Discussion:
DER decoding in .NET
Hai Ning
2013-01-11 23:22:27 UTC
Permalink
I have a binary file someone sent me. I am told it is DER encoded and I have
the private key in a PFX format.



How do I use BC to decode this file using C#? Is there any sample code?
Thanks.



- Hai
Christoph Hannebauer
2013-01-13 09:11:42 UTC
Permalink
Hello Hai,

PFX aka PKCS#12 is a format specified in ASN.1 for storing data like
private keys.
DER specifies how to encode data whose format is specified as ASN.1.

Almost all X.509 related data can be stored with DER encoding. For
example, your PFX file is also DER encoded. Thus, with the information
you have told us, we do not know the actual format of your binary file.
Therefore we need more information to tell how to decode this binary
file. Maybe you have a file extension?

Encoding and decoding is also something completely different than
encryption and decryption. For the former, you just have to know the
specific format used and for the latter, you have to have a
cryptographic key. Since you have a private key and it is related to
your "binary file", this file is probably encrypted with an asymmetric
encryption algorithm like RSA. Maybe it's a CMS file?

If you just want to decrypt a single file, I suggest you use openssl
with the cms command. This is easier than writing your own application
with Bouncy Castle.


Best,

Christoph
Post by Hai Ning
I have a binary file someone sent me. I am told it is DER encoded and
I have the private key in a PFX format.
How do I use BC to decode this file using C#? Is there any sample
code? Thanks.
-Hai
Hai Ning
2013-01-13 13:59:34 UTC
Permalink
Chris, Torsten,



Thank you both for responding.



I did some reading on DER after sending the email. And you are right, my
question was flawed. Let me try to explain the full picture.



I am given a file and the following instruction on how to decode/decrypt
this file:

1. Decrypt the wrapped session key with the Private key of customer
using RSA.

2. Decrypt the Signed Data with the unwrapped session key using 3DES
EDE CBC.

3. Generate a hash of the data file using SHA1.

4. Decrypt the digital signature with the Public Key using RSA.

5. Verify hash.



According to the instruction I have to decrypt the session key first. But I
can't tell which part of the binary file is the encrypted session key. I
tried to use .NET APIs to decrypt the entire file using the PFX I have but
ran into error "length exceed 128" or something like that.



I think (I could be wrong) that this file is DER encoded. So I am trying to
decode it first, see if I can separate the encrypted session key and the
encrypted payload.



If instead, this is a CMS (more readings for me.) file as you suspected, how
do I go about decrypt it?



How can I tell if this is DER file, or a CMS file? (I have asked my source
and they don't know).



I guess I could try using openssl but ultimately I need to do this
programmatically as an automated process.



Any pointers you can offer is appreciated.



- Hai



From: Christoph Hannebauer [mailto:ch-bouncycastle-***@public.gmane.org]
Sent: Sunday, January 13, 2013 4:12 AM
To: ninghai-7hfgnmaHtACB+***@public.gmane.org <mailto:ninghai-7hfgnmaHtACB+***@public.gmane.org>
Cc: dev-crypto-csharp-***@public.gmane.org
<mailto:dev-crypto-csharp-***@public.gmane.org>
Subject: Re: [dev-crypto-csharp] DER decoding in .NET



Hello Hai,

PFX aka PKCS#12 is a format specified in ASN.1 for storing data like private
keys.
DER specifies how to encode data whose format is specified as ASN.1.

Almost all X.509 related data can be stored with DER encoding. For example,
your PFX file is also DER encoded. Thus, with the information you have told
us, we do not know the actual format of your binary file. Therefore we need
more information to tell how to decode this binary file. Maybe you have a
file extension?

Encoding and decoding is also something completely different than encryption
and decryption. For the former, you just have to know the specific format
used and for the latter, you have to have a cryptographic key. Since you
have a private key and it is related to your "binary file", this file is
probably encrypted with an asymmetric encryption algorithm like RSA. Maybe
it's a CMS file?

