Hai,
it's probably a good idea to try decrypt the file with OpenSSL, so you
know about the right parameters before doing it programatically. Maybe
you can use the native .NET classes to decrypt the file, as this works
as well and is probably simpler than using BC. I'm sorry that I also do
not have .NET code to decrypt the file with the native .NET classes, but
I have already done it and I know it works. I have a snippet to
*encrypt* a file with CMS, so you may have a look at it and try to do it
the other way around:
// baUnencryptedMail - data you want to encrypt
// certRecipient - certificate you want to encrypt to
byte[] encryptData(byte[] baUnencryptedMail, X509Certificate2 certRecipient)
{
ContentInfo content = new ContentInfo(baUnencryptedMail);
EnvelopedCms msgEncrypt = new EnvelopedCms(content);
CmsRecipient cmsMailRecipient = new
CmsRecipient(certRecipient);
msgEncrypt.Encrypt(cmsMailRecipient);
return msgEncrypt.Encode();
}
On 13.01.2013 21:55, Moschny, Torsten wrote:
Hi,
its simple signed and encrypted data. I strongly recommend to create a
proper command line for OpenSSL. There are some binaries of OpenSSL on
the web, try the "cms" option.
If you still want to code it with BC yourself, I can't help you as I
haven't digged into that yet myself. Sorry.
Regards,
Torsten
Am 13.01.2013 14:59, schrieb Hai Ning:
Chris, Torsten,
Thank you both for responding.
I did some reading on DER after sending the email. And you are right, my
question was flawed. Let me try to explain the full picture.
I am given a file and the following instruction on how to decode/decrypt
this file:
1.Decrypt the wrapped session key with the Private key of customer using
RSA.
2.Decrypt the Signed Data with the unwrapped session key using 3DES
EDE CBC.
3.Generate a hash of the data file using SHA1.
4.Decrypt the digital signature with the Public Key using RSA.
5.Verify hash.
According to the instruction I have to decrypt the session key first.
But I can’t tell which part of the binary file is the encrypted session
key. I tried to use .NET APIs to decrypt the entire file using the PFX I
have but ran into error “length exceed 128” or something like that.
I /think/ (I could be wrong) that this file is DER encoded. So I am
trying to decode it first, see if I can separate the encrypted session
key and the encrypted payload.
If instead, this is a CMS (more readings for me…) file as you suspected,
how do I go about decrypt it?
How can I tell if this is DER file, or a CMS file?(I have asked my
source and they don’t know).
I guess I could try using openssl but ultimately I need to do this
programmatically as an automated process.
Any pointers you can offer is appreciated.
-Hai
*From:*Christoph Hannebauer [mailto:[email protected]]
*Sent:* Sunday, January 13, 2013 4:12 AM
*To:* [email protected] <mailto:[email protected]>
*Cc:* [email protected]
<mailto:[email protected]>
*Subject:* Re: [dev-crypto-csharp] DER decoding in .NET
Hello Hai,
PFX aka PKCS#12 is a format specified in ASN.1 for storing data like
private keys.
DER specifies how to encode data whose format is specified as ASN.1.
Almost all X.509 related data can be stored with DER encoding. For
example, your PFX file is also DER encoded. Thus, with the information
you have told us, we do not know the actual format of your binary file.
Therefore we need more information to tell how to decode this binary
file. Maybe you have a file extension?
Encoding and decoding is also something completely different than
encryption and decryption. For the former, you just have to know the
specific format used and for the latter, you have to have a
cryptographic key. Since you have a private key and it is related to
your "binary file", this file is probably encrypted with an asymmetric
encryption algorithm like RSA. Maybe it's a CMS file?
If you just want to decrypt a single file, I suggest you use openssl
with the cms command. This is easier than writing your own application
with Bouncy Castle.
Best,
Christoph
On 12.01.2013 00:22, Hai Ning wrote:
I have a binary file someone sent me. I am told it is DER encoded
and I have the private key in a PFX format.
How do I use BC to decode this file using C#? Is there any sample
code? Thanks.
-Hai
