I have found out that the NuGet package Security.Cryptography is corrupted - it contains version 1.7.1 of the Security.Cryptography.dll file in package version 1.7.2. It appears that at some point the package did contain the right version - we have a company-wide NuGet repository (Nexus), which contains a different version of the same NuGet package with the Security.Cryptography.dll version 1.7.2.

We have a requirement where in Java does the encryption and .NET does the decryption. The issue is with Asymmetric decryption in .NET, the algorithm, mode and padding used in Java while encryption is "RSA/ECB/OAEPWithSHA-256AndMGF1Padding". On .NET, I have tried to decrypt in all different ways RsaCng, Rsa, Chilkat Rsa, Bouncy Castle with OAEP padding, nothing worked so far. Below are the code snippets. Only when Java's encryption approach is changed to "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", .NET was able to decrypt, but due to security reasons, Java can't change the approach of encryption. We are using PEM file to decrypt, while using a CERT to encrypt. Please let us know the best way to fix the issue. Is it something to do with creating a PEM file which is SHA256 hash based? I would appreciate if someone can help me out.

Errors are mentioned below. RsaCng and Rsa:- Parameter is Incorrect

Java Snippet for Asymmetric Encryption:-

             // Encrypt the symetric key
             X509Certificate cert = ConduentCertificateLocator.getConduentCertificate();
             PublicKey certKey = cert.getPublicKey();
             Cipher c2 = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
             //Cipher c2 = Cipher.getInstance("RSA");
             c2.init(Cipher.ENCRYPT_MODE, certKey);
             byte[] inputCertKey = key.getEncoded();
             byte[] encryptedKey = c2.doFinal(inputCertKey);
             String encryptedKeyUrl = encodeToURL(encryptedKey);

NET Snippet for Asymmetric Decryption:- We did try in few different ways. Below is the code.

a. RSACryptoService

       using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider())
        {
            using (var stream = File.OpenRead(_appSettings.PEM))
            using (var reader = new PemUtils.PemReader(stream))
            {
                var rsaParameters = reader.ReadRsaKey();
                csp.ImportParameters(rsaParameters);

                var resultBytes = csp.Decrypt(ksBytes, true);
                finalResult = Convert.ToBase64String(resultBytes);
            }
        }

b. RsaCng

       using (RSA rsa = new RSACng())
        {
            using (var stream = File.OpenRead(_appSettings.PEM))
            using (var reader = new PemUtils.PemReader(stream))
                rsa.ImportParameters(reader.ReadRsaKey());
            byte[] decrypted2 = rsa.Decrypt(ksBytes, RSAEncryptionPadding.OaepSHA256);
            var ss = Encoding.UTF8.GetString(decrypted2);
        }

The BlockSize and LegalBlockSizes properties are incorrectly set to 16, which causes errors when the data to be enciphered is not an exact multiple of 16 bytes.

This occurs because the BCryptAuthenticatedSymmetricAlgorithm constructor interrogates the "BlockLength" property, which is incorrect; MSDN clearly states that this property only applies to block cipher modes, but AES-GCM is a stream-cipher mode.

I have 16 bytes IV and then last 4 bytes is dynamic . Why IV bytes length has to be 12 bytes alone. If I give more than 12 byte, encryption is failing. Can it be made as configurable.?