2

I have written a BlackBerry app that RSA encrypts a message using PKCS1FormatterEngine. This outputs a ciphered message formatted in PKCS #1 v2.1

Here is a snippet of the message:

ç½.¦B¯€ü6Áùε"aYÅÂ7;«&â/Ѥ²•¨S.°.b7<iÔ½Œ.:.Ý&D‹±ì‰8.V•.Ä$‡ZAÜ.p.Ø}åÜ.uK.Æøæ

I already have the RSA private key in .NET but I can't seem to find a way to decrypt this.

Any ideas on classes I should use etc would be greatly appreciated.

jim
  • 7,748
  • 11
  • 71
  • 144

4 Answers4

1

Is there anything wrong with the standard RSAOAEPKeyExchangeDeformatter class ? if so then you should show us your code.

It's been in the .NET framework forever but was not available before Windows XP (e.g. Windows 2000) IIRC - but that should not be a huge problem today.

poupou
  • 43,007
  • 6
  • 74
  • 172
  • I'll have a look at that. I think I was able to solve my problem this evening. There were a number of issues. I have been using the RSACryptoServiceProvider class. And it's working fine. I'll be testing code over the weekend and post my results here. Thanks. – jim Mar 09 '12 at 00:31
  • `RSACryptoServiceProvider.Decrypt (array, true);` is using the same code internally. See Mono source code for reference: https://github.com/mono/mono/blob/master/mcs/class/corlib/System.Security.Cryptography/RSACryptoServiceProvider.cs#L167 – poupou Mar 09 '12 at 01:34
  • Cool, thanks. Strangest thing was that I could only get the above call to work when the second param was false. Shouldn't it be true because I'm using v2.1 not 1.5 ? – jim Mar 09 '12 at 12:02
  • It's normal that it did not work with `false` since it means pre-OAEP (PKCS# 1 **1.5**) while you encrypted with OAEP padding. Using `true` is the only way you can decrypt it correctly. – poupou Mar 09 '12 at 13:43
1

PKCS#1 v2.1 has two encryption modes: RSAES-OAEP and RSAES-PKCS1-V1_5.

RSAES-PKCS1-V1_5 was also included in earlier versions of the standard, so it is often also called PKCS#1 v.1.5. It is therefore not uncommon to refer to RSAES-OAEP as PKCS#1 v.2.1 - but it is incorrect and errorprone.

In the documentation for PKCS1FormatterEngine, RIM documents that it has implemented PKCS#1 according to PKCS#1 v.2.1, but do not explain whether they mean RSAES-OAEP or RSAES-PKCS1-V1_5.

But since you report that RSACryptoServiceProvider.Decrypt(array, false); works, I would conclude that they have implemented RSAES-PKCS1-V1_5. Just use that: it is the easiest way to decrypt RSAES-PKCS1-V1_5. Alternatively, you can use RSAPKCS1KeyExchangeDeformatter.

Rasmus Faber
  • 45,972
  • 20
  • 136
  • 184
  • Ah ok, thanks for pointing that out. One of the many curve balls i've encountered with BB API :) – jim Mar 09 '12 at 12:24
  • It's good somebody writes this stuff down, I would never expect somebody to point to PKCS#1 v2.1 for their PKCS#1 v1.5 signature formatter. It is misleading at best. – Maarten Bodewes Mar 14 '12 at 20:20
0

Bouncy Castle seems to be able to use OAEP mode of RSA encryption/decryption. Never tried it though, I'm only using the Java libs of Bouncy.

Ah, found an example, see the sample code on the bottom of the page:

http://www.go4expert.com/forums/showthread.php?t=24827

Maarten Bodewes
  • 80,169
  • 13
  • 121
  • 225
  • Ah ok. I had tried to refrain from using BouncyCastle but all my problems have invited solutions that propose using BouncyCastle so maybe i'll just have to give it a go. Thanks. – jim Mar 08 '12 at 17:30
  • I tried to look up solutions that used direct C# code, but all I found was crypto++ and openssl (for PSS, but you would expect both 2.1 PSS/OAEP together), so their seems to be few implementations out there. – Maarten Bodewes Mar 08 '12 at 18:06
0

I'm using the RSACryptoServiceProvider .NET class with the function Decrypt.

The first paramater is the encrypted data and the second, a boolean specifies which padding type to use.

True = OAEP padding (PKCS#1 v2.1) False = PKCS#1 v1.5

It is strange because my code worked when it set it the parameter to false. I'm pretty sure the cipher is in PKCS#1 v2.1 because i'm using this class from the BlackBerry SDK.

Quote from the API document:

We implemented the PKCS1 formatter engine as per the PKCS #1 version 2.1 document.

In any case, it works for me now. Hope this helps somebody else. :)

jim
  • 7,748
  • 11
  • 71
  • 144