Problem decrypting with RSA private key

[k06a]

This is how I generated keys:

MIHRSAKeyFactory *factory = [[MIHRSAKeyFactory alloc] init];
factory.preferedKeySize = MIHRSAKey1024;
MIHKeyPair *pair = [factory generateKeyPair];
NSData *publicKeyData = [pair.publicKey dataValue];
NSData *privateKeyData = [pair.privateKey dataValue];

This is how I am crypting data:

MIHRSAPublicKey *key = [[MIHRSAPublicKey alloc] initWithData:publicKeyData];
NSError *error = nil;
NSData *encryptedData = [key encrypt:uncryptedData error:&error];
if (error) {
    NSLog(@"RSA encryption error: %@", error);
}

With this values:

publicKeyData: <30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00b2ebde 4d1102b1 e68f7c45 6f60da11 b302e42e 0e9edb2f 14679fd5 a2014d28 2c57e6f3 720d4b10 e8bdbeb5 3908adf4 c2fcc554 8e6ec71e 57ef890d 47eb4002 89347c72 1b0d9726 c0f6a887 62f966ac 4af23f73 975d7bde c23a5a5e bb0489b0 af55b4fe 6c227176 d85b930d 2e5d14d8 b8ce3422 2a0f5c9a 8a72cd27 72a37639 41020301 0001>
uncryptedData: <48656c6c 6f20776f 726c6421>
encryptedData: <6b23f42f d4bfe6ea fc86eb17 ac74823b 33eea0f1 341c455e b5db77f8 d9a16ad8 4ca76823 ac06392f 288eddb5 ecc4a30e 989611ff 666fbcec 6851900b 2db8e193 654e09c1 577b4346 fea540d0 ee90c689 08b48306 a663a1a8 3adb8d1d 571b1e4b 101075c7 7afde10b 5339ac96 7a64334f 213dc282 0d6d5401 8e85dcb3 8327ef53>
error: nil

This is how I am trying to decrypt data:

MIHRSAPrivateKey *key = [[MIHRSAPrivateKey alloc] initWithData:privateKeyData];
NSError *error = nil;
NSData *decryptedData = [key decrypt:encryptedData error:&error];
if (error) {
    NSLog(@"RSA decryption error: %@", error);
}

With this values:

privateKeyData: <2d2d2d2d 2d424547 494e2050 52495641 5445204b 45592d2d 2d2d2d0a 4d494943 64674942 4144414e 42676b71 686b6947 39773042 41514546 41415343 416d4177 67674a63 41674541 416f4742 414c4c72 336b3052 4172486d 6a337846 0a623244 6145624d 43354334 4f6e7473 76464765 66316149 42545367 73562b62 7a636731 4c454f69 39767255 35434b33 3077767a 46564935 75787835 5837346b 4e0a522b 7441416f 6b306648 4962445a 636d7750 616f6832 4c355a71 784b386a 397a6c31 31373373 4936576c 36374249 6d777231 57302f6d 77696358 62595735 4d4e0a4c 6c305532 4c6a4f4e 43497144 31796169 6e4c4e4a 334b6a64 6a6c4241 674d4241 41454367 59417764 4266626e 774f7630 64534276 76774f71 6e2b6f6a 74766b0a 62536b77 436d766f 4e437a53 6c712b69 64582f49 6c353048 5a4a444c 74726279 744f4e59 324c5146 61427369 42335839 44617463 33692f66 305a4864 796c2f66 0a723437 716b4f74 37683550 4a676862 3562674f 2b6a7057 4f697974 367a6e66 6f66566f 744b5763 4c5a5867 50747537 6e454e58 362b4239 6e4f6f62 68506b4c 350a316e 4e6d7451 59724438 4d2f3135 644c7751 4a42414e 69576642 67655075 7963464f 4f4d7973 68306655 4d66566d 3056386e 456b5935 44555252 43586c58 48390a75 644a5a51 78413257 78646330 48585a4f 57727073 35745366 65396642 46457156 524d6b7a 63665a4a 47554351 51445465 72736367 38523336 466f4631 7672690a 45566a4a 35662f6c 75334857 3865637a 75632b38 39796979 664f7564 572f766f 78466344 47625550 54712f48 39705432 5772374f 6a436342 377a5061 734f532b 0a715932 74416b41 37635a6e 66654c57 6d645051 61752f4b 50373844 4e596c56 7a48526e 7353614e 32425878 72494639 6f364d31 4f575364 5a314d46 4e655444 520a6c32 76313175 78766a63 56347043 686f4b6d 6b744675 58506d74 3474416b 4541752b 51594b44 352b4b52 6138484f 496a4a77 58496743 456b4759 56506f47 78750a51 55752b59 534b712b 7548344b 47675953 58646634 335a4d6f 7077446d 304c656d 48364a64 6c4f5a4f 4b504179 33564d31 6f556f52 514a4142 55722b61 49327a0a 4e4f4263 37325a38 4c78446c 7948396e 63503641 78367959 3366782f 6b446356 76652f63 4d78534d 39416a70 686a5333 516d654f 4c5a3059 52472f75 694d5058 0a4b4246 73583739 6a767369 6442673d 3d0a2d2d 2d2d2d45 4e442050 52495641 5445204b 45592d2d 2d2d2d0a>
encryptedData: <6b23f42f d4bfe6ea fc86eb17 ac74823b 33eea0f1 341c455e b5db77f8 d9a16ad8 4ca76823 ac06392f 288eddb5 ecc4a30e 989611ff 666fbcec 6851900b 2db8e193 654e09c1 577b4346 fea540d0 ee90c689 08b48306 a663a1a8 3adb8d1d 571b1e4b 101075c7 7afde10b 5339ac96 7a64334f 213dc282 0d6d5401 8e85dcb3 8327ef53>
decryptedData: nil
error: Error Domain=MIHOpenSSLErrorDomain Code=67522668 "OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)" UserInfo=0x170275700 {NSLocalizedDescription=OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)}

