0

I am trying to encrypt a payload to submit to a server that is out of my control.

The first step in this process is to obtain the JWK tokens from the end server. An example response from that server is:


{
    "keyId": "03V8AyFvw7wJn3aFMFd28uPqcAWg56oD",
    "der": {
        "format": "X.509",
        "algorithm": "RSA",
        "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqZR3Au51Hs/ywKLQf42qfFlLPd1tHhckcBSNP4XZ07eaLsH132hC6qMQv3wRN7GjmEgXN1LGioWi9k/Y0wBYBc1DawP+Ql2uKhmdVM7lOBCofHOnPH7rbXKWMVMhN3TDHIuaC2sV+zTbgZugOTv60fsK1OQmJTOwBJ1VbrbjqzHAUhfnS+1M5X6OXZCUJv2EAXskYlEBNO+Nbnw6T1VsuiDEBxuFpeF2pzNNY+PcAYoK8YQp7j1CCefjv1TibTofv9/FK0qG2U4/VSGXjZlXLTTYnoxkMQf2XLVDVcmONRXp9TIq7pemkdR3Igz0jSdKznTo25sgmJ6gjtBHOewiwIDAQAB"
    },
    "jwk": {
        "kty": "RSA",
        "use": "enc",
        "kid": "03V8AyFvw7wJn3aFMFd28uPqcAWg56oD",
        "n": "mqZR3Au51Hs_ywKLQf42qfFlLPd1tHhckcBSNP4XZ07eaLsH132hC6qMQv3wRN7GjmEgXN1LGioWi9k_Y0wBYBc1DawP-Ql2uKhmdVM7lOBCofHOnPH7rbXKWMVMhN3TDHIuaC2sV-zTbgZugOTv60fsK1OQmJTOwBJ1VbrbjqzHAUhfnS-1M5X6OXZCUJv2EAXskYlEBNO-Nbnw6T1VsuiDEBxuFpeF2pzNNY-PcAYoK8YQp7j1CCefjv1TibTofv9_FK0qG2U4_VSGXjZlXLTTYnoxkMQf2XLVDVcmONRXp9TIq7pemkdR3Igz0jSdKznTo25sgmJ6gjtBHOewiw",
        "e": "AQAB"
    }
}

I am then using the information from the above JWK to encrypt my payload in C#. This is my current code:

//https://stackoverflow.com/a/34285088/5311735
static byte[] FromBase64Url(string base64Url)
{
    string padded = base64Url.Length % 4 == 0
        ? base64Url : base64Url + "====".Substring(base64Url.Length % 4);
    string base64 = padded.Replace("_", "/")
                          .Replace("-", "+");
    return Convert.FromBase64String(base64);
}

//Get tokens
FlexKeyResponse flexKeyResponse = (await _apiClient.PaymentApiClient.SubmitFlexKey()).Body;

//Encrypt
RSA rsa;
RSAEncryptionPadding padding;

rsa = RSA.Create(2048);
padding = RSAEncryptionPadding.OaepSHA256;

RSAParameters KeyParams = new RSAParameters();
KeyParams.Modulus = FromBase64Url(flexKeyResponse.Jwk.N);
KeyParams.Exponent = FromBase64Url(flexKeyResponse.Jwk.E);

rsa.ImportParameters(KeyParams);
var encrypted = rsa.Encrypt(Encoding.UTF8.GetBytes(moduleConfig.Profile.CardDetails.Number), padding);

string encryptedB64 = Convert.ToBase64String(encrypted);

//Submit to server
...

However when I submit my payload to the server, it responds with: Cannot decrypt PAN (RsaOaep256): too much data for RSA block"

Am I encrypting my payload correctly?

Sam
  • 602
  • 9
  • 21

0 Answers0