
由网友(痞味见底)分享简介:我知道主要的答案,我可能得到的是到底为什么你要这么做? I know the main answer I am likely to get is why the hell would you want to do that?! 不幸的是,尽管我抗议,我必须这样做,即使我知道它没有什么意义。Unfortunatel...


I know the main answer I am likely to get is why the hell would you want to do that?!


Unfortunately despite my protests I have to do it, even though I know it makes little sense.

我已经写在.net中使用私钥解密功能,使用公共密钥加密。 我还RSA签名和验证,并有我这一切是如何工作的认为一个合理的认识。

I have functions written in .Net to decrypt using a private key, encrypt using a public key. I also RSA sign and verify and have a reasonable understanding of how this all work I think.


I am now being sent a value that is RSA encrypted using a private key which I am supposed to derive a usable value by decrypting using the public key.


I can't seem to figure out how to do this. Am I being an idiot? Is this a normal thing to do?

我通过发送我的价值,这是在PHP没有问题的人士告诉记者。我不知道,也没有使用PHP呢。我无法找到一个图书馆做任何的主要语言,我知道如C ++,Java和C#。我工作的服务器使用.NET。

I am told by the person sending me the value that this is no problem in PHP. I don't know and haven't used PHP yet. I can't find a library to do it in any of the main languages I know i.e. C++, Java, C#. The server I am working on uses .Net.


I am hoping someone might be able help me.


It would be great if there is some kind of reasonable solution besides begging them to change what they are doing.


This is my method (updated from my previous bad one as pointed out by Iridium) but when I try to decrypt the value I get an exception


"Error occurred while decoding OAEP padding."


If I use rsa.Decrypt(bytes, false) I get a bad key exception.

public static string DecryptUsingPublic(string dataEncrypted, string publicKey)
        if (dataEncrypted == null) throw new ArgumentNullException("dataEncrypted");
        if (publicKey == null) throw new ArgumentNullException("publicKey");
            RSAParameters _publicKey = LoadRsaPublicKey(publicKey, false);
            RSACryptoServiceProvider rsa = InitRSAProvider(_publicKey);

            byte[] bytes = Convert.FromBase64String(dataEncrypted);
            byte[] decryptedBytes = rsa.Decrypt(bytes, true);

            ArrayList arrayList = new ArrayList();

           return Encoding.UTF8.GetString(decryptedBytes);
            return null;

    private static RSAParameters LoadRsaPublicKey(String publicKeyFilePath, Boolean isFile)
        RSAParameters RSAKeyInfo = new RSAParameters();
        byte[] pubkey = ReadFileKey(publicKeyFilePath, "PUBLIC KEY", isFile);
        byte[] SeqOID = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
        byte[] seq = new byte[15];
        // ---------  Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob  ------
        MemoryStream mem = new MemoryStream(pubkey);
        BinaryReader binr = new BinaryReader(mem);    //wrap Memory Stream with BinaryReader for easy reading
        byte bt = 0;
        ushort twobytes = 0;


            twobytes = binr.ReadUInt16();
            if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
                binr.ReadByte();    //advance 1 byte
            else if (twobytes == 0x8230)
                binr.ReadInt16();   //advance 2 bytes
                return RSAKeyInfo;

            seq = binr.ReadBytes(15);       //read the Sequence OID
            if (!CompareBytearrays(seq, SeqOID))    //make sure Sequence for OID is correct
                return RSAKeyInfo;

            twobytes = binr.ReadUInt16();
            if (twobytes == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81)
                binr.ReadByte();    //advance 1 byte
            else if (twobytes == 0x8203)
                binr.ReadInt16();   //advance 2 bytes
                return RSAKeyInfo;

            bt = binr.ReadByte();
            if (bt != 0x00)     //expect null byte next
                return RSAKeyInfo;

            twobytes = binr.ReadUInt16();
            if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
                binr.ReadByte();    //advance 1 byte
            else if (twobytes == 0x8230)
                binr.ReadInt16();   //advance 2 bytes
                return RSAKeyInfo;

            twobytes = binr.ReadUInt16();
            byte lowbyte = 0x00;
            byte highbyte = 0x00;

            if (twobytes == 0x8102) //data read as little endian order (actual data order for Integer is 02 81)
                lowbyte = binr.ReadByte();  // read next bytes which is bytes in modulus
            else if (twobytes == 0x8202)
                highbyte = binr.ReadByte(); //advance 2 bytes
                lowbyte = binr.ReadByte();
                return RSAKeyInfo;
            byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };   //reverse byte order since asn.1 key uses big endian order
            int modsize = BitConverter.ToInt32(modint, 0);

            byte firstbyte = binr.ReadByte();
            binr.BaseStream.Seek(-1, SeekOrigin.Current);

            if (firstbyte == 0x00)
            {   //if first byte (highest order) of modulus is zero, don't include it
                binr.ReadByte();    //skip this null byte
                modsize -= 1;   //reduce modulus buffer size by 1

            byte[] modulus = binr.ReadBytes(modsize);   //read the modulus bytes

            if (binr.ReadByte() != 0x02)            //expect an Integer for the exponent data
                return RSAKeyInfo;
            int expbytes = (int)binr.ReadByte();        // should only need one byte for actual exponent data (for all useful values)
            byte[] exponent = binr.ReadBytes(expbytes);

