How to sync Crypto++ RSA with C# RSA crypto service provider?

Question

I crypt a string text with use of Crypto++, but when want to decrypt it by C# RSA crypto service provider I have an exception.

My code produces same cipher string when encrypt a same string with constant public key by Crypto++ in several time, while there are different results (cipher string) with use of C# RSA crypto service provider.

Is main reason of this problem (run-time error) related to different type of RSA?

My encryption code using Crypto++ is in below:

string message((char*)"hi", 2);
Integer messageInteger((const byte *)message.data(), message.size());
Integer cipherMessage = hostPublicKey.ApplyFunction(messageInteger);
size_t len = cipherMessage.MinEncodedSize();
string str;
str.resize(len);
cipherMessage.Encode((byte *)str.data(), str.size(), Integer::UNSIGNED);

And the Crypto++ decryption code is:

Integer cipherMessage1((byte *)str.data(), str.size());
int size1 = cipherMessage1.ByteCount();
Integer plainInteger = privateKey.CalculateInverse(prng, cipherMessage1);
string recovered;
size_t req = plainInteger.MinEncodedSize();
recovered.resize(req);
plainInteger.Encode((byte *)recovered.data(), recovered.size());

the encryption and decryption operations are done well in same side, but there is mentioned problem in decryption operation in other side.

The Crypto++ code you show above appears to be "Raw RSA". It's easy to shoot yourself in the foot, so be very careful. " C# RSA crypto service provider..." - You should show your code, but I suspect you are performing PKCS 1.5 encryption or similar. RSA Exponentiation (what you are doing in Crypto++) and RSA Encryption using PKCS 1.5 (what you are doing in C#) are not compatible. — jww
" while there are different results (cipher string) with use of C# RSA crypto service provider...." - Yep, PKCS 1.5 uses random padding. Each encryption will look different, even under the same key with the same message. — jww
@jww is completely right. Your Crypto++ should be replaced directly. You cannot test encryption by expecting a certain ciphertext, as a cipher should always perform randomization of the ciphertext. Raw RSA is vulnerable against a whole host of attacks. C# can either use OAEP or PKCS#1 v1.5 padding, but if you're designing anew, choose OAEP and don't forget to sign your messages to protect integrity and authenticity. Or better: hire a professional to do this for you as the security of the system seems at risk. — Maarten Bodewes
Related, see Load ASN.1/DER encoded RSA keypair in C#. It shows you how to load a key generated in Crypto++ into C#. — jww

mohammad madani mohammad madani · Accepted Answer · 2017-01-26T11:10:04

for encryption use this code:

    RSAES_OAEP_SHA_Encryptor e(publicKey);
    string cipher;
    StringSource stringSource(message, true,
        new PK_EncryptorFilter(rng, e,
            new StringSink(cipher)
        )
    );

and decryption:

    RSAES_OAEP_SHA_Decryptor d(privateKey);
    StringSource stringSource(cipher, true,
        new PK_DecryptorFilter(rng, d,
            new StringSink(recovered)
        )
    );

How to sync Crypto++ RSA with C# RSA crypto service provider?

1 Answers