none
C# Crypto Asymmetric w/ RSA? Need to encrypt in PHP using Openssl. Confused on certificates! RRS feed

  • Question

  • I need to be able to encrypt data in PHP using a public key with openssl.  I will then decrypt the data later in C# using the private key.

    I was able to get as far as the RSA provider, and generating an XML formatted keyfile.. but this doesn't work under PHP.  It needs an X509 or PEM file, and not DER.  Unfortunately, I don't know enough of the details on how all of this works ... and google isn't being very helpful at the moment, as most of the search results do not fit my needs very well, and the MSDN documentation is lacking [ focuses on cert store, xml data, etc.].

    I would like to generate a portable private key *file*, a portable public key *file*.
    I would like to place the public key file on my PHP/Apache server, use openssl to read the key and encrypt data

    From PHP openssl manual:
    • Certificates

      1. An X.509 resource returned from openssl_x509_read()
      2. A string having the format file://path/to/cert.pem; the named file must contain a PEM encoded certificate
      3. A string containing the content of a certificate, PEM encoded
    I would like to decrypt the data under C#/.NET on machines with the private key file.
    I am not interested in using certificate stores? - I would like to just have the private key in a file ?

    I'm sorry if I'm confused, or what I want isn't the "right way" to do it.  If you have any suggestions, I'm open enough to hear them.  On the file vs. cert store issue, I need it to be easy/portable, as I may not have access to install certificates on the .NET machines, and reading in a file is simple/doable.

    I just need to know what resources are the right ones. Smile

    Thank you!

    - Matthew
    Wednesday, April 9, 2008 3:19 AM

Answers

  • Well. I did manage to solve the problem, after far to many hours working on it. Eventually I found the right "piece" of info that was the catalyst to solving this.

    Solution:
    I had to use X509 certificates.
    This Blog Post Helped with Makecert
    That blog explained how to make the certs, etc. I created them, then exported it twice - one into a BASE-64 encoded public key format, and one into PKCS#12 PFX format for the private key.

    I sent the public key to the PHP server, and it worked using openssl routines for the encryption. I then copied the returned BASE64 string (I converted it) to my C# app. I plugged it in.. and came up with something similar to the following:

    X509Certificate2 myCert2 = new X509Certificate2(@"C:\mycerts\myprivatekeyfile.pfx");

    RSACryptoServiceProvider rsa1 = (RSACryptoServiceProvider)myCert2.PrivateKey;
    byte[] plain = rsa1.Decrypt(Convert.FromBase64String(decryptDataInBase64),false);
    MessageBox.Show(System.Text.Encoding.UTF8.GetString(plain));

    I read it in using X509Certificate2, created a new RSACryptoServiceProvider, and read out the private key from the X509Cert object.. turns out its castable.

    So, that's how I solved it!! Any comments [other than on the messy sloppy code] on the methods ?

    Thanks,

    - Matthew
    Wednesday, April 9, 2008 5:38 PM

All replies

  • Well. I did manage to solve the problem, after far to many hours working on it. Eventually I found the right "piece" of info that was the catalyst to solving this.

    Solution:
    I had to use X509 certificates.
    This Blog Post Helped with Makecert
    That blog explained how to make the certs, etc. I created them, then exported it twice - one into a BASE-64 encoded public key format, and one into PKCS#12 PFX format for the private key.

    I sent the public key to the PHP server, and it worked using openssl routines for the encryption. I then copied the returned BASE64 string (I converted it) to my C# app. I plugged it in.. and came up with something similar to the following:

    X509Certificate2 myCert2 = new X509Certificate2(@"C:\mycerts\myprivatekeyfile.pfx");

    RSACryptoServiceProvider rsa1 = (RSACryptoServiceProvider)myCert2.PrivateKey;
    byte[] plain = rsa1.Decrypt(Convert.FromBase64String(decryptDataInBase64),false);
    MessageBox.Show(System.Text.Encoding.UTF8.GetString(plain));

    I read it in using X509Certificate2, created a new RSACryptoServiceProvider, and read out the private key from the X509Cert object.. turns out its castable.

    So, that's how I solved it!! Any comments [other than on the messy sloppy code] on the methods ?

    Thanks,

    - Matthew
    Wednesday, April 9, 2008 5:38 PM
  • Hi ,

     

    i am new in openssl

    can you send me the C# app on urgent basis

    Wednesday, July 8, 2009 7:23 PM