Re: RSA Decryption with CryptoAPI, key in PEM format

Here is a little C# asn.1 decoder for SubjectPublicKeyInfo:
http://www.jensign.com/JavaScience/dotnet/pempublic
- Mitch

"lelteto" <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:90375C0B-59EC-4BD5-95EA-E97559D93E4C@xxxxxxxxxxxxxxxx
As Mitch explained, what you get after Base64 decoding is not the public
key
in the format CAPI understands. You will need to PARSE it, get the
modulus,
reverse the byte order, get the public exponent and put it into the pubexp
item. Your code blindly set the public exponent to 65537 - which is
USUALLY
the value, but not always. Some RSA public keys have public exponent = 17.
You should actually get the value (parse it) from the ASN1 format (the
data
you get after the base64 decoding). Never just "assume" that everybody
uses
the 65537 public exponent.

Laszlo Elteto
SafeNet, Inc.

/ps. Yes, I know it is a pain to parse ASN1; and CAPI doesn't help in
that.
You should look into open source to get an ASN1 parser; or you can write
your
own - as for this you would only need to find two items./

"ArcibaldWearlot" wrote:

Yes, if you look at my code I create the public key BLOB with the format
described in this page
http://msdn2.microsoft.com/en-us/library/aa387459.aspx
and I pass this key BLOB to CryptAcquireContext().
I reversed the byte order of the key modulus as you suggested, but
CryptDecrypt() still fails with the same error code.
What do you mean when you say that the public exponent must be converted
to
DWORD?

"lelteto" wrote:

It's not simply byte ordering. CryptImportKey needs a well-defined
PUBLICKEYBLOB format which is a C struct with several elements. eg. the
public exponent must be converted to DWORD. And you are correct that
the RSA
modulus value (byte string) has to be reversed (byte order) as openssl
uses
big endian byte order while CAPI uses little endian byte order.
You will need to get the PEM format to pick the modulus and public
exponent
from your input (after Base64 decoded), only THEN you can reverse the
modulus
byte order and put the public exponent into DWORD format.

seee http://msdn2.microsoft.com/en-us/library/ms938453.aspx and
http://msdn2.microsoft.com/en-us/library/ms938465.aspx

Laszlo Elteto
SafeNet, Inc.


.

Relevant Pages

  • Help with OpenSSL RSA
    ... I'm writing a little code to do some RSA stuff and I need to extract the ... public exponent and modulus for passing to a browser that will use them ... I can't find suitable documentation so I don't know what method ...
    (comp.lang.ruby)
  • Re: Help with OpenSSL RSA
    ... I'm writing a little code to do some RSA stuff and I need to extract the ... public exponent and modulus for passing to a browser that will use them ... I can't find suitable documentation so I don't know what method ...
    (comp.lang.ruby)
  • Re: is it sufficient to solve factoring problem
    ... an RSA key pair with a 100 bit long modulus. ... private exponent 'd' = 419137041797792997701877718877 ...
    (sci.crypt)
  • Re: is it sufficient to solve factoring problem
    ... Christian Siebert a écrit: ... an RSA key pair with a 100 bit long modulus. ...
    (sci.crypt)
  • Re: Hash of Public key
    ... I understand that I have to add request to device which format it use to ... calculate hash and meanwhile I support for modulus + exponent (because they ... > LOL ...
    (microsoft.public.security)