crypto/rsa problems

[Nick]

Hello,

I'm trying to port some crypto code over to communicate with a closed-source server that has the private key to decrypt the data I send (I only have the public key).

The code should encrypt a random session key with the public key of the server, but the server seems to reject it (for some reason I can't find out).

I have it working in C# and JavaScript though. Are there any differences between the code in C#, JavaScript and Go?

C#:

var rsa = new System.Security.Cryptography.RSACryptoServiceProvider();

rsa.ImportParameters(keyParameters);

var result = rsa.Encrypt(sessionKey, true);

JavaScript (on NodeJS using the 'ursa' library):

var result = publicKey.encrypt(sessionKey);

(where the publicKey is already a parsed ursa Public Key)

And Go: 

result, err := rsa.EncryptOAEP(crc32.New(crc32.IEEETable), rand.Reader, publicKey, sessionKey, nil)

They all seem equivalent, but as said before, the Go one is rejected. I have verified that all three keys are the same.

I'm using Go 1.1.1 on Windows 7 64bit.

[agl]

On Friday, June 21, 2013 1:26:20 PM UTC-4, Nick wrote:

Hello,

I'm trying to port some crypto code over to communicate with a closed-source server that has the private key to decrypt the data I send (I only have the public key).

The code should encrypt a random session key with the public key of the server, but the server seems to reject it (for some reason I can't find out).

I have it working in C# and JavaScript though. Are there any differences between the code in C#, JavaScript and Go?

C#:

var rsa = new System.Security.Cryptography.RSACryptoServiceProvider();

rsa.ImportParameters(keyParameters);

var result = rsa.Encrypt(sessionKey, true);

JavaScript (on NodeJS using the 'ursa' library):

var result = publicKey.encrypt(sessionKey);

(where the publicKey is already a parsed ursa Public Key)

And Go: 

result, err := rsa.EncryptOAEP(crc32.New(crc32.IEEETable), rand.Reader, publicKey, sessionKey, nil)

OAEP is the more modern RSA padding. It's likely that you want to call http://golang.org/pkg/crypto/rsa/#EncryptPKCS1v15

Cheers

AGL

[Nick]

Unfortunately, that doesn't seem to work either. Also, the last parameter in the C# encrypt call enables OAEP too (MSDN docs). For the NodeJS library, the default padding which is mentioned in the docs is RSA_PKCS1_OAEP_PADDING.

[Michael Gehring]

On Fri, Jun 21, 2013 at 10:26:20AM -0700, Nick wrote:
> And Go:
> result, err := rsa.EncryptOAEP(crc32.New(crc32.IEEETable), rand.Reader,
> publicKey, sessionKey, nil)

Try sha-1 (crypto/sha1) as hash function. crc32 ist almost certainly wrong.

[Nick]

Many thanks, that was it. 

[Nick]

I have a question though. Why is it that the Go API allows to pass a custom hash function while other libraries in other languages don't? Is this a special feature?

[Frithjof Schulze]

Please ignore what I said, which was just wrong.

[Frithjof Schulze]

To expand on what was wrong: I talked about the second argument, which is actually used for blinding. The hash function is needed for the OAEP padding scheme. 

Still the same comments apply. OAEP needs one (or two) cryptographic hash function, and there is no good reason to hardcode sha-1, especially as people are moving away to other hash functions like sha-256.

If you google around you can actually find posts of people, who are trying to use sha-256 in C#.

http://stackoverflow.com/questions/5113498/can-rsacryptoserviceprovider-nets-rsa-use-sha256-for-encryption-not-signing

- Frithjof