Use .NET RSACryptoServiceProvider for encryption and let OpenSSL decrypt

Fri, 05 Sep 2008 11:00:37 -0700 

I want to write a .NET client that sends an encrypted message to a server 
written in C with OpenSSL crypto library, and decrypt the message there.
I use RSA with PKCS1 padding. I have managed to get that to work for C 
clients using crypto library, Java clients using standard 1.5 library 
classes.

The .NET client uses a public key generated by the server that uses 
OpenSSL crypto library.
The c.NET lient encrypts without error.
But the server cannot decrypt the sequence from the .NET client:
error:2006E079:BIO routines:BIO_puts:unsupported method
 
I see 3 possible sources of error in my code. 
1. How big is the chance that the public key encoded by the server for the 
.NET client is not correct even so it is accepted by the .NET client 
without error?
2. The way how I encode the encrypted sequence in the .NET client is 
wrong? That would be an obvious reason for the error during decryption. 
3. There are 2 different versions of PKCS1 padding used in .NET and the C 
crypto library? From documentation I got the impression that it fits.

To test the scenario  I use the J# code at the end of this mail. First I 
made sure that encryption / decryption works in J# alone.
To get the public key generated with OpenSSL into a format that can be 
used in .NET I use the following crypto library calls:

    BIO *b64, *out, *wbio;
    b64 = BIO_new(BIO_f_base64());
    out = BIO_new(BIO_s_file());
    BIO_set_fp(out,stdout,BIO_NOCLOSE);
    wbio=BIO_push(b64,out);

    int val[1] = {65537};
    char *buf = (char*) val;
    BIO_write(wbio, val, 3);  /* exponent, only 3 bytes written */
    (void)BIO_flush(wbio);
    BIO_write(wbio, rsa_public->n->d, 128); /* modulus */
    (void)BIO_flush(wbio);

The result I put into the XML format that .NET expects.

The server decrypts the password with the same private key used to 
generate the public key:
        retval = RSA_private_decrypt(RSA_size(rsa_private), 
encryptedPasswordCharArrayfromNetClient, cleartext-output, rsa_private, 
RSA_PKCS1_PADDING);

I tested my code so that encryption /  decryption works in the C code 
using OpenSSL crypto library, latest version.
I tested my J# code so that encryption /  decryption works using standard 
.NET class  for RSA.
I have trouble to get the two together. If I use RSA_private_decrypt with 
a byte sequence created from the .NET client I get the error:
Error: 537321593
error:2006E079:BIO routines:BIO_puts:unsupported method

Debugging shows that the error is returned from crypto library when it 
checks the used padding:
    case RSA_PKCS1_PADDING:
        r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);



The .NET J# client code:

package RSAEncryption.java;

import System.*;
import System.Security.Cryptography.*;
import System.Text.*;

class RSASample
{
    public static void main(String[] args)
    {
        try {
            // Create a UnicodeEncoder to convert between byte array and 
string.
            UnicodeEncoding byteConverter =  new UnicodeEncoding();
            ubyte unicodeDataToEncrypt[] = 
byteConverter.GetBytes("myPassword!");

            Encoding ascii = Encoding.get_ASCII();
            Encoding unicode = Encoding.get_Unicode();
            ubyte dataToEncrypt[] = Encoding.Convert(unicode, ascii, 
unicodeDataToEncrypt);
            
            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

            String publicRSAKeyXML = 
"<RSAKeyValue><Modulus>h...deleted...0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
            rsa.FromXmlString(publicRSAKeyXML);

            RSAParameters rsaParameter = rsa.ExportParameters(false);

            // 3. parameter: a boolean flag specifying no OAEP padding.
            ubyte [] encryptedData = RSAEncrypt(dataToEncrypt, 
rsaParameter, false);

    // Display the encrypted sequence to the console. 
    System.out.print("static signed char 
encryptedPasswordStringfromNetClient[] = {");
    for (int i = 0; i < encryptedData.length; i++)
    {
        if (i % 16 == 0)
        {
            System.out.println("");
            System.out.print("    ");
        }
        System.out.print((byte)encryptedData[i] + ", ");
    }
    System.out.println("\n};");
            
        }
        catch (ArgumentNullException exp) {
            //Catch this exception in case the encryption did
            //not succeed.
            Console.WriteLine("Encryption failed.");
        }
    } //main 

    public static ubyte[] RSAEncrypt(ubyte dataToEncrypt[], 
        RSAParameters rsaKeyInfo, boolean doOaepPadding) 
    {
        try {
            // Create a new instance of RSACryptoServiceProvider.
            RSACryptoServiceProvider rsa =  new 
RSACryptoServiceProvider();
            
            // Import the rsa Key information. This only needs
            // to include the public key information.
            rsa.ImportParameters(rsaKeyInfo);
            
            // Encrypt the passed byte array and specify OAEP padding.  
            // OAEP padding is only available on Microsoft Windows XP or
            // later.  
            return rsa.Encrypt(dataToEncrypt, doOaepPadding);
        }
        // Catch and display a CryptographicException  
        // to the console.
        catch (CryptographicException e) {
            Console.WriteLine(e.get_Message());
            return null ;
        }
    } //RSAEncrypt

} //RSASample

Reply via email to