views:

195

answers:

3

Maybe someone can clear me up. I have been surfing on this a while now.

Step #1: Create a root certificate

Key generation on unix
1) openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout privatekey.pem -out mycert.pem

2) openssl rsa -in privatekey.pem -pubout -out publickey.pem

3) openssl pkcs12 -export -out mycertprivatekey.pfx -in mycert.pem -inkey privatekey.pem -name "my certificate"

Step #2: Does root certificate work on php: YES

PHP side

I used the publickey.pem to read it into php:

$publicKey = "file://C:/publickey.pem";
$privateKey = "file://C:/privatekey.pem";
$plaintext = "123";

openssl_public_encrypt($plaintext, $encrypted, $publicKey);
$transfer = base64_encode($encrypted);
openssl_private_decrypt($encrypted, $decrypted, $privateKey);

echo $decrypted;  // "123"

OR

$server_public_key = openssl_pkey_get_public(file_get_contents("C:\publickey.pem"));
// rsa encrypt
openssl_public_encrypt("123", $encrypted, $server_public_key);

//and the privatekey.pem to check if it works:
openssl_private_decrypt($encrypted, $decrypted, openssl_get_privatekey(file_get_contents("C:\privatekey.pem")));

echo $decrypted;  // "123"

Coming to the conclusion, that encryption/decryption works fine on the php side with these openssl root certificate files.


Step #3: Does root certificate work on .NET: YES

C# side

In same manner I read the keys into a .net C# console program:

X509Certificate2 myCert2 = null;
RSACryptoServiceProvider rsa = null;

try
{
    myCert2 = new X509Certificate2(@"C:\mycertprivatekey.pfx", "password");
    rsa = (RSACryptoServiceProvider)myCert2.PrivateKey;
}
catch (Exception e)
{
    Console.writeln(e.message); // because I left a blank catch block, I did not realize there was an exception! I missed the password for the certificate.
}

byte[] test = {Convert.ToByte("123")};

string t = Convert.ToString(rsa.Decrypt(rsa.Encrypt(test, false), false));

Coming to the point, that encryption/decryption works fine on the c# side with these openssl root certificate files.


Step #4: Enrypt in php and Decrypt in .NET: YES

PHP side
$onett = "123"
....
openssl_public_encrypt($onett, $encrypted, $server_public_key);
$onettbase64 = base64_encode($encrypted);

copy - paste $onettbase64 ("LkU2GOCy4lqwY4vtPI1JcsxgDgS2t05E6kYghuXjrQe7hSsYXETGdlhzEBlp+qhxzTXV3pw+AS5bEg9CPxqHus8fXHOnXYqsd2HL20QSaz+FjZee6Kvva0cGhWkFdWL+ANDSOWRWo/OMhm7JVqU3P/44c3dLA1eu2UsoDI26OMw=") into c# program:

C# side
byte[] transfered_onett = rsa.Decrypt(Convert.FromBase64String("LkU2GOCy4lqwY4vtPI1JcsxgDgS2t05E6kYghuXjrQe7hSsYXETGdlhzEBlp+qhxzTXV3pw+AS5bEg9CPxqHus8fXHOnXYqsd2HL20QSaz+FjZee6Kvva0cGhWkFdWL+ANDSOWRWo/OMhm7JVqU3P/44c3dLA1eu2UsoDI26OMw="), false);

string result = System.Text.Encoding.UTF8.GetString(transfered_onett); // "123"

No problems.

+1  A: 

Sorry what is the actual question? "Coming to the point, that encryption/decryption works fine on the c# side with these openssl root certificate files."
&
"Coming to the conclusion, that encryption/decryption works fine on the php side with these openssl root certificate files"

Are you trying to make the encryption/decryption work with .net 3.5?

Please have a look at the code below "The problem - "123" encrypt-on-php/decrypt-on-.net". Although enc/dec works fine on each side with same keys, it is not possible to enc on the php side and transfer the data and dec it on the c# side because it throws a "Bad data" exception. The question is, why?
panny
I would like to link http://stackoverflow.com/questions/2979994/openssl-public-encrypt-encrypted-data-is-every-time-different to this issue
panny
how do I mark this question as solved?
panny
A: 

This is solved. I had forgotten to fill the catch block so I did not realize there was an exception with the certificate reading on the c# side. With read certificate, decryption is no problem now.

panny
Mark this as the answer then.
Adam Driscoll
I can't ;) I have to wait two days :D Although GregS found the problem, I had solved it with another friend just minutes ago but I will mark GregS solution.
panny
+1  A: 

You need to use one of the X509Certificate2 constructors that are designed for PFX (aka pkcs#12) files. These take a password argument. In your original example, you were silently swallowing all exceptions so you missed the error.

GregS