Can you help me with this error?

[k06a]

This is how private key looks like:

[[NSString alloc] initWithData:privateKeyData encoding:NSUTF8StringEncoding]:
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALLr3k0RArHmj3xF
b2DaEbMC5C4OntsvFGef1aIBTSgsV+bzcg1LEOi9vrU5CK30wvzFVI5uxx5X74kN
R+tAAok0fHIbDZcmwPaoh2L5ZqxK8j9zl1173sI6Wl67BImwr1W0/mwicXbYW5MN
Ll0U2LjONCIqD1yainLNJ3KjdjlBAgMBAAECgYAwdBfbnwOv0dSBvvwOqn+ojtvk
bSkwCmvoNCzSlq+idX/Il50HZJDLtrbytONY2LQFaBsiB3X9Datc3i/f0ZHdyl/f
r47qkOt7h5PJghb5bgO+jpWOiyt6znfofVotKWcLZXgPtu7nENX6+B9nOobhPkL5
1nNmtQYrD8M/15dLwQJBANiWfBgePuycFOOMysh0fUMfVm0V8nEkY5DURRCXlXH9
udJZQxA2Wxdc0HXZOWrps5tSfe9fBFEqVRMkzcfZJGUCQQDTerscg8R36FoF1vri
EVjJ5f/lu3HW8eczuc+89yiyfOudW/voxFcDGbUPTq/H9pT2Wr7OjCcB7zPasOS+
qY2tAkA7cZnfeLWmdPQau/KP78DNYlVzHRnsSaN2BXxrIF9o6M1OWSdZ1MFNeTDR
l2v11uxvjcV4pChoKmktFuXPmt4tAkEAu+QYKD5+KRa8HOIjJwXIgCEkGYVPoGxu
QUu+YSKq+uH4KGgYSXdf43ZMopwDm0LemH6JdlOZOKPAy3VM1oUoRQJABUr+aI2z
NOBc72Z8LxDlyH9ncP6Ax6yY3fx/kDcVve/cMxSM9AjphjS3QmeOLZ0YRG/uiMPX
KBFsX79jvsidBg==
-----END PRIVATE KEY-----

[k06a]

Online RSA key converter shows me this for my private key:

<RSAKeyValue>
    <Modulus>suveTRECseaPfEVvYNoRswLkLg6e2y8UZ5/VogFNKCxX5vNyDUsQ6L2+tTkIrfTC/MVUjm7HHlfviQ1H60ACiTR8chsNlybA9qiHYvlmrEryP3OXXXvewjpaXrsEibCvVbT+bCJxdthbkw0uXRTYuM40IioPXJqKcs0ncqN2OUE=</Modulus>
    <Exponent>AQAB</Exponent>
    <P>2JZ8GB4+7JwU44zKyHR9Qx9WbRXycSRjkNRFEJeVcf250llDEDZbF1zQddk5aumzm1J9718EUSpVEyTNx9kkZQ==</P>
    <Q>03q7HIPEd+haBdb64hFYyeX/5btx1vHnM7nPvPcosnzrnVv76MRXAxm1D06vx/aU9lq+zownAe8z2rDkvqmNrQ==</Q>
    <DP>O3GZ33i1pnT0Grvyj+/AzWJVcx0Z7EmjdgV8ayBfaOjNTlknWdTBTXkw0Zdr9dbsb43FeKQoaCppLRblz5reLQ==</DP>
    <DQ>u+QYKD5+KRa8HOIjJwXIgCEkGYVPoGxuQUu+YSKq+uH4KGgYSXdf43ZMopwDm0LemH6JdlOZOKPAy3VM1oUoRQ==</DQ>
    <InverseQ>BUr+aI2zNOBc72Z8LxDlyH9ncP6Ax6yY3fx/kDcVve/cMxSM9AjphjS3QmeOLZ0YRG/uiMPXKBFsX79jvsidBg==</