I need to integrate Single Sign On using C# , I get SAML response from IdP and I need to decrypt SAML response (encryption : TripleDes). I need to decrypt using private key in certificate.
When I try to decrypt using certificate key, it gives me error : invalid key size. Is there a standard way to convert private key into valid size for TripleDes ? e.g.
Should I be taking first 24 bytes Or should I be taking MD5 hash ? Are any open libraries available to decrypt SAML response in C# ?
Below is XML I recieve from IdP:
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>Signing certificate goes here==</X509Certificate>
</X509Data>
</KeyInfo>
<CipherData>
<CipherValue>Cipher value goes here==</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>cipher value goes here=</CipherValue>
</CipherData>
</EncryptedData>
</saml:EncryptedAssertion>
Code snippet:
byte[] inputArray = Convert.FromBase64String(EncryptedData);
TripleDESCryptoServiceProvider tripleDES = (TripleDESCryptoServiceProvider)cert.PrivateKey;
Exception comes on second line. I am not using any third party tools currently.
EncryptedData? What iscert? Assumingcertis certificate - the certificate does not contain private key, so taking one from it usingcert.PrivateKeyis impossible, and even assuming it is possible, castingcert.PrivateKeytoTripleDESCryptoServiceProviderdoes not make any sense too. - Oleg Estekhin