Re: .Net & Java - RSA Encryption/Decryption Problem.
From: Ali Khawaja (akhawaja_at_sbcglobal.net)
Date: 09/29/04
- Next message: Rhett Gong [MSFT]: "Re: CryptAcquireContext fails with error 6 (The handle is invalid)"
- Previous message: Rhett Gong [MSFT]: "RE: LogOn User Fails 1327"
- In reply to: Valery Pryamikov: "Re: .Net & Java - RSA Encryption/Decryption Problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 05:41:07 GMT
I saw that articles, but i got it figured out, finally. i used Mitch's
pfxopen wrapper. the problem was that i was passing an emtpy string as
the password whereas the cert had a password set. instead of using java
this time, i tried to put both encrypt/decrypt inside .net app to make
sure that is working and thats where i figured out that i am not using
the proper password.
i want to get the other ones to work also because i dont want to have a
pfx file in the file system. and by the way, can you shed some light?
what would be a problem of using pfx directly from a file system as
opposed to loading it from the certificate store?
thanks much
ali
Valery Pryamikov wrote:
> Have you checked that link on Mitch's site:
> http://www.jensign.com/JavaScience/dotnet/RSAEncrypt/index.html
>
> -Valery.
> http://www.harper.no/valery
>
> "Ali Khawaja" <alikha@gmail.com> wrote in message
> news:f99ae6b7.0409280908.c3aed8a@posting.google.com...
>
>>I am encrypting some text using java bouncyCastle RSA provider, and
>>trying to decrypt using .Net.
>>
>>I was given a pfx file. I installed it in my system's certificate
>>store. Then I exported the public key in an x509 certificate, used
>>that in my java code to encrypt the data and write it to a file as
>>follows:
>>----------------------------------------
>>InputStream inStream = getClass().getResourceAsStream("pubkey.cer");
>>CertificateFactory cf = CertificateFactory.getInstance("X.509");
>>cert = (X509Certificate)cf.generateCertificate(inStream);
>>
>>String info = "Hello how are you"; // string to encode
>>Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
>>rsaCipher.init(Cipher.ENCRYPT_MODE, cert);
>>byte[] encryptedData = rsaCipher.doFinal(info.getBytes());
>>
>>FileOutputStream fos = new FileOutputStream(encfilePath,false);
>>fos.write(encryptedData);
>>fos.close();
>>------------------------------------------
>>If I print the public key from java code after creating the
>>certificate, its same as the public key of the certificate in my
>>system's certificate store.
>>
>>After writing the encyrpted data to a file, I try to open the file and
>>decrypt using the certificate. I have tried three different ways.
>>
>>-----CAPICOM -----------
>>First, I tried CAPICOM, and it said "ASN1 bad tag value met."
>>
>>CAPICOM.EnvelopedData env = new CAPICOM.EnvelopedDataClass();
>>Certificate cert = GetCAPICertificate();
>>env.Recipients.Add(cert);
>>env.Decrypt(txtEncryptedData.Text);
>>
>>GetCAPICertificate is my method that gets the Certificate from system
>>certificate store. i have made sure that the certificate is the
>>correct one.
>>
>>I opened the encoded file in asndump utitlity and it did not complain
>>about anything. Following is the output:
>>
>>File: H:\Documents and Settings\Ali\.coltencrypted
>>Time: 11:51:41, 09/28/2004
>>---------------------------------------------------------------------
>><51 0F>
>>[APPLICATION 17]
>> 07 93 A2 EF 30 74 39 81 ....0t9.
>> 77 9C AD F3 DE B7 DA w......
>>
>>---------------------------------------------------------------------
>>
>>Second thing I tried was to use Security Guru Mitch Gallant's pfxopen
>>utility, that allows you to load a pfx file in a keycontainer, and
>>initialize RSA using CSP that is initialized by that keycontainer. It
>>throws an exception saying:
>>
>>Bad Data at
>>System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh
>>.. System.Security.Cryptography.RSACryptoServiceProvider .....
>>at CertTestApp.CryptoForm.DecryptUsingPfx() in
>>h:\projects\colt\certtestapp\form1.cs:line 311
>>
>>Here's the code:
>>
>>string pfxfilename = @"H:\Projects\Colt\cert\ColtPOSCert_0924.pfx";
>>string pwd = string.Empty;
>>PfxOpen pfx = new PfxOpen();
>>pfx.LoadPfx(pfxfilename,ref pwd);
>>
>>CspParameters csp = new CspParameters();
>>csp.KeyContainerName = pfx.container;
>>csp.KeyNumber = 1;
>>
>>Stream stream = new FileStream(@"H:\Documents and
>>Settings\Ali\.coltencrypted",FileMode.Open);
>>int datalen = (int)stream.Length;
>>byte[] filebytes = new byte[datalen];
>>stream.Seek(0,SeekOrigin.Begin);
>>stream.Read(filebytes,0,datalen);
>>stream.Close();
>>
>>RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
>>byte[] decryptedData = rsa.Decrypt(filebytes,false);
>>------------------------------------------------------------------
>>
>>Finally I tried WSE 2.0: I probed the certifcates in the system
>>certifcate store, and got the certificate that i needed to decrypt. it
>>has a very nice method on the certificate to export the parameters
>>including the private ones in a CSPParameters object, after which you
>>can import them in the RSACryptoServiceProvider. That failed also
>>*sigh*, saying that
>>
>>Export of private parameters is not supported
>> at
>>Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean
>>includePrivateParameters)
>>
>>My code was:
>>
>>RSAParameters coltParams = certificate.Key.ExportParameters(true);
>>RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
>>rsa.ImportParameters(coltParams);
>>
>>It just failed at the very first line saying export of private
>>parameters is not supported. Tooltip on the method says that "When
>>overriden in a derived class, exports the RSA parameters ...".
>>
>>------------------------------------------------
>>
>>So i am kinda stuck. i am not too good with security, but i am
>>obviously missing something. sorry for the long post, but i'll really
>>appreciate any help.
>>
>>Thanks
>>Ali
>>alikha@gmail.com
>
>
>
- Next message: Rhett Gong [MSFT]: "Re: CryptAcquireContext fails with error 6 (The handle is invalid)"
- Previous message: Rhett Gong [MSFT]: "RE: LogOn User Fails 1327"
- In reply to: Valery Pryamikov: "Re: .Net & Java - RSA Encryption/Decryption Problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
