2

I crypt a string text with use of Crypto++, but when want to decrypt it by C# RSA crypto service provider I have an exception.

My code produces same cipher string when encrypt a same string with constant public key by Crypto++ in several time, while there are different results (cipher string) with use of C# RSA crypto service provider.

Is main reason of this problem (run-time error) related to different type of RSA?

My encryption code using Crypto++ is in below:

string message((char*)"hi", 2);
Integer messageInteger((const byte *)message.data(), message.size());
Integer cipherMessage = hostPublicKey.ApplyFunction(messageInteger);
size_t len = cipherMessage.MinEncodedSize();
string str;
str.resize(len);
cipherMessage.Encode((byte *)str.data(), str.size(), Integer::UNSIGNED);

And the Crypto++ decryption code is:

Integer cipherMessage1((byte *)str.data(), str.size());
int size1 = cipherMessage1.ByteCount();
Integer plainInteger = privateKey.CalculateInverse(prng, cipherMessage1);
string recovered;
size_t req = plainInteger.MinEncodedSize();
recovered.resize(req);
plainInteger.Encode((byte *)recovered.data(), recovered.size());

the encryption and decryption operations are done well in same side, but there is mentioned problem in decryption operation in other side.

jww
  • 97,681
  • 90
  • 411
  • 885
M.Parker
  • 45
  • 6
  • 2
    The Crypto++ code you show above appears to be ["Raw RSA"](https://www.cryptopp.com/wiki/Raw_RSA). It's easy to shoot yourself in the foot, so be very careful. *" C# RSA crypto service provider..."* - You should show your code, but I suspect you are performing PKCS 1.5 encryption or similar. RSA Exponentiation (what you are doing in Crypto++) and RSA Encryption using PKCS 1.5 (what you are doing in C#) are not compatible. – jww Jan 25 '17 at 10:37
  • 1
    *" while there are different results (cipher string) with use of C# RSA crypto service provider...."* - Yep, PKCS 1.5 uses random padding. Each encryption will look different, even under the same key with the same message. – jww Jan 25 '17 at 10:41
  • 3
    @jww is completely right. Your Crypto++ should be replaced directly. You cannot test encryption by expecting a certain ciphertext, as a cipher should always perform randomization of the ciphertext. Raw RSA is vulnerable against a [whole host of attacks](http://crypto.stackexchange.com/q/20085/1172). C# can either use OAEP or PKCS#1 v1.5 padding, but if you're designing anew, choose OAEP and don't forget to sign your messages to protect integrity and authenticity. Or better: hire a professional to do this for you as the security of the system seems at risk. – Maarten Bodewes Jan 25 '17 at 10:48
  • Related, see [Load ASN.1/DER encoded RSA keypair in C#](http://stackoverflow.com/q/42175485/608639). It shows you how to load a key generated in Crypto++ into C#. – jww Feb 13 '17 at 03:17

1 Answers1

1

for encryption use this code:

    RSAES_OAEP_SHA_Encryptor e(publicKey);
    string cipher;
    StringSource stringSource(message, true,
        new PK_EncryptorFilter(rng, e,
            new StringSink(cipher)
        )
    );

and decryption:

    RSAES_OAEP_SHA_Decryptor d(privateKey);
    StringSource stringSource(cipher, true,
        new PK_DecryptorFilter(rng, d,
            new StringSink(recovered)
        )
    );
mohammad madani
  • 868
  • 9
  • 18
  • Also see [RSA Cryptography](https://www.cryptopp.com/wiki/RSA_Cryptography) and [RSA Encryption Schemes](https://www.cryptopp.com/wiki/RSA_Encryption_Schemes) on the Crypto++ wiki. – jww Feb 13 '17 at 03:14