RSA.ImportParameters()中的CryptographicException-特殊1024键中的错误数据 [英] CryptographicException in RSA.ImportParameters() - Bad Data in special 1024 keys
问题描述
我们有一个C#/.Net 4.0应用程序,该应用程序从WebService中收到的Base64中的字符串中导入RSA私钥.
We have a C#/.Net 4.0 application which imports RSA Private Keys from a String in Base64 received in a WebService.
此应用程序非常适合1024位RSA密钥,但不适用于特殊类型的rsa私钥(约占密钥的1%).
This application works perfectly for RSA-Keys in 1024 bits, but doesn't with a special kind of rsa private keys (around 1% of keys).
以下是字节长度:
工作键:
- 模数=> 128字节
- 指数=> 3个字节
- D => 128字节
- P => 64字节
- Q => 64字节
- DP => 64字节
- DQ => 64字节
- IQ => 64字节
不工作键:
- 模数=> 128字节
- 指数=> 3个字节
- D => 127字节
- P => 64字节
- Q => 64字节
- DP => 64字节
- DQ => 64字节
- IQ => 64字节
- Modulus => 128 Bytes
- Exponent => 3 Bytes
- D => 127 Bytes
- P => 64 Bytes
- Q => 64 Bytes
- DP => 64 Bytes
- DQ => 64 Bytes
- IQ => 64 Bytes
区别在于D的长度(128个有效,127个无效).非工作密钥比工作密钥短1个字节.
The difference is in the lenght of D (128 working, 127 not working). The not-working key is 1 byte shorter than the working key.
已设置参数,但是在执行RSA.ImportParameters(rsaParams)时会引发带有"Bad Data"消息的CryptographicException.
The parameters are set but when doing RSA.ImportParameters(rsaParams) it throws a CryptographicException with a "Bad Data" Message.
解决这个问题应该包括什么?
What should be included to solve this problem?
推荐答案
RSACryptoServiceProvider
对数据长度有一些假设,即:
RSACryptoServiceProvider
has some assumptions on the data lengths which are:
- 模量:任何偶数大小,我们称其长度为
n
- 指数:(
<= 4
个字节;尽管RSACng允许任何大小"),我们将其称为长度e
- D:
n
- P:
n/2
- 问:
n/2
- DP:
n/2
- DQ:
n/2
- InverseQ:
n/2
- Modulus: any even size, let's call the length
n
- Exponent: (
<= 4
bytes; though RSACng allows "any size"), let's call the lengthe
- D:
n
- P:
n/2
- Q:
n/2
- DP:
n/2
- DQ:
n/2
- InverseQ:
n/2
因此,假设您的第二个键实际上是模量:128字节(因为64字节的P乘以64字节的Q并不是256字节的数字),您只需要用零以使其达到适当的长度.
So, assuming that your second key is actually Modulus: 128 bytes (because a 64-byte P times a 64-byte Q isn't a 256 byte number), you just need to left-pad the D array with a zero to bring it up to the proper length.
byte[] newD = new byte[modulus.Length];
Buffer.BlockCopy(d, 0, newD, newD.Length - d.Length, d.Length);
.NET Core has the source code available showing that relationship. In .NET Framework it's buried inside the CLR, so not available on referencesource.
这篇关于RSA.ImportParameters()中的CryptographicException-特殊1024键中的错误数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!