I keep trying to encrypt using my private RSA key, and decrypting with my public RSA key, but I can't decrypt without getting "Decrypt(): Key not valid for use in specified state."
Oh, and I realize that you usually encrypt with the public key - that's not what I'm trying to do. Please don't spam the thread with "learn how PKE works"
What I need this for is to be able to encrypt patches (about 200 bytes of base 64 text) on my computer, then have the program decrypt with the public key, proving I made the patch.
Can I get some help, or do you know of any libraries that would make this easier?
Decrypt function:
Public Shared Function Decrypt(ByVal Data() As Byte, ByVal Privatekey As String) As RSAResult
Try
Dim RSA As System.Security.Cryptography.RSACryptoServiceProvider = New System.Security.Cryptography.RSACryptoServiceProvider()
RSA.FromXmlString(Privatekey)
Dim Result As New RSAResult(RSADecrypt(Data, RSA.ExportParameters(True), False))
Return Result
Catch ex As Exception
Throw New Exception("Decrypt(): " & ex.Message, ex)
End Try
End Function
You can use RRSAParameters structure and RSACryptoServiceProvider's ImportParamaters method. This lets you create your own keys for encrypting with RSA.
For a definition of D, Dp, Dq, Exponent, InverseQ, Modulus, P, and Q, I suggest checking out the Wikipedia page on RSA for Cryptography. This covers how to generate a key, as well as what each parameter is for. Towards the bottom there is even a representation of the algorithm.
Related
When trying to use the getK() method on a key pair in JavaCard I get this exception code: CryptoException.UNINITIALIZED_KEY
Here is my code where I generate the key pair:
KeyPair key = new KeyPair(KeyPair.ALG_EC_FP, (short)256);
key.genKeyPair();
later on in the code I am trying to run
ECPublicKey eCPublicKey = (ECPublicKey) key.getPublic();
short hLeng = eCPublicKey.getK();
but this is when I get the exception thrown. Is there something else I need to do to init the key?
You need to have initialised the domain parameters a, b, g, k, r and the field. You can find a list of NIST recommended curves here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
getK() is throwing an exception because it has not been initialised.
I need to write code that gets as input Elliptic Curve key in ASN.1 format.
The input byte array is next:
308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420E699203AC5BCFE36402EBD0AC9E8E21CC6FAD5828A61297EA747468FFF4DBB20A144034200047E05188A03EA81E853B9F6AC5F20DCA1A1CA828FD7CD5D92161FB2120C35EAC52EAB079ED01A510123057C322DDFF95E239D6063055BC90858D161D71DE707F8
Online parser shows me the next structure:
To use key as I want I need to get public value X, public value Y and private value from this structure, at least I think so. But I do not know how.
I have searched information about OBJECT IDENTIFIER 1.2.840.10045.2.1 and OBJECT IDENTIFIER 1.2.840.10045.3.1.7. I've found this document. But there is no description of fields of ASN.1 structure.
How can I get required parameters from imported data?
It's commonly known as a PKCS#8 structure, which is the "Private-Key Information Syntax Specification". It only contains the unencrypted part of a PKCS#8 private key.
So this is in PKCS#8:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
privateKey PrivateKey,
attributes [0] Attributes OPTIONAL
}
The AlgorithmIdentifier is taken from PKCS#5
AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE {
algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}
{#algorithm}) OPTIONAL
}
The Elliptic Curve Private Key structure:
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Oh, and encoded in DER, the Distinguished Encoding Rules (study version) - you may not be able to rule out BER completely, which is a more loosely defined and therefore harder to parse structure). PKCS#8 defines BER unfortunately.
Oh, yeah, the public key is in uncompressed point format. Don't forget to strip away the 00 from the bit string.
Happy parsing.
I am working for a project (using vb.net 4.5) which have to use AES encryption using a key (will be provided as input parameter for the function)
I have tried to use the following code
Imports System.Security.Cryptography
Imports System.Text
Public Class EncryptionFunction
Public Function DoEncryption(ByVal keyByte() As Byte, IV() As Byte)
Dim a As Aes = Aes.Create
a.Mode = CipherMode.OFB
Dim encryptor As ICryptoTransform
encryptor = a.CreateEncryptor(keyByte, IV)
End Function
End Class
but an error occurred in the
encryptor = a.CreateEncryptor(keyByte, IV)
the error is "an internal error occurred" , if I change the cipher mode it works correctly but I have to use OFB mode.
so , any suggestions?
Aes.Create by default creates the wrapper to CryptoAPI (i. e. AesCryptoServiceProvider). Because CryptoAPI uses so called "cryptographic service providers" that can be installed on Windows additionally to system ones, and because also system pre-installed list of cryptographic service providers differs between Windows versions and editions, when you use Aes.Create, your code is actually OS-dependent. So, Aes.Create may produce unpredictable results, it is inevitable.
if you need full predictability, you better use other Aes implementations, may be AesManaged or any custom library. Aes.Create is OS-dependent by its nature.
I am writing an encryption application that requires a 64 bit key. I am currently using the following code to automatically generate a key.
Function GenerateKey() As String
' Create an instance of a symmetric algorithm. The key and the IV are generated automatically.
Dim desCrypto As DESCryptoServiceProvider = DESCryptoServiceProvider.Create()
' Use the automatically generated key for encryption.
Return ASCIIEncoding.ASCII.GetString(desCrypto.Key)
End Function
I am wanting the user to create their own key. Can I convert a user defined password (a string) into a 64 bit key that can be used?
The answer depends on how secure you want it to be, I'm no security expert so I wouldn't give advice on it.
I did see this though: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx It can be used to derives bytes from a string key and salt in the way Jodrell eluded to, and would be far better than rolling yor own.
The other constructor that might be suited after that stage is detailed here: http://msdn.microsoft.com/en-us/library/51cy2e75.aspx
I'm sure if you searched for that on the web you could find examples of how to use it.
I have the necessary components to build the private/public RSA key: N, E, D, P, & Q. I can derive the other values for the CRT if needed. How can I use these parameters to produce a valid Private/Public key in DER, PEM, or PKCS#7? It doesn't matter which to me as I can convert between them. I'm looking for a tool, library, script, or program that supports assigning these values and writing out a valid file, so I don't have to read hundreds of pages on ASN.1. Every tool I've looked at doesn't expose this use case in the API.
If you are using Java, there is the RSAPrivateKeySpec class, which takes BigInteger arguments of modulus and exponent. There are subclasses which take instead of N the P and Q primes (for more efficiency). You can then use a KeyFactory to convert this object to a Key, and then to some EncodedKeySpec class like PKCS8EncodedKeySpec or X509EncodedKeySpec.
You should be able to use OpenSSL (the library).
BIGNUM is described here. There are many functions to create a BIGNUM out of your input (depending on format). BN_bin2bn is probably the simplest, but hexadecimal or decimal input is also supported.
RSA is a structure that contains BIGNUMs. It's described here. You can initialise it yourself (directly).
You can then write the RSA structure using one of the PEM functions (described here). For example, PEM_write_RSAPrivateKey writes a PEM file containing a private key (you can also encrypt it, if you want to).
I'm not aware of any tool that does all of the above. Also, ASN.1 isn't so bad (a public/private key is pretty much a SEQUENCE of INTEGERs).