locked
RSA Encryption using X509Certificate2 - help RRS feed

  • Question

  • I'm trying to use certificates to encode and decode a string, I have exported the cert to bothe PFX and CER(DER) files.  The encryption works but the decryption gets a "Bad Key" error.  Can anyone tell me where I'm going wrong?

     

    Dim x509_all As X509Certificate2 = New X509Certificate2("d:\test.pfx", "test", X509KeyStorageFlags.Exportable)

    Dim x509_pub As X509Certificate2 = New X509Certificate2("d:\test.cer")

     

    Dim RSA As RSACryptoServiceProvider = New RSACryptoServiceProvider

     

    RSA.FromXmlString(x509_pub.PublicKey.Key.ToXmlString(False))

    txtCipherText.text = Encoding.UTF8.GetString(RSA.Encrypt(Encoding.UTF8.GetBytes(txtClearText.Text), False))

     

    RSA.Clear()

     

    RSA.FromXmlString(x509_all.PrivateKey.ToXmlString(False))

    txtUnEncrypted.Text = Encoding.UTF8.GetString(RSA.Decrypt(Encoding.UTF8.GetBytes(txtCipherText.Text), False))

     

    If I switch it around and use the private key first I get the following on the decrypt "The data to be decrypted exceeds the maximum for this modulus of 128 bytes." (or 256 bytes depending of cert key length 1024 or 2048)

     

    Dim x509_all As X509Certificate2 = New X509Certificate2("d:\test.pfx", "test", X509KeyStorageFlags.Exportable)

    Dim x509_pub As X509Certificate2 = New X509Certificate2("d:\test.cer")

     

    Dim RSA As RSACryptoServiceProvider = New RSACryptoServiceProvider

     

    RSA.FromXmlString(x509_all.PrivateKey.ToXmlString(False))

    txtCipherText.text = Encoding.UTF8.GetString(RSA.Encrypt(Encoding.UTF8.GetBytes(txtClearText.Text), False))

     

    RSA.Clear()

     

    RSA.FromXmlString(x509_pub.PublicKey.Key.ToXmlString(False))

    txtUnEncrypted.Text = Encoding.UTF8.GetString(RSA.Decrypt(Encoding.UTF8.GetBytes(txtCipherText.Text), False))

     

    Any suggestions/thoughts as to what I'm doing wrong and what needs to be done to make this work?

     

    Iain

    Tuesday, January 15, 2008 7:11 PM

Answers

  • 123friend,

     

    Based on your post, there are two errors when you try to encrypt/decrypt the string using RSA and X509Certificate2 class. I tried to reproduce the problem in a Windows Form application with two buttons and three TextBox with the pfx, cer files. I would like to provide you the suggestions as follows:

     

    1. Before you write Encryption/Decryption, you must ensure your have generated valid certificate with having private key option. and can be achieved by following command.

     

    makecert -r -pe -n "CN=MyTestServer" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

     

    Please take a look at the following article and try to use the example from Code Project:

     

    Data Encryption/Decryption using RSACryptoServiceProvider and X509Certificate2

     

    2. The following article written by Dominick Baier can help you understand much better on this kind of problems:

     

    Support Certificates In Your Applications With The .NET Framework 2.0

     

    Certificates are used in various places in the .NET Framework, and at some level all of this functionality relies on the X509Certificate class from the System.Security.X509Certificates namespace. If you take a closer look, you'll also find a certificate class ending with a 2. This is because the .NET Framework 1.x had a representation of X.509 certificates called X509Certificate. This class had limited functionality and no support for cryptographic operations. In version 2.0, a new class was added called X509Certificate2. This is derived from X509Certificate and adds many capabilities. You can convert back and forth between them as necessary, but whenever possible you should use the latest version.

     

    Hope that can help you.

     

    Monday, January 21, 2008 3:16 AM