AES Decryption from CAPICOM in .NET System.Security.Cryptographic

Question

I reckon there are some questions already similar to what I'm about to discuss here. But, I'm gonna provide some code that might be used for other projects if this million dollar question can be answered.

I am trying to create a decryption mechanism using System.Security.Cryptographic in .NET to decrypt a cipher text made from CAPICOM library.

First, take a look my methods both for encrypting and decrypting using CAPICOM library.

public static string DecryptString(string sValue)
{
    IEncryptedData cryptic = new EncryptedDataClass();
    cryptic.Algorithm.Name = CAPICOM_ENCRYPTION_ALGORITHM.CAPICOM_ENCRYPTION_ALGORITHM_AES;

    cryptic.SetSecret("AbCdeFgHijklMnoPqrstu", (CAPICOM_SECRET_TYPE)0);
    cryptic.Decrypt(sValue);
    return cryptic.Content;
}

public static string EncryptString(string sValue)
{
    IEncryptedData cryptic = new EncryptedDataClass();
    cryptic.Algorithm.Name = CAPICOM_ENCRYPTION_ALGORITHM.CAPICOM_ENCRYPTION_ALGORITHM_AES;

    cryptic.SetSecret("AbCdeFgHijklMnoPqrstu", (CAPICOM_SECRET_TYPE)0);
    cryptic.Content = sValue;
    return cryptic.Encrypt(CAPICOM_ENCODING_TYPE.CAPICOM_ENCODE_BASE64);

}

To use the method just simply called ClassName.EncryptString("Your plain text here"); Now here is the devil side. Lots of posts were talking all the same thing that somehow you cannot decrypt something that was created by CAPICOM, up until this moment I'm feeling that notion is somewhat true.

Here what I have done so far.

public static string SimpleDecrypt(string Text)
{
    byte[] keyBytes = UTF8Encoding.UTF8.GetBytes("AbCdeFgHijklMnoPqrstu"); // 21 characters key is a must !!!
    byte[] ivBytes = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
    aes.KeySize = 256;
    //aes.IV = ivBytes;
    aes.Key = keyBytes;
    aes.Mode = CipherMode.ECB;
    aes.Padding = PaddingMode.None;
    byte[] src = Convert.FromBase64String(Text);
    using (ICryptoTransform decrypt = aes.CreateDecryptor())
    {
        byte[] dest = decrypt.TransformFinalBlock(src, 0, src.Length);
        return Encoding.Default.GetString(dest);
    }
}

We all know that the Initialization Vector (IV) is hidden when using CAPICOM's AES (see post here and cannot be retrieved, nonetheless let's try it anyway. Another interesting is that we only assume that CAPICOM is using max Length KeySize so that I'm using aes.KeySize = 256; . Lastly, CAPICOM is using padding magically in a way that only folks in Microsoft knew about this, so I'm using aes.Padding = Padding.None;.

Unfortunately, every output (cipher text) from CAPICOM were unable to decrypt using my .NET method using every possible combination.

Now here is the question. After spending more than 2 x 24 hours trying to solve this puzzle, I am nowhere near to solve it. Could anyone please help me solve this problem?

It's more than just "magical padding" - [Encrypting a message](https://learn.microsoft.com/en-us/windows/win32/seccrypto/encrypting-a-message-in-capicom): "CAPICOM does not support the PKCS #7 EncryptedData content type but uses a nonstandard ASN structure for EncryptedData. As a result, only CAPICOM can decrypt a CAPICOM EncryptedData object.". The IV is, I am certain, encoded in that structure. You're not going to succeed by feeding the data into an decryption routine unless and until you decode this nonstandard structure. — Damien_The_Unbeliever, May 14 '20 at 13:02
Well thank you... It appears that this puzzle is unsolvable after all. I wonder why this damn Capicom ever created in a non-standard way. So that we are wearing this burden. — wahyuagungs, May 14 '20 at 13:26

AES Decryption from CAPICOM in .NET System.Security.Cryptographic

0 Answers0