Home > PHP > RSA encryption in PHP decryption in .NET

RSA encryption in PHP decryption in .NET

September 12th, 2013 Leave a comment Go to comments

If the subject is searched on the net, the basic issue that pops up would be “bad key” exception or decryption issue. If you have access to the original code with which the implementation is done, then you should be able to identify the mismatch. But for the time, quoting root.org for RSA padding , RSA requires the plaintext to be armored during encryption/signing and the result to be verified during decryption/verification. Unfortunately, this armoring is commonly called “padding”, which means some implementers think it functions like ordinary protocol padding. The interoperability principle (“be strict in what you send and lenient in what you accept”) is exactly opposite how public key crypto must be implemented. Padding cannot be ignored and if even one bit is out of place, the message is invalid. Failure to implement all the steps correctly could allow attackers to forge signatures, decrypt ciphertext, or even recover the private key.
Now if you look at the .Net documentation for the RSACryptoServiceProvider.Decrypt , the method takes two parameters, the first one being the encrypted string, and the second one is a boolean value which when used as true to perform direct RSA decryption using OAEP padding (only available on a computer running Microsoft Windows XP or later); otherwise, false to use PKCS#1 v1.5 padding.
The php implementation which was used is phpseclib. The documentation  though to the core and short, helped me a lot. The further bottle neck was that the server exported RSA public key was in xml format. Normally you could export the RSA key using different methods, the official .NET documentation explains the method to export the private key, and public key as two xml files. A quick search of google dug up a converter, which converts the xml file to .pem.
Main points
1. Cryptographic Library: phpseclib [http://phpseclib.sourceforge.net/]
2. Super Dry converter [https://superdry.apphb.com/tools/online-rsa-key-converter], Crypt_RSA needs key in .pem format
3. Forced Crypt_RSA to use OAEP (CYPT_RSA_ENCRYPTION_OAEP)

Categories: PHP Tags:
  1. bourneagain
    September 13th, 2013 at 03:16 | #1

    http://phpseclib.sourceforge.net/rsa/examples.html#convert,xml

    Looks like phpseclib supports XML keys already, rending the converter step unnecessary?

  2. September 24th, 2013 at 06:33 | #2

    Yes it seems to be. I may need to check it with that work flow. Thanks buddy for pointing it out.

  1. No trackbacks yet.