0

i've HUAWEI E8372 (LTE Wingle). I want to use the WEB API to control some settings. WEB API is HTTP but encrypted with RSA POST/GET messages

At this moment i can get the SESSION TOKEN and PUBLIC RSA KEY for data exhchage.

But i'm unable to encrypt data with this public RSA key.

This is the public RSA that you can get from {modem_ip}/api/webserver/publickey.

<?xml version="1.0" encoding="UTF-8"?>
<response>
<encpubkeyn>badee4e0554786797c0338bff35b80f68644c8cd96ccffd1b0f1f1558c885f237212e6499a91be2e578ee97418dac79aff85f871f38579fdc9b597aa50ad6b60dbc04a84f739647d6854881667688152c6686e715853a1adb2e5181a2ec38f86a6220e2cb30c9efab33fc453b78f0eb38a078b9c22d13b23969717b251bce6614f1c4a57decc0389ccb365ee6313f1b9fd82fc7872dd896c04518f765e7c02fa319d2f80bb2c3fc8cf615b5016ac8925ff299680b9e25ec996bb4a25cb045cc25bafd17b1d3648fbf3a69d5131b851d10e220b9f63f206db01debef0fa086cc0cf8fe816c83aac5232bbf0bda2335339556a0752f204ba3c18bdf4487b1ddbcb</encpubkeyn>
<encpubkeye>010001</encpubkeye>
</response>

when i'm trying to convert it for RSA.FromXmlString(String) - bad data exception

see the following C# RSA FromXmlString() BadData Exception

TheAccessMan
  • 133
  • 10
  • 1
    Hard to reproduce without code. In the linked question the strings are encoded with ASCII encoding. But in your example they are to be interpreted as hexadecimal strings and have to be encoded accordingly, e.g. for the modulus with `rsaKeyValue += Convert.ToBase64String(StringToByteArray("bade...dbcb"));` and analogously for the exponent. A possible implementation for `StringToByteArray` can be found e.g. [here](https://stackoverflow.com/a/321404). – Topaco Feb 28 '20 at 19:17
  • Topaco, thank you for your comment. I've found the original library in JS https://gist.github.com/ForsakenHarmony/c9a96e11600bbf807513 – TheAccessMan Feb 29 '20 at 21:46

1 Answers1

0

The public key encryption method uses a combination of private key and public key. The private key is only known to your computer, and the public key is provided by your computer to any other computer that wants to communicate securely with it. To decode the encrypted message, the computer must use the public key provided by the computer that sent the message, as well as its own private key. Pretty good privacy (PGP) is a very popular public key encryption utility, which can be used to encrypt almost any data. The sending computer encrypts the document with the symmetric key, and then encrypts the symmetric key with the public key of the receiving computer. The latter uses its private key to decode the symmetric key, and then uses the symmetric key to decode the document. Implementing public key encryption on a large scale (for example, a secure web server might need it) requires an alternative approach. At this time, digital certificates can be used. Fundamentally, a digital certificate is a piece of information that states that the web server is trusted by an independent source called a certification authority. The certification authority acts as an intermediary that both computers trust. It confirms that the identity of each computer matches its declared identity, and then provides the public key of each computer to the other.

Mary
  • 11
  • 1