I am working on a cryptographic app in C# with .NET Framework. One of it's functions is to let the user store an (or multiple) RSA asymmetric key pair in the Windows KSP, export the public key to a BLOB and decrypt messages (in fact, it will use RSA only to encrypt/decrypt a symmetric key) encrypted with that one specific key. I am using the CNG implementation in the System.Security.Cryptography namespace.
In order to test it's functionality, I have created a keypair and given it a name. After that, I have exported the key using the following function:
public static byte[] GetPublicKeyBlob(string keyContainerName)
{
try
{
if (!CngKey.Exists(keyContainerName))
throw new CryptographicException($"The Key Service Provider does not contain a key with the name: '{keyContainerName}'");
cngKey = CngKey.Open(keyContainerName);
rsa = new RSACng(cngKey) { KeySize = keySize };
return rsa.Key.Export(CngKeyBlobFormat.GenericPublicBlob);
}
catch (System.Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return null;
}
{
The (static) fields are the following:
public static RSACng rsa;
public static CngKey cngKey;
public static int keySize = 2048; // used
public static RSAEncryptionPadding rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA512; // later
Next, I used the following function to encrypt some sample data:
public static byte[] Encrypt(byte[] input, byte[] key)
{
byte[] output = null;
try
{
cngKey = CngKey.Import(key, CngKeyBlobFormat.GenericPublicBlob);
rsa = new RSACng(cngKey) { KeySize = keySize };
if (input != null)
output = rsa.Encrypt(input, rsaEncryptionPadding);
}
catch (System.Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
return output;
}
I took the output (which looked like a normal output for a cryptographic function) and used it as an input for the Decrypt function:
public static byte[] Decrypt(byte[] input, string keyContainerName)
{
byte[] output = null;
try
{
if (!CngKey.Exists(keyContainerName))
throw new CryptographicException($"The Key Service Provider does not contain a key with the name '{keyContainerName}'");
cngKey = CngKey.Open(keyContainerName);
rsa = new RSACng(cngKey) { KeySize = keySize };
if(input != null)
output = rsa.Decrypt(input, rsaEncryptionPadding);
}
catch (System.Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
return output;
}
Here, rsa.Decrypt(input, rsaEncryptionPadding) threw an exception with the message: "The parameter is incorrect.".
I wrote another Encrypt function using the saved key itself, as it follows:
public static byte[] Encrypt(byte[] input, string publicKeyContainerName, bool setCngKey = true)
{
byte[] output = null;
try
{
if (setCngKey)
{
if (!CngKey.Exists(publicKeyContainerName))
throw new CryptographicException($"The Key Service Provider does not contain a key with the name: '{publicKeyContainerName}'");
cngKey = CngKey.Open(publicKeyContainerName);
}
rsa = new RSACng(cngKey) { KeySize = keySize };
if (input != null)
output = rsa.Encrypt(input, rsaEncryptionPadding);
}
catch (System.Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
return output;
}
The same function for decryption was used with the same result.
At this moment I am stuck and I do not know what to do to solve this problem. What am I doing wrong?