tags:

views:

249

answers:

1
+1  Q: 

crypto++ RSA and "invalid ciphertext"

Hello all

Well, I've been going through my personal hell these days

I am having some trouble decrypting a message that was encrypted using RSA and I'm always failing with a "RSA/OAEP-MGF1(SHA-1): invalid ciphertext"

  1. I have a private key encoded in base64 and I load it:

        RSA::PrivateKey private_key;
    StringSource file_pk(PK,true,new Base64Decoder);
    private_key.Load( file_pk );

  2. I then proceed to decode the message by doing:

    RSAES_OAEP_SHA_Decryptor decryptor(private_key);


AutoSeededRandomPool rng;


string result;
StringSource(ciphertext, true,
    new PK_DecryptorFilter(rng, decryptor,
        new StringSink(result)
    )
);

As far as I can tell, the message should be being parsed without any problems. ciphertext is an std::string, so no \0 at the end that could do something unexpected.

I just though of something, and what if the private key is incorrect but can be loaded anyway without throwing a BER decode error. What would that throw when decrypting?

Hope that anyone can shed some light on this.

Cheers

A: 

If the key was actually corrupted, the Load function should have failed. However you can ask the key to self-test itself, which should detect any corruption, by calling Validate, like:

bool key_ok = private_key.Validate(rng, 3);

The second parameter (here, 3) specifies how much checking to be done. For RSA, this will cause it to run all available tests, even the slow/expensive ones.

Another reason the decoding might fail is if the key simply is not the one that was used to encrypt the original message.

Obviously the ciphertext input must be completely identical to what was originally produced on the encrypting side. For debugging, one good way to check this would be to feed the ciphertext at both sides into a hash function (conveniently already available to you, of course) and comparing the outputs. If you hex or base64 encoded the ciphertext for transmission you must undo that before you give it to the RSA decryptor.

Jack Lloyd  2010-06-14 18:33:22

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS