CryptographicException: Unknown Error '80007005'. when calling RSACryptoServiceProvider.Decrypt() in .Net Compact Framework

Question

Hello,

I am trying to use the RSACryptoServiceProvider to encrypt/decrypt. Encrypting works fine, but the Decrypt method() throws an exception with the message: Unknown Error '80007005'.

This is the code:

Byte[] plainData = encoding.GetBytes(plainText);
Byte[] encryptedData;
RSAParameters rsap1;
Byte[] decryptedData;
using (RSACryptoServiceProvider rsa1 = new RSACryptoServiceProvider())
{
   encryptedData = rsa1.Encrypt(plainData, false);
   rsap1 = rsa1.ExportParameters(false);
}

using (RSACryptoServiceProvider rsa2 = new RSACryptoServiceProvider())
{
   rsa2.ImportParameters(rsap1);
   decryptedData = rsa2.Decrypt(encryptedData, false);
}

decryptedText = encoding.GetString(decryptedData, 0, decryptedData.Length);

Is anyone aware of a workaround?

Thanks!

Answer 1

rsap1 = rsa1.ExportParameters(false);

By passing false to this method, you're choosing to not export the private key. Without the private key it will be difficult to decrypt the data. Try passing true to the export method.

Answer 2

When using RSA you need to understand the basics of key management. You did not specify what key container to use during encryption. What key do you expect to be used? The default user key? The machine key? Do you understand what the default user key and the machine keys are ? Not to mention the obvious question of why do you encrypt anything with RSA? RSA encryption is used solely for encrypting session keys, and there are dedicated key exchange protocols that take care of this out-of-the-box (stream oriented like TLS or document oriented like S/MIME). You should use one of these out-of-the-box protocols and not roll your own encryption scheme. You will screw up key management, that is guaranteed.

When you attempt to decrypt, does the decryptor has possession of the private key corresponding to the public key used during encryption?

See:

• How to: Store Asymmetric Keys in a Key Container
• Encrypting Data
• Decrypting Data

Note that these are just simple code samples in MSDN and should never be used by anyone without a very deep understanding of cryptography, and specially key management.

I recommend you look into using a high level class like SslStream for encrypting data exchanges. For a document storage encryption scheme you better use the OS facilities or rely on ProtectedData class. Again, do not roll your own encryption unless you really know what you're doing (in which case you wouldn't be asking questions here).

Answer 3

Fixed the code! I guess I do not need to specify a container after all...

Byte[] plainData = encoding.GetBytes(plainText);
Byte[] encryptedData;
Byte[] decryptedData;
using (RSACryptoServiceProvider rsa1 = new RSACryptoServiceProvider())
{
    RSAParameters rsap1 = rsa1.ExportParameters(false);

    using (RSACryptoServiceProvider rsa2 = new RSACryptoServiceProvider())
    {
        rsa2.ImportParameters(rsap1);
        encryptedData = rsa2.Encrypt(plainData, false);
    }

    decryptedData = rsa1.Decrypt(encryptedData, false);
}

decryptedText = encoding.GetString(decryptedData, 0, decryptedData.Length);