Archived Forum Post

Index of archived forum posts

Question:

EncrypStringENC and DecryptStringENC with failure

Jun 13 '14 at 12:32

I have two functions in delphi 2009, one function is to encrytp and the other to decryp. When I try to decryp the result of the DecryptStringENC function is ''.

I have checked the entered string, and I'm sure that the encrypted string that I put in the Decode function is the same generated by Encode function.

When I check the LastErrorText I can see the following:

ChilkatLog:
  DecryptStringENC:
    DllDate: Aug  5 2012
    UnlockPrefix: ASSECPRSA
    Username: SIM07:IUSR
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 1
    usePrivateKey: 1
    RSA_decrypt:
      KeyType: Private
      InputSize: 128
      Padding: PKCS v1.5
      ModulusBitLen: 1024
      modulus_bitlen: 1024
      littleEndian: 0
      Byte swapping from big-endian to little-endian
      encryptedData: 3186 194B DCDA 40BC 514D E4BA D893 5D35
EE84 6CE9 9B7B 0153 2FCF 62E2 4277 4829
7042 2729 F2DE AC0C B1AE 5AB1 63DA B75A
64FD 41B0 76C0 01C6 2212 23E1 AB3B 6FC0
D9C0 2B1D 35C9 9230 5BC8 A6E0 73AF B549
8BD5 DA2A EC73 4CE9 6F3D 5CC8 A793 DB7F
CA1A B80E 497B 2D65 14AB C4FF 2126 5C83
98E5 0FFB 26DF 2E8B 6113 3C34 D052 0B07
      exptmod: Elapsed time: 0 millisec
      exptmod_decoded: 3266 B4F2 CCCF 0656 5CD4 7C9E 7D64 573E
FE62 A402 8F52 D8E8 590B 09F2 F8BB FD05
9BA6 A926 9C38 43D7 71C9 022A 0121 B4DA
CD62 C85C 2368 30B2 8A46 B2C1 410D B806
0A8C 9ADB 01F1 82A3 7367 C8A9 4C10 26A1
D6CA 32BA 58E4 F769 D141 8E50 3D1B DB2D
089E 9CEC 3D0D 6861 0778 BF1D 63EE 2510
50E2 7112 05AB F599 7113 0232 F854 9BED
      exptmod_decoded_size: 128
      padding: PKCS 1.5
      Pkcs1_5_decode:
        Invalid PKCS v1.5 PS length
        ps_len: 126
      --Pkcs1_5_decode
      Packet: 3266B4F2CCCF06565CD47C9E7D64573EFE62A4028F52D8E8590B09F2F8BBFD059BA6A9269C3843D771C9022A0121B4DACD62C85C236830B28A46B2C1410DB8060A8C9ADB01F182A37367C8A94C1026A1D6CA32BA58E4F769D1418E503D1BDB2D089E9CEC3D0D68610778BF1D63EE251050E2711205ABF59971130232F8549BED
    --RSA_decrypt
    decrypt: Elapsed time: 0 millisec
    Failed.
  --DecryptStringENC
--ChilkatLog

The Encode and Decode are done with the private key, that is a constant in my code. the functions are as falows.

What are wrong?

function TD.Encode(ATextToCryp : string): string;
var
  RSA : TChilkatRsa;
  PRVKey: TPrivateKey;
  SessionID : string;
begin
  result := '';
  RSA := TChilkatRsa.Create(Self);
  try
    if RSA.UnlockComponent('xxx') = 1 then
    begin
      RSA.EncodingMode := 'base-64';
      RSA.LittleEndian := 0;
      PRVKey := TPrivateKey.Create(Self);

try
        if PRVKey.LoadPem(KPRVKey) <> 1 then
        begin
          SaveInLogFile('Error while loading PEM private key...');
          SaveInLogFile(PRVKey.LastErrorText);
        end;

if RSA.ImportPrivateKey(PRVKey.GetXml) <> 1 then
        begin
          SaveInLogFile('Error while coverting PEM private key to XML...');
          SaveInLogFile(RSA.LastErrorText);
        end;

