Re: .Net & Java - RSA Encryption/Decryption Problem.

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 19:15:33 +0200

Have you checked that link on Mitch's site:
http://www.jensign.com/JavaScience/dotnet/RSAEncrypt/index.html

-Valery.
http://www.harper.no/valery

"Ali Khawaja" <alikha@gmail.com> wrote in message
news:f99ae6b7.0409280908.c3aed8a@posting.google.com...
>I am encrypting some text using java bouncyCastle RSA provider, and
> trying to decrypt using .Net.
>
> I was given a pfx file. I installed it in my system's certificate
> store. Then I exported the public key in an x509 certificate, used
> that in my java code to encrypt the data and write it to a file as
> follows:
> ----------------------------------------
> InputStream inStream = getClass().getResourceAsStream("pubkey.cer");
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> cert = (X509Certificate)cf.generateCertificate(inStream);
>
> String info = "Hello how are you"; // string to encode
> Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
> rsaCipher.init(Cipher.ENCRYPT_MODE, cert);
> byte[] encryptedData = rsaCipher.doFinal(info.getBytes());
>
> FileOutputStream fos = new FileOutputStream(encfilePath,false);
> fos.write(encryptedData);
> fos.close();
> ------------------------------------------
> If I print the public key from java code after creating the
> certificate, its same as the public key of the certificate in my
> system's certificate store.
>
> After writing the encyrpted data to a file, I try to open the file and
> decrypt using the certificate. I have tried three different ways.
>
> -----CAPICOM -----------
> First, I tried CAPICOM, and it said "ASN1 bad tag value met."
>
> CAPICOM.EnvelopedData env = new CAPICOM.EnvelopedDataClass();
> Certificate cert = GetCAPICertificate();
> env.Recipients.Add(cert);
> env.Decrypt(txtEncryptedData.Text);
>
> GetCAPICertificate is my method that gets the Certificate from system
> certificate store. i have made sure that the certificate is the
> correct one.
>
> I opened the encoded file in asndump utitlity and it did not complain
> about anything. Following is the output:
>
> File: H:\Documents and Settings\Ali\.coltencrypted
> Time: 11:51:41, 09/28/2004
> ---------------------------------------------------------------------
> <51 0F>
> [APPLICATION 17]
> 07 93 A2 EF 30 74 39 81 ....0t9.
> 77 9C AD F3 DE B7 DA w......
>
> ---------------------------------------------------------------------
>
> Second thing I tried was to use Security Guru Mitch Gallant's pfxopen
> utility, that allows you to load a pfx file in a keycontainer, and
> initialize RSA using CSP that is initialized by that keycontainer. It
> throws an exception saying:
>
> Bad Data at
> System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh
> .. System.Security.Cryptography.RSACryptoServiceProvider .....
> at CertTestApp.CryptoForm.DecryptUsingPfx() in
> h:\projects\colt\certtestapp\form1.cs:line 311
>
> Here's the code:
>
> string pfxfilename = @"H:\Projects\Colt\cert\ColtPOSCert_0924.pfx";
> string pwd = string.Empty;
> PfxOpen pfx = new PfxOpen();
> pfx.LoadPfx(pfxfilename,ref pwd);
>
> CspParameters csp = new CspParameters();
> csp.KeyContainerName = pfx.container;
> csp.KeyNumber = 1;
>
> Stream stream = new FileStream(@"H:\Documents and
> Settings\Ali\.coltencrypted",FileMode.Open);
> int datalen = (int)stream.Length;
> byte[] filebytes = new byte[datalen];
> stream.Seek(0,SeekOrigin.Begin);
> stream.Read(filebytes,0,datalen);
> stream.Close();
>
> RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
> byte[] decryptedData = rsa.Decrypt(filebytes,false);
> ------------------------------------------------------------------
>
> Finally I tried WSE 2.0: I probed the certifcates in the system
> certifcate store, and got the certificate that i needed to decrypt. it
> has a very nice method on the certificate to export the parameters
> including the private ones in a CSPParameters object, after which you
> can import them in the RSACryptoServiceProvider. That failed also
> *sigh*, saying that
>
> Export of private parameters is not supported
> at
> Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean
> includePrivateParameters)
>
> My code was:
>
> RSAParameters coltParams = certificate.Key.ExportParameters(true);
> RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
> rsa.ImportParameters(coltParams);
>
> It just failed at the very first line saying export of private
> parameters is not supported. Tooltip on the method says that "When
> overriden in a derived class, exports the RSA parameters ...".
>
> ------------------------------------------------
>
> So i am kinda stuck. i am not too good with security, but i am
> obviously missing something. sorry for the long post, but i'll really
> appreciate any help.
>
> Thanks
> Ali
> alikha@gmail.com

Relevant Pages

  • .Net & Java - RSA Encryption/Decryption Problem.
    ... I was given a pfx file. ... Then I exported the public key in an x509 certificate, ... decrypt using the certificate. ... initialize RSA using CSP that is initialized by that keycontainer. ...
    (microsoft.public.platformsdk.security)
  • Re: HTTPS web service connection errors
    ... Last week the hosts of the web service installed a new signed ... As soon as they installed the new certificate, ... Java web app stopped working. ... your Java installation does not have the key to validate it. ...
    (comp.lang.java.programmer)
  • Re: How to exchange certificate ?
    ... Note that the emphasis in CryptoAPI is on CMS/PKCS#7 Enveloped Data ... Are you specifying the correct certificate and store of the recipient after ... If you want to compare with Java you should really be comparing Java against ... > this certificate to be able to use it to encrypt a message back. ...
    (microsoft.public.platformsdk.security)
  • Re: This certificate is Invalid
    ... grant/accept to give it permission to set your pc's hardware clock. ... Even if Java Web Start complains that the certificate used to sign ... you can get thawte email certificate for free. ...
    (comp.lang.java.advocacy)
  • Re: Connect AD Server 636 to access LDAP SSL
    ... Because i was able to install the cert to the keystore of java and was ... The problem is with windows certificate ... ...
    (microsoft.public.windows.server.active_directory)