            RSAKeyInfo.Modulus = modulus;
            RSAKeyInfo.Exponent = exponent;

            return RSAKeyInfo;
        catch (Exception)
            return RSAKeyInfo;

        finally { binr.Close(); }
        //return RSAparams;


 private static RSACryptoServiceProvider InitRSAProvider(RSAParameters rsaParam)
        // Initailize the CSP
        //   Supresses creation of a new key
        CspParameters csp = new CspParameters();
        //csp.KeyContainerName = "RSA Test (OK to Delete)";

        const int PROV_RSA_FULL = 1;
        csp.ProviderType = PROV_RSA_FULL;

        const int AT_KEYEXCHANGE = 1;
        // const int AT_SIGNATURE = 2;
        csp.KeyNumber = AT_KEYEXCHANGE;
        // Initialize the Provider
        RSACryptoServiceProvider rsa =
          new RSACryptoServiceProvider(csp);
        rsa.PersistKeyInCsp = false;

        // The moment of truth...
        return rsa;

    private static int GetIntegerSize(BinaryReader binr)
        byte bt = 0;
        byte lowbyte = 0x00;
        byte highbyte = 0x00;
        int count = 0;
        bt = binr.ReadByte();
        if (bt != 0x02)     //expect integer
            return 0;
        bt = binr.ReadByte();

        if (bt == 0x81)
            count = binr.ReadByte();    // data size in next byte
            if (bt == 0x82)
                highbyte = binr.ReadByte(); // data size in next 2 bytes
                lowbyte = binr.ReadByte();
                byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
                count = BitConverter.ToInt32(modint, 0);
                count = bt;     // we already have the data size

        while (binr.ReadByte() == 0x00)
        {   //remove high order zeros in data
            count -= 1;
        binr.BaseStream.Seek(-1, SeekOrigin.Current);       //last ReadByte wasn't a removed zero, so back up a byte
        return count;

    private static bool CompareBytearrays(byte[] a, byte[] b)
        if (a.Length != b.Length)
            return false;
        int i = 0;
        foreach (byte c in a)
            if (c != b[i])
                return false;
        return true;


The two methods above InitRSAProvider and LoadRsaPublicKey were gotten out of tutorials to allow PEM keys as Strings to be used with .Net.


已经看了一些关于RSA加密模式的信息,这样看来,PKCS#1 V1.5(你正在使用的,因为你调用解密(...,FALSE)

Having looked at some of the information on RSA encryption modes, it would appear that PKCS#1 v1.5 (which you're using, because you're calling Decrypt(..., false))

......可以在长度的消息的的达至k操作 - 11个字节的(k是字节长度的RSA模数)

"...can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus)"

(RFC 3447,重点煤矿)。

(RFC 3447, emphasis mine).

根据错误信息,这表明你的关键是128个字节,这意味着你无法执行RSA(ZH | DE)使用PKCS#1 V1.5上的消息有超过128 cryption - 11 = 117个字节。

Based on the error message, which indicates that your key is 128 bytes, that means that you can't perform RSA (en|de)cryption using PKCS#1 v1.5 on a message with more than 128 - 11 = 117 bytes.


Instead of encrypting your message directly using RSA, you should be using a symmetric algorithm to encrypt the body of the message, and encrypt only the symmetric encryption key using RSA. Only if your message is reasonably short (i.e. below 117 bytes for your key size) should you consider encrypting the message directly with RSA.

我添加了下面,假设你输入的Base64 EN codeD,你在下面您的评论指出:

I have added the following, assuming that your input is Base64 encoded as you indicate in your comment below:

public string DecryptUsingPublic(string dataEncryptedBase64, string publicKey)
        if (dataEncryptedBase64 == null) throw new ArgumentNullException("dataEncryptedBase64");
        if (publicKey == null) throw new ArgumentNullException("publicKey");
            RSAParameters _publicKey = LoadRsaPublicKey(publicKey, false);
            RSACryptoServiceProvider rsa = InitRSAProvider(_publicKey);

            byte[] bytes = Convert.FromBase64String(dataEncryptedBase64);
            byte[] decryptedBytes = rsa.Decrypt(bytes, false);

            // I assume here that the decrypted data is intended to be a
            // human-readable string, and that it was UTF8 encoded.
            return Encoding.UTF8.GetString(decryptedBytes);
            return null;