SessionID := RSA.EncryptStringENC(ATextToCryp, 1);
        if Length(SessionID) = 0 then
        begin
          SaveInLogFile('Error while generating session ID...');
          SaveInLogFile(RSA.LastErrorText);
        end
        else
          result := SessionID;
      finally
        PRVKey.Free;
      end;

end;

finally
    RSA.Free;
  end;

end;
function TD.Decode(ASessionID : string) : boolean;
var
  RSA : TChilkatRsa;
  PRVKey: TPrivateKey;
  TextDecry : string;
begin
  result := false;
  RSA := TChilkatRsa.Create(Self);
  try

if (RSA.UnlockComponent('xxx') = 1) then
    begin
      RSA.EncodingMode := 'base-64';
      RSA.LittleEndian := 0;
      PRVKey := TPrivateKey.Create(Self);

try
        if PRVKey.LoadPem(KPRVKey) <> 1 then
        begin
          SaveInLogFile('Error while loading PEM private key...');
          SaveInLogFile(PRVKey.LastErrorText);
        end;

if RSA.ImportPrivateKey(PRVKey.GetXml) <> 1 then
        begin
          SaveInLogFile('Error while coverting PEM private key to XML...');
          SaveInLogFile(RSA.LastErrorText);
        end;

RSA.VerboseLogging := 1;
        TextDecry := RSA.DecryptStringENC(ASessionID, 1);
        if Length(TextDecry) = 0 then
        begin
          SaveInLogFile('Error while validating session ID...');
          SaveInLogFile(RSA.LastErrorText);
        end;
        result := TextDecry = ATextUnCrypted;

finally
        PRVKey.Free;
      end;

end;

finally
    RSA.Free;
  end;
end;

Answer

The error indicates an "Invalid PKCS v1.5 PS length". It found 126 bytes, not 128.

Assuming your code is correct, I notice that you are using an older version of the library (from 2012). I'd try upgrading to the latest version to see if that helps. If not, then validate your public/private keys to make sure that they are properly formed.


Answer

I've updated the library but does not solve my problem

ChilkatLog:
  DecryptStringENC:
    DllDate: Jun 10 2014
    ChilkatVersion: 9.5.0.40
    UnlockPrefix: ASSECPRSA
    Username: SIM07:IUSR
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 1
    usePrivateKey: 1
    rsaDecryptBytes:
      RSA_decrypt:
        KeyType: Private
        InputSize: 128
        Padding: PKCS v1.5
        ModulusBitLen: 1024
        modulus_bitlen: 1024
        littleEndian: 0
        Byte swapping from big-endian to little-endian
        encryptedData: 8253 63A6 00EF F4C8 A935 B3B2 06D4 F561
C013 E04F ABB1 0BE6 6DA1 8ABD B3EC E052
CEF2 6CBE 8615 F557 D8E0 3C9B AC33 8B66
4D32 BFF8 E097 3248 24FE 176A 53F6 A43E
77D6 8D07 44A0 EBF9 8A55 0317 3E8F 6407
CAB0 10BA 58A8 68BA 055F 4696 AF14 6A05
7451 D1BE 074F 9DCB 7A7C C6CB 6609 9E5B
5854 ACB0 BAD2 439D 5C83 2AAE 8174 2DBE
        exptmod: Elapsed time: 0 millisec
        exptmod_decoded: 81F9 4161 4060 E10C 2150 247B 1CF8 C4CF
D355 3181 4840 2E6E D926 1962 FA69 FE21
495E BD98 2D82 315E 8E1E 252A 6852 3AE1
8B75 1403 F3C6 6FBF EC3A 6C58 6E52 D0D1
FB20 4B0C 9CBF 2874 14BE FB74 AB2B A435
A052 42A8 7635 45CD 4CF7 3932 6265 4E3A
F11A 3937 D349 C906 17EE EF8D C4FE CA77
D290 31BC 7033 B7A3 8370 A6A6 6656 B876
        exptmod_decoded_size: 128
        padding: PKCS 1.5
        Pkcs1_5_decode:
          Invalid PKCS v1.5 PS length
          ps_len: 126
        --Pkcs1_5_decode
        Packet: 81F941614060E10C2150247B1CF8C4CFD355318148402E6ED9261962FA69FE21495EBD982D82315E8E1E252A68523AE18B751403F3C66FBFEC3A6C586E52D0D1FB204B0C9CBF287414BEFB74AB2BA435A05242A8763545CD4CF7393262654E3AF11A3937D349C90617EEEF8DC4FECA77D29031BC7033B7A38370A6A66656B876
      --RSA_decrypt
    --rsaDecryptBytes
    decrypt: Elapsed time: 0 millisec
    Failed.
  --DecryptStringENC
--ChilkatLog

Answer

Does this help?

http://www.cknotes.com/oaep-padding-vs-pkcs-v15-padding-error/


Answer

I'm sorry for the non formated text. Changing the OaepPadding property to 1, gives another type of error...

