Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CAPICOM decryption gets "ASN1 bad tag value met"

139 views
Skip to first unread message

Michael

unread,
Feb 11, 2004, 5:04:45 PM2/11/04
to
My ASP web app is passed an encrypted value by an external app. I was
told that the encryption is Base64 so I tried using a
CAPICOM.EncryptedData object to decrypt the value but I am getting the
error "ASN1 bad tag value met".

The developers of the external application provided me the following
information for verification purposes --

Unencoded String: prodProducerID
Key: p9r8688
Encrypted String: MTAwMjg6cHJvZFByb2R1Y2VySUQ6MTQ

I tried encoding the string and got a completely different result.

--------------------
Dim myEncoder
Set myEncoder = Server.CreateObject("CAPICOM.EncryptedData.1")
myEncoder.SetSecret("p9r8688")
myEncoder.Content = "prodProducerID"
Response.Write "The encrypted string is <BR><B>" + myEncoder.Encrypt()
+ "</B>"
--------------------

The output was:

MGoGCSsGAQQBgjdYA6BdMFsGCisGAQQBgjdYAwGgTTBLAgMCAAACAmYCAgIAgAQI
Pz8ylwBOw2MEENsET3V1ObwGwvnjZqYDgZYEIGgSoptbdq8KwiswDqh3e/yjBt3p
r2IC75pMoqedV5f4

What is going on here? Why am I getting a different encryped string
than what they are sending me? Why can't I decrypt their encoding?

I see the following note in MSDN. Is this the cause of the problem?
Note: CAPICOM does not support the PKCS #7 EncryptedData content type
but uses a nonstandard ASN structure for EncryptedData. Therefore,
only CAPICOM can decrypt a CAPICOM EncryptedData object.

Is the correlary true? Can CAPICOM only decrypt a message that was
encrypted by CAPICOM?

Any help is greatly appreciated!

Regards,
Michael Levy

Michel Gallant

unread,
Feb 11, 2004, 5:15:07 PM2/11/04
to
Yes, CAPICOM EncryptedData is a CAPICOM-specific format which
can only decrypt data encrypted in that exact format. It uses custom
(Microsoft-specific OIDs) ASN.1 sequences (gulp :-)

You need to find out exactly what format/app was used to encrypt
the data sent to you.
CAPICOM uses a derived symmetric encryption key, based on a combination
of a supplied password as UNICODE and an internal salt value (stored in the EncryptedData blob).

- Mitch Gallant
MVP Security

"Michael" <Mic...@MichaelLevy.net> wrote in message
news:4400d199.0402...@posting.google.com...

Michael

unread,
Feb 12, 2004, 12:28:04 PM2/12/04
to
I got the following information from the developers of the external
application:

"The encryption was done using the Java sun.misc package
(Base64Encoder and Base64Decoder). The developers who did the work
extended these classes and wrote wrappers around new encrypt and
decrypt methods such that passing a key and value to be
encrypted/decrypted could be done more easily."

I know very little about Java. Based on the information they
provided, what do I need to do in order to decrypt the strings they
are sending to me?

Thanks,
Michael

Michel Gallant

unread,
Feb 12, 2004, 4:20:54 PM2/12/04
to
You still need to find out exactly what encryption algorithm they
used (are they doing their own custom encryption algorithm? or
are they using standard symmetric cipher stuff in Java like:

Show them something like this:

Cipher c3des = Cipher.getInstance("DESede/CBC/PKCS5Padding");
SecretKeySpec myKey = new SecretKeySpec(tdesKeyData, "DESede");
IvParameterSpec ivspec = new IvParameterSpec(myIV);

and ask is that is their approach (standard symmetric encryption ... compatible with CryptoAPI and
.NET symmetric cipher).

- Mitch Gallant

"Michael" <Mic...@MichaelLevy.net> wrote in message

news:4400d199.04021...@posting.google.com...

0 new messages