This project has been migrated from CodePlex and isn't actively maintained. It's provided for archival purposes only.
You can find the original wiki home page here.
License: MIT License
This project has been migrated from CodePlex and isn't actively maintained. It's provided for archival purposes only.
You can find the original wiki home page here.
I have found out that the NuGet package Security.Cryptography is corrupted - it contains version 1.7.1 of the Security.Cryptography.dll file in package version 1.7.2. It appears that at some point the package did contain the right version - we have a company-wide NuGet repository (Nexus), which contains a different version of the same NuGet package with the Security.Cryptography.dll version 1.7.2.
We have a requirement where in Java does the encryption and .NET does the decryption. The issue is with Asymmetric decryption in .NET, the algorithm, mode and padding used in Java while encryption is "RSA/ECB/OAEPWithSHA-256AndMGF1Padding". On .NET, I have tried to decrypt in all different ways RsaCng, Rsa, Chilkat Rsa, Bouncy Castle with OAEP padding, nothing worked so far. Below are the code snippets. Only when Java's encryption approach is changed to "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", .NET was able to decrypt, but due to security reasons, Java can't change the approach of encryption. We are using PEM file to decrypt, while using a CERT to encrypt. Please let us know the best way to fix the issue. Is it something to do with creating a PEM file which is SHA256 hash based? I would appreciate if someone can help me out.
Errors are mentioned below. RsaCng and Rsa:- Parameter is Incorrect
Java Snippet for Asymmetric Encryption:-
// Encrypt the symetric key
X509Certificate cert = ConduentCertificateLocator.getConduentCertificate();
PublicKey certKey = cert.getPublicKey();
Cipher c2 = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
//Cipher c2 = Cipher.getInstance("RSA");
c2.init(Cipher.ENCRYPT_MODE, certKey);
byte[] inputCertKey = key.getEncoded();
byte[] encryptedKey = c2.doFinal(inputCertKey);
String encryptedKeyUrl = encodeToURL(encryptedKey);
NET Snippet for Asymmetric Decryption:- We did try in few different ways. Below is the code.
a. RSACryptoService
using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider())
{
using (var stream = File.OpenRead(_appSettings.PEM))
using (var reader = new PemUtils.PemReader(stream))
{
var rsaParameters = reader.ReadRsaKey();
csp.ImportParameters(rsaParameters);
var resultBytes = csp.Decrypt(ksBytes, true);
finalResult = Convert.ToBase64String(resultBytes);
}
}
b. RsaCng
using (RSA rsa = new RSACng())
{
using (var stream = File.OpenRead(_appSettings.PEM))
using (var reader = new PemUtils.PemReader(stream))
rsa.ImportParameters(reader.ReadRsaKey());
byte[] decrypted2 = rsa.Decrypt(ksBytes, RSAEncryptionPadding.OaepSHA256);
var ss = Encoding.UTF8.GetString(decrypted2);
}
The BlockSize and LegalBlockSizes properties are incorrectly set to 16, which causes errors when the data to be enciphered is not an exact multiple of 16 bytes.
This occurs because the BCryptAuthenticatedSymmetricAlgorithm constructor interrogates the "BlockLength" property, which is incorrect; MSDN clearly states that this property only applies to block cipher modes, but AES-GCM is a stream-cipher mode.
I have 16 bytes IV and then last 4 bytes is dynamic . Why IV bytes length has to be 12 bytes alone. If I give more than 12 byte, encryption is failing. Can it be made as configurable.?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.