is initialized by that keycontainer. It
throws an exception saying:

Bad Data at
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh
.. System.Security.Cryptography.RSACryptoServiceProvider .....
at CertTestApp.CryptoForm.DecryptUsingPfx() in
h:\projects\colt\certtestapp\form1.cs:line 311

Here's the code:
                
string pfxfilename = @"H:\Projects\Colt\cert\ColtPOSCert_0924.pfx";
string pwd = string.Empty;
PfxOpen pfx = new PfxOpen();
pfx.LoadPfx(pfxfilename,ref pwd);
                                
CspParameters csp = new CspParameters();
csp.KeyContainerName = pfx.container;
csp.KeyNumber = 1;
                                
Stream stream = new FileStream(@"H:\Documents and
Settings\Ali\.coltencrypted",FileMode.Open);
int datalen = (int)stream.Length;
byte[] filebytes = new byte[datalen];
stream.Seek(0,SeekOrigin.Begin);
stream.Read(filebytes,0,datalen);
stream.Close();

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
byte[] decryptedData = rsa.Decrypt(filebytes,false);
------------------------------------------------------------------

Finally I tried WSE 2.0: I probed the certifcates in the system
certifcate store, and got the certificate that i needed to decrypt. it
has a very nice method on the certificate to export the parameters
including the private ones in a CSPParameters object, after which you
can import them in the RSACryptoServiceProvider. That failed also
*sigh*, saying that

Export of private parameters is not supported
   at Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean
includePrivateParameters)

My code was:

RSAParameters coltParams = certificate.Key.ExportParameters(true);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(coltParams);

It just failed at the very first line saying export of private
parameters is not supported. Tooltip on the method says that "When
overriden in a derived class, exports the RSA parameters ...".

------------------------------------------------

So i am kinda stuck. i am not too good with security, but i am
obviously missing something. sorry for the long post, but i'll really
appreciate any help.

Thanks
Ali
alikha@gmail.com

Relevant Pages

  • Re: Certificates Q
    ... at the certificate, the subject's public key field shows ... when they designed the industry standard way to transport RSA public ... we never need to encode ...
    (sci.crypt)
  • Re: importing public key from X509 certificate
    ... In .NET 1.1 there is no connection between RSA and certificates. ... Dominick Baier, DevelopMentor ... I wanted some help for "How to import public key from X509 certificate ... crypyto service provider and i dont know how to connect RSA ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: .Net & Java - RSA Encryption/Decryption Problem.
    ... Then I exported the public key in an x509 certificate, ... > that in my java code to encrypt the data and write it to a file as ... > decrypt using the certificate. ... > initialize RSA using CSP that is initialized by that keycontainer. ...
    (microsoft.public.platformsdk.security)
  • Re: importing public key into RSA object
    ... the params over to the RSA CSP. ... to access Windows certificate stores. ... > to encrypt data that will be decrypted using an existing java ... > decrypting using Java? ...
    (microsoft.public.dotnet.security)
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... > EFS is allowing the RA to decrypt 200 files that were encrypted BEFORE an RA ... > encryption to get the RA to decrypt encrypted files. ... the default RA certificate was used. ... certificate and private key only when needed). ...
    (microsoft.public.windowsxp.security_admin)