0

RSA algorithm is producing different output value on different .NET framework. The encrypted password with .NET 3.5 framework has "==" at end but with .NET 4.6.2 the encrypted password has only one "=" at end.

Password = "abc123" output generate on .NET 3.5

vsJJq67cZaS89DMI1BtPDxiWrnNZykqAgJTLUv4un/Zs1acZbaQ8P/kiahC2ZXEsT+d/2JtYxlDiUr63gaR4QGPEAowBadiE7FfThBVeRyNU6O5vc/ptW+wenp3K9ScMy9ZLyPCp9Sp6zoLxFohBKk/RK0mW9YHH/KgEoQsVVeDLFjnWm/svZynCHJjPmG1uaBSP5B4+SStkZNJidhIm7sv0vf9Inb0N1gl4xlq8GtXEgWuQS5SwS+oa4yJNMr9zGPnpagVAXJZbVKFA04xRmU7O7Szl4Cska4oXpVJyhDL304UbvH3Q/2FYmnZ7gLcmbxIqcmr/4jfDs/MixLYrBQ==

Password = "abc123" output generate on .NET 4.6.2

AF2oLOsFQJnMEC3B7iJ5HPBAtWfoTDUXAK8FcOIv2vjc7G0VTUo3qOtF2bBrbpcABhUY5+IifZHOIgWQB1umGcGCsPs3i2pYLrP3c1uhCycE9GNvn9VywUZPD4XsnZrJcPuuV9QS5nDgf6/xIX5PVdAFuFLEceL+yEr19dhi6o+kBGx88boKDPMBQB+r3zJSK1fBZ6p3zvOmUTjxZ4RAxOiyLHdM7MineeyYCsmkd5x7O6BKc37tLSgQWVSUcpT25ib8T1/F794zP8IV2LHw7fZA8QRF7WftLHsPZl2HJegfclKEyOjIVqZe8Qup9dhmSBxM5Jb1U1nGlTDapYe3+C0=

Scenario: I am sending the encrypted password to third party for verification but the they failed to decrypte the encrypted password generated by .NET 4.6.2 framework, but they are getting password after decryption of encrypted password generated by .NET 3.5 framework.

My code for encryption is

        public string Encryption(string strText)
        {
            var testData = Encoding.UTF8.GetBytes(strText);
            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
            rsa.FromXmlString(publicKey.ToString());
            var encryptedData = rsa.Encrypt(testData, false);
            return Convert.ToBase64String(encryptedData);
        }

My Approach to cater this issue right now

I am writing the encrypted password generated by .NET 3.5 framework into file and read the output from the file in .NET 4.6.2 framework.

My approach looks not right solution because when the customers load will increase for password verification the CPU usage will be very high that will affect the system performance.

Please guide me how to cater this problem with right approach or my approach is right ?

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Saud
  • 1
  • 1
  • When creating an instance of RSACryptoServiceProvider you need to specify a CspParameters object with a specified KeyContainerName: var cp = new CspParameters();cp.KeyContainerName = "WhateverKeyContainerName";var privateKey = new RSACryptoServiceProvider(cp); https://stackoverflow.com/questions/40894549/rsacryptoserviceprovider-key-does-not-exist-on-net-4-6-2 – MZM Dec 16 '22 at 07:50
  • @MZM same behavior with CS Parameters. – Saud Dec 16 '22 at 08:24
  • This StackOverflow answer provides some explanation of the nuances of using RSACryptoServiceProvider, possibly default values are set differently in between the two versions of .Net Framework, https://stackoverflow.com/questions/8310847/why-is-rsacryptoserviceprovider-encrypt-output-not-stable – MZM Dec 16 '22 at 15:16
  • 1
    RSA encryption needs to be randomized in order to be secure. It's supposed to produced a completely different result **every time**, no matter which platform it's used one. I don't know what problem you're trying to solve but RSA-encrypting a password is not usually going to be the right thing to solve it. The usual solution for password authentication is to use a scheme involving a specially designed password hashing function like argon2 or bcrypt. – President James K. Polk Dec 16 '22 at 16:01
  • From a purely technical point of view: The problem is not reproducible on my machine. Even with .NET Framework 4.6.2, the signature for a 2048 bits key is 2048 bits. The signature you posted has a spare prepended 0x00 byte (which causes an exception during decryption). To check for a possible correlation with the key, post a test key with which the problem occurs in your environment. – Topaco Dec 16 '22 at 16:19

0 Answers0