If you just want to decrypt a single file, I suggest you use openssl with
the cms command. This is easier than writing your own application with
Bouncy Castle.


Best,

Christoph


On 12.01.2013 00:22, Hai Ning wrote:

I have a binary file someone sent me. I am told it is DER encoded and I have
the private key in a PFX format.



How do I use BC to decode this file using C#? Is there any sample code?
Thanks.



- Hai
Moschny, Torsten
2013-01-13 20:55:22 UTC
Permalink
Hi,

its simple signed and encrypted data. I strongly recommend to create a
proper command line for OpenSSL. There are some binaries of OpenSSL on
the web, try the "cms" option.

If you still want to code it with BC yourself, I can't help you as I
haven't digged into that yet myself. Sorry.

Regards,
Torsten
Post by Hai Ning
Chris, Torsten,
Thank you both for responding.
I did some reading on DER after sending the email. And you are right, my
question was flawed. Let me try to explain the full picture.
I am given a file and the following instruction on how to decode/decrypt
1.Decrypt the wrapped session key with the Private key of customer using
RSA.
2.Decrypt the Signed Data with the unwrapped session key using 3DES EDE CBC.
3.Generate a hash of the data file using SHA1.
4.Decrypt the digital signature with the Public Key using RSA.
5.Verify hash.
According to the instruction I have to decrypt the session key first.
But I can’t tell which part of the binary file is the encrypted session
key. I tried to use .NET APIs to decrypt the entire file using the PFX I
have but ran into error “length exceed 128” or something like that.
I /think/ (I could be wrong) that this file is DER encoded. So I am
trying to decode it first, see if I can separate the encrypted session
key and the encrypted payload.
If instead, this is a CMS (more readings for me…) file as you suspected,
how do I go about decrypt it?
How can I tell if this is DER file, or a CMS file?(I have asked my
source and they don’t know).
I guess I could try using openssl but ultimately I need to do this
programmatically as an automated process.
Any pointers you can offer is appreciated.
-Hai
*Sent:* Sunday, January 13, 2013 4:12 AM
*Subject:* Re: [dev-crypto-csharp] DER decoding in .NET
Hello Hai,
PFX aka PKCS#12 is a format specified in ASN.1 for storing data like
private keys.
DER specifies how to encode data whose format is specified as ASN.1.
Almost all X.509 related data can be stored with DER encoding. For
example, your PFX file is also DER encoded. Thus, with the information
you have told us, we do not know the actual format of your binary file.
Therefore we need more information to tell how to decode this binary
file. Maybe you have a file extension?
Encoding and decoding is also something completely different than
encryption and decryption. For the former, you just have to know the
specific format used and for the latter, you have to have a
cryptographic key. Since you have a private key and it is related to
your "binary file", this file is probably encrypted with an asymmetric
encryption algorithm like RSA. Maybe it's a CMS file?
If you just want to decrypt a single file, I suggest you use openssl
with the cms command. This is easier than writing your own application
with Bouncy Castle.
Best,
Christoph
I have a binary file someone sent me. I am told it is DER encoded
and I have the private key in a PFX format.
How do I use BC to decode this file using C#? Is there any sample
code? Thanks.
-Hai
Christoph Hannebauer
2013-01-14 08:29:22 UTC
Permalink
Hai,

it's probably a good idea to try decrypt the file with OpenSSL, so you
know about the right parameters before doing it programatically. Maybe
you can use the native .NET classes to decrypt the file, as this works
as well and is probably simpler than using BC. I'm sorry that I also do
not have .NET code to decrypt the file with the native .NET classes, but
I have already done it and I know it works. I have a snippet to
*encrypt* a file with CMS, so you may have a look at it and try to do it
the other way around:

// baUnencryptedMail - data you want to encrypt
// certRecipient - certificate you want to encrypt to
byte[] encryptData(byte[] baUnencryptedMail, X509Certificate2 certRecipient)
{
ContentInfo content = new ContentInfo(baUnencryptedMail);
EnvelopedCms msgEncrypt = new EnvelopedCms(content);
CmsRecipient cmsMailRecipient = new
CmsRecipient(certRecipient);
msgEncrypt.Encrypt(cmsMailRecipient);
return msgEncrypt.Encode();
}
Post by Moschny, Torsten
Hi,
its simple signed and encrypted data. I strongly recommend to create a
proper command line for OpenSSL. There are some binaries of OpenSSL on
the web, try the "cms" option.
If you still want to code it with BC yourself, I can't help you as I
haven't digged into that yet myself. Sorry.
Regards,
Torsten
Post by Hai Ning
Chris, Torsten,
Thank you both for responding.
I did some reading on DER after sending the email. And you are right, my
question was flawed. Let me try to explain the full picture.
I am given a file and the following instruction on how to decode/decrypt
1.Decrypt the wrapped session key with the Private key of customer using
RSA.
2.Decrypt the Signed Data with the unwrapped session key using 3DES EDE CBC.
3.Generate a hash of the data file using SHA1.
4.Decrypt the digital signature with the Public Key using RSA.
5.Verify hash.
According to the instruction I have to decrypt the session key first.
But I can’t tell which part of the binary file is the encrypted session
key. I tried to use .NET APIs to decrypt the entire file using the PFX I
have but ran into error “length exceed 128” or something like that.
I /think/ (I could be wrong) that this file is DER encoded. So I am
trying to decode it first, see if I can separate the encrypted session
key and the encrypted payload.
If instead, this is a CMS (more readings for me…) file as you suspected,
how do I go about decrypt it?
How can I tell if this is DER file, or a CMS file?(I have asked my
source and they don’t know).
I guess I could try using openssl but ultimately I need to do this
programmatically as an automated process.
Any pointers you can offer is appreciated.
-Hai
*Sent:* Sunday, January 13, 2013 4:12 AM
*Subject:* Re: [dev-crypto-csharp] DER decoding in .NET
Hello Hai,
PFX aka PKCS#12 is a format specified in ASN.1 for storing data like
private keys.
DER specifies how to encode data whose format is specified as ASN.1.
Almost all X.509 related data can be stored with DER encoding. For
example, your PFX file is also DER encoded. Thus, with the information
you have told us, we do not know the actual format of your binary file.
Therefore we need more information to tell how to decode this binary
file. Maybe you have a file extension?
Encoding and decoding is also something completely different than
encryption and decryption. For the former, you just have to know the
specific format used and for the latter, you have to have a
cryptographic key. Since you have a private key and it is related to
your "binary file", this file is probably encrypted with an asymmetric
encryption algorithm like RSA. Maybe it's a CMS file?
If you just want to decrypt a single file, I suggest you use openssl
with the cms command. This is easier than writing your own application
with Bouncy Castle.
Best,
Christoph
I have a binary file someone sent me. I am told it is DER encoded
and I have the private key in a PFX format.
How do I use BC to decode this file using C#? Is there any sample
code? Thanks.
-Hai
Moschny, Torsten
2013-01-13 10:10:42 UTC
Permalink
Hello Hai,

you should say what you're trying to do with that file. You may start to
parse the file by means of BC's PKCS12Store:

Pkcs12Store p12s = new Pkcs12Store ( new MemoryStream ( p12file ), pin );

As you see, you may also require a PIN. Read RSA's PKCS#12 standard for
details. But i presume this is not what you're looking for.

If you just want to sign/decrypt things, you may use either OpenSSL or
Microsoft's Crypto-API or some PKCS#11 middleware, depending on the
software you intend to use (command line, Adobe/MS Office, Mozilla, ...).

Regards,
Torsten
Post by Hai Ning
I have a binary file someone sent me. I am told it is DER encoded and I
have the private key in a PFX format.
How do I use BC to decode this file using C#? Is there any sample code?
Thanks.
-Hai
Loading...