ChilkatLog:
  DecryptStringENC:
    DllDate: Jun 10 2014
    ChilkatVersion: 9.5.0.40
    UnlockPrefix: ASSECPRSA
    Username: SIM07:IUSR
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 1
    usePrivateKey: 1
    rsaDecryptBytes:
      RSA_decrypt:
        KeyType: Private
        InputSize: 128
        Padding: OAEP
        HashAlg: SHA-1
        ParamLen: 0
        ModulusBitLen: 1024
        modulus_bitlen: 1024
        littleEndian: 0
        Byte swapping from big-endian to little-endian
        encryptedData: 4A91 A00E 0CB3 96FE B399 B80D C4CB FFB9
5324 7A0F 3830 0B7C 21B6 A634 0D65 7AB9
E113 338F 85DC E459 BE4C EA39 4F6E 9A67
5820 AD8C 7AC3 633E 1346 8046 59CE DA92
5A96 8B4C 5F2E F6F9 D865 15BD 8122 59C0
A0B9 5E27 53D2 0C38 B117 5B15 EE05 2247
08D3 90A8 AC01 C173 778D E8A4 1160 56F1
533F 5473 9D9C 10F1 DD24 EC10 C6D5 C39A
        exptmod: Elapsed time: 0 millisec
        exptmod_decoded: 828D 5DFF 4E83 8596 63AB C4BD D18F 28D1
C89B C58F DF89 6D2D 77A7 3882 F931 C312
2075 22D9 2D28 79C8 DC28 6DDC 4D3C 1D05
5C3F 1EE9 0B87 B15C 2806 5E5D 0CD6 72DA
7F1E 83AB C488 5C69 C12A 01CD 3E6C 03E5
E42E F989 94F6 EED6 47D8 7028 325C 1711
9334 93C5 3665 4D70 A706 624D D4AF AB2E
61E5 B068 9A13 0675 D7A7 F6DC 2614 DA9F
        exptmod_decoded_size: 128
        padding: OAEP
        No leading zero byte for OAEP decoding.
        OAEP decoding failed.
      --RSA_decrypt
    --rsaDecryptBytes
    decrypt: Elapsed time: 0 millisec
    Failed.
  --DecryptStringENC
--ChilkatLog


Answer

The result of RSA encrypting is a two step process: First the data is padded to a specific length using PKCS v1.5 or OAEP padding, and then the padded data is encrypted using modular exponentiation. Decrypting is the reverse: modular exponentiation followed by unpadding.

With PKCS v1.5 padding, the data to be encrypted is still visible, but random bytes are added for padding. W/ the verbose logging, you should be able to see, after the exptmod, the original data in PKCSv1.5 padding. For example, here's a sample of a verbose log after decrypting the previously encrypted string "AAAAAAAA". We should see the bytes 0x41 (for us-ascii 65, or "A") in the decrypted but still padded data -- and we do:

        encryptedData: BD03 8109 10AA 2590 0DAB BC95 79F1 4036
597A 4BB0 35D0 8D52 0522 CF00 58F2 910C
19F4 C1EF DFA1 628A 5063 A9AC 6849 ED64
B0EE 8332 8CA6 7D8E 68D5 801A A427 2719
F177 CB36 034E 4EFA 0FF1 DF8A 16FD 4892
151A B6C6 4F7E CA90 404A 3A5B 7F57 1D30
8399 9E0A CE17 EF75 92C1 B39D A3DB D5DA
4C52 18A8 BCD4 A3E6 D876 5405 B8DA BFCC
        exptmod: Elapsed time: 0 millisec
        exptmod_decoded: 0273 750B 327A 5B1E D647 29B8 5261 7CFF
46E1 18E6 E7D3 7B7A BFC8 FD06 8F51 4B9E
F031 E6F6 693B 9334 D28A 8FBE F967 AB3F
AA18 29A5 B071 F799 F54B 581B 1D3D 82D1
F940 7BBE 1C82 8E2A AB64 D2B7 7D02 B18A
13E3 AB3B 3A23 443C 7ABD 04B4 2B77 47D3
A17B 8A93 3A01 B0D1 A8FD 6F3C 5CF3 7F59
95E6 EDD6 BEEC 0041 4141 4141 4141 41
        exptmod_decoded_size: 127
        padding: PKCS 1.5
        sizeAfterPkcs15_decode: 8

If the exptmod step produces garbage output (i.e. something not recognized as PKCS v1.5 formatted data), then the likely error is simply that the incorrect RSA key is being used for decryption.

Also.. given that the PKCSv1.5 padding is ASN.1 (beginning with a SEQUENCE ASN.1 object), the first byte of PKCS v1.5 padded data would be 0x02. If you don't see that first 0x02 byte, again, it's likely that the wrong key was used..


Answer

well, I solved my problem by encoding with the public key. In such way no failure is happening. I can't, encode and decode with the private key?