DecryptWithRSAPrivateKey Decoding Problem

[prakhartc]

I am calling the decryptWithRSAPrivateKey to decrypt a piece of data and then converting the decrypted data to string using let decryptedString = NSString(data: decryptedData!, encoding: String.Encoding.utf8.rawValue)! But this is giving an error as shown in the image. Please help.

[btnguyen2k]

Hi @prakhartc,

What is value of decryptedData (e.g. output of the previous print line)?

[prakhartc]

Hey @btnguyen2k The line just above the fatal error, ie "decrypted data is 208 bytes"

[btnguyen2k]

Hi @prakhartc, if the previous line was ok (i.e. 208 bytes) then the decryption should be ok (your original data was 208 bytes, is it correct?). The fatal error was "unexpected found nil while unwrapping an Optional value". It could be one of two cases:

• the decryptedData is nil: which is not the case because the previous line proved it.
• the result of the whole NSString(...) statement is nil. Which means the decryptedData! can not be converted to String using UTF8.rawValue.

I dont know what was your original data. But according to the error message, decryptedData! is not valid for utf8.rawType mode.

[prakhartc]

Hi @btnguyen2k Thank you for your response. If that is the case, then how do i go about using this library. Initially I had a normal string "hi prakhar", which i converted to base64 string, then converted it to Data and then called the decryptWithRSAPrivateKey. How do i then display the decrypted result to the user. I have researched a lot with this and i am going no where now.

[btnguyen2k]

Hi @prakhartc, the flow would be like this:

1. let orgString = "hi prakhar"

2. Encrypt it with public key: let encryptedData = encryptWithRSAPublicKey(str: orgString, pubkeyBase64: publicKeyInBase64Format) or let encryptedData = encryptWithRSAPublicKey(str: orgString, pubkeyBase64: publicKeyInBase64Format, tag: tagName)

3. Decrypt data back with private key: let orgData = decryptWithRSAPrivateKey(encryptedData: encryptedData, privkeyBase64: privateKeyInBase64Format) or let orgData = decryptWithRSAPrivateKey(encryptedData: encryptedData, privkeyBase64: privateKeyInBase64Format, tag: tagName)

Here, the orgData is already the string "hi prakhar" as Data. You can get it back by calling String(data: orgData!, encoding: .utf8).

Your flow was not correct: "Initially I had a normal string "hi prakhar", which i converted to base64 string (1), then converted it to Data (2) and then called the decryptWithRSAPrivateKey" You have to encrypt data with private key, not just convert it to base64.

[ashishsinghdev]

Hi @btnguyen2k

We have two KeyPairs of RSA 1024 bits keys. We have added a client cross pair in the application which contains privateKey of one keyPair and public Key of another key pair.

We are encrypting using the public key with padding SecPadding.OAEP Encryption is working fine and successfully decrypted at the server end using corresponding private Key.

Now Server is encrypting using the public key of server's cross pair and we are decrypting it using corresponding private Key.

Here we are using the same SecPadding.OAEP to decrypt because the server is using this padding.

We are using the private key in pkcs#8 format, we also tried pkcs#1 but pkcs#1 not supported by KeyChain it is returning nil. (pkcs#8 is working fine)

I'm sure we are using the right cross pair, I've successfully tested encryption and decryption using the same cross pair in Android.

static open func decryptWithRSAKey(_ encryptedData: Data, rsaKeyRef: SecKey, padding: SecPadding) -> Data?

while debugging we observed that inside above-mentioned function, var decryptedData is nil.

PrivateKey Details: format: pkcs#8 bits: 1024 Algo: RSA

Padding for encryption and decryption at both ends is "SecPadding.OAEP" which is equivalent of "RSA/ECB/OAEPWithSHA-1AndMGF1Padding" padding we are using at the server side.

[btnguyen2k]

Hi @ashishsinghdev, I tested with the following data:

Public Key : MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkw7pYdYdpFJhpb0D4hWesYA7hvC7ykRGO8VlsiJYuf7BgLZeUE5OYEP+mynePuHEh6SPhzkxgHp/LFSQdFrNIJRslOrE35yAEE2+nYQzZSgDPIFC8tN9458/bFiKExFfgUn8Eu6rhXGSPJOD93dRPspVCq0ZyOKzANPJfi8kixb/kDUU2ZKr9Gc8Rgt1JWgED4eribrtU14AvUzXibF5n1TFmbQ33Ik22U3Rrm6i914cP4de5fn02WiIBA1ohXwQRemUxlb1Sj7YFKqMo8nNBioGoRMsSpbzBiYyQfN93VE/ehMUQIjAx5AIhALo5qMWuGjYYQZo5Tz5EhnqyzUvD6F0R3Ii2GcMTPIqHmmciLQNIyLdJoG9NJxbGpEzogNIoFQ4BNGYQLlZ6Z7wHTKZs5nvWCA0Pbb1t24jQ2rgw+gEQ1krcM/Q6zuL5+3pIARiSmt3wrNYrzCZ9gM/xmxE8OFizLA9KjOnEUqB6ULj0KT6MkFB8EqN4VHSnLsbALfefTw57UldYQweui0GRZwQ+dnjs7rd7DvAIifdDjY8AVX4iJ2qYMwUiHhjlKBjPW1CQpeU+Emdl1oY1/gTHOeJOoBZd8wRpLFFY7V0JR2aQhi9eVwpn5GT0w4DML+tNDbil2m8StySom760MbnHtIy6HIK7E4HF8Iq9lZZpsKUL+MCAwEAAQ==

Private Key: MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCTDulh1h2kUmGlvQPiFZ6xgDuG8LvKREY7xWWyIli5/sGAtl5QTk5gQ/6bKd4+4cSHpI+HOTGAen8sVJB0Ws0glGyU6sTfnIAQTb6dhDNlKAM8gULy033jnz9sWIoTEV+BSfwS7quFcZI8k4P3d1E+ylUKrRnI4rMA08l+LySLFv+QNRTZkqv0ZzxGC3UlaAQPh6uJuu1TXgC9TNeJsXmfVMWZtDfciTbZTdGubqL3Xhw/h17l+fTZaIgEDWiFfBBF6ZTGVvVKPtgUqoyjyc0GKgahEyxKlvMGJjJB833dUT96ExRAiMDHkAiEAujmoxa4aNhhBmjlPPkSGerLNS8PoXRHciLYZwxM8ioeaZyItA0jIt0mgb00nFsakTOiA0igVDgE0ZhAuVnpnvAdMpmzme9YIDQ9tvW3biNDauDD6ARDWStwz9DrO4vn7ekgBGJKa3fCs1ivMJn2Az/GbETw4WLMsD0qM6cRSoHpQuPQpPoyQUHwSo3hUdKcuxsAt959PDntSV1hDB66LQZFnBD52eOzut3sO8AiJ90ONjwBVfiInapgzBSIeGOUoGM9bUJCl5T4SZ2XWhjX+BMc54k6gFl3zBGksUVjtXQlHZpCGL15XCmfkZPTDgMwv600NuKXabxK3JKibvrQxuce0jLocgrsTgcXwir2VlmmwpQv4wIDAQABAoICADtPiFEtSkc78qYl1asZjSeJ0HhcH2E0qB7zPlDaCW76kJCY/PDmpDWvNsDd4gT6iYkrlbe0GYL35NK8SIalGJZLRn/JMB3/wKbStE5TQ2dI/AUrHRVStzNWxv2ruAR4vUwnysLX/9WSOKi11kO4m8v3TtU/e2bKB+gNgvahjNuMKwa+YepefXvVJzoY5OZxTTH2RfkGqzE0eJfgpg2ixqq8RfX3+Y+4x6Zc/HSdqpyaGEqHDn8ykM4emr0Hq2Aq6WVJD/fumn+XWQ78ujxU55vU11efo/1xZBLW1O5Ehj78xd02VLSycw4JyWV0xvo+TKuTnbGEJEpQjSP/z/KlQJUtaY+vaicRwGV5uLVA7jxJQlFHrENQd47sRsZEnwmsBwUWfu7ZSf6YLhnV5XRM5oumnSM9wfiJR3XlOAz6wBYRjY/XbnYW/4uHFmxEXkjuWQBWyI9/OTYHYTrZDgIWnmdW4bP+9tuXzbaSkAisW850w59z3lLD5967WMuYRNgJYXrxc415dWlKU4N3n8eyhAr86dJ+yzIg/mfoAN+uSns+cOm+wnjjOiA8Ea6cusVpm9+UoXgjr6Ir4f4oDzYJYuo4snJL0Ilb/GYPXs1sjOPHizPT9GzL+6Aei1C00tY1Vn2qaoup/4mXYJ9t+ZAsWv+QGnTLrkJxQ+A1p2jnNmYBAoIBAQDuoEfVFFNbQQSAPUjLgXlI7CREIRbsKtjqOHbOZHBw5sbf0O1tFk6+dI/SNRQQE1g8PBakIaE02hQwkS0TJ1W6V4hPIXO7o1zavkk05WqlfPY2IdlyDETB5hANsTycCA4WIYROZ9Z+aQI2xKlA8VoQoTOpdnmENOwzhhIU09hA4/hNMtKucMCnOnqB8Ab7TLBhM5Mlis79TCnqWmLI7f5svyM/I1ZFIs2FYqn1IoWA4Ldg1LIzxeBw55Gza37J0/gSmAOARCOfCgxESklOC2EVje6ZlOVvYBkBLLzi6I9bgf1lGa1fOia6qFBr7Y3kFDo84ghVN9w6iy15KAS46Oh3AoIBAQCdw+kOjMCXf77k7P/UTyes2NXc5hrF+FSHxmliXtyLZvPSlOirPYenZwkuDf9ZbpCLy1Wt66eOgU1EkFyDm4Oz1o6r1mjhc0Pua84xKgK67O9UPfxlKm2GptwYzYApLqYm5+sWanRrFGOvQkFIQdrV4IwAkl+CNyZdmzInqxtPXuTT7HXoYNKa2ZPcVXn09Ao8q6OZYEb3UcqebsKGT3f6Jwft59HBVhz7MrYm0qxp45/RtF9zDjR5lAtI3UDmTJ/CZetTNqymUkGiFb6RUVrtCSfmwzV7EdPUoU6rdJNr/Yz+DBYpjofhKa4VTx+/1Ry+g/YyvIAHQMcRMBjog3r1AoIBAQChXaX1w77ysK74gXjelXmNBJMpty6nGfqBuRkuTOF0l7rY05Ia+MDbLjurrNUaYdqDMScmas92zBpnFWVj1G+2iUbWLAr1Um2SRqd+q71Il45v4MgIxZ8heBBXEgmoghH0iUnNM47rANvMaYUDM7LyF/C1ojZeXuNznDBSAUf16bOZkMrDx9+ftn3trIEsIxoLQTM6afm7dGvL3L98nOQ2abLOGXlXW0eb8bJ44JVjJ5MaWfr/48n4z7/JkuG0XjEdccq8TFfCTqso6wtTSYKnbslw9i2I+XUvRC+fSiDXgrn2SjzhbpOOGg/4TDZti/gt/7Qe3J2CwWdIzPUUjfvVAoIBAE3GKrpVgQwumbjZbTUI4JJBQwznEwPNbD6S/ZjVEvxWAJUre5gPeTR5gvkFRYCdFP0VfGOE7NE/xQur7y+iFsctWqAzzvh1jmOXGcr63uWvsDxjYm2tANmEoLRJeojSym4bnrUqPcIcBxh7HRu1+1+8lsghYJwc+/jhbVRI8emq6jvfMjEgqjJUWKQiL0EmnXVTWA9gexupYq3ABH2Z55eWbj5GLg2Vmivr0AhLi1uYL01+Eh/yPMRCy11cVYYy9/8pp10acvp7SofRGGUjKiP4g4crbM4C9962tsWnbpWqJTuIUdSiwzGpDnzKyOgU81qoS1Kvwp3QvVIn19+oEZECggEBAMrTCHmNl9vfSz5o9vE9LVen5Kx/0PMAccDBHIHjkYg+6gUfoTW0dEPQuhtTLys3RntpjQrnuH/+RpJVwNzKKWHLmx4u8NZXR2un+0uJ18Ya++o5a04CjycO0PMVkKIcN/ujpPIo/FEMXrnN4gPMDnTMDjwCeAjjuvQUImOf6CjPIogK7S68gCplezz1OQGvlsA28y0fPUBQITQThVh+SZP4byRuS21tNk0SgJNwcf/KTvT/xfI9TmmCG9+jpDKhEymLQgEYGPRU/EhBgsSqyB4J5q8vOVhGcvRolwdWuqufl1tLTKLKHwSD7nlN8bRJiwX+JPFM0GY+as6CMlaRh98=

Data : This is the message. Data after encryption at server (converted to base64 for reading purpose) using RSA/ECB/OAEPWithSHA-1AndMGF1Padding: (My server code is Java) BvNh0BRUCx2X009HpCA1KxiPZ3s431av2CEwVaj7n3288S8H7eFnIjxH/KI7DUK/iOyj28tg3utceQE/QoqvK8ftGtuZRa65DOOOP56w1dfO0Lv40JAS8+JpH3/yW7wJecIq4tK4ijvrUBzVPMFYkNJGrsHLe7CRDhZL/pZP1hn/gfIDd+bEP5l7U+bzPo+fiPON4LPrL/xQub3WpNxgzZ/cusgLiwnjCyrY7JQYFTYX9ySeUqZDu31Nul0do+NVpCkQy+EQ7isbbL5yOM/dWaAfasdsTShwQbOwpcc++eVUUrf+oWiRC+/qf3zax7Gwg4R+5lb8TTtO1MHtqxsnSkUwmlh4zN8gPZIAQZs+o1UbMy6DWVjubJ+MET1ALjsHMMMXqq3ZnE85yZ43XV5GTfBHFL9dKNgRKPLYpEOGSIC/3687W2h8FRa3h9R0tRZU+KMszKwyqs8p7ZMA6hyyqtCi7RUQgi1e6Q3fO+QvzS7AKNtSc3LMZUpa1qfeNxwm4humOrvaS7Fb6bA/xJrPiyc5LUjC9Tcu6MFETrP3BRRT9g10hp+TPnBuB9OFaMV1VsM9kduj86vcRnlfcGS/EYELJP0Jsm+TOBA97H22BBXuxhEyX0xG0n3iDX1aaBkarxDKwOSsrjqts6dsaK7Vl+RQX1SHGhPjFFdiTDqAJLc=

I can decrypt the data above at client side using SecPadding.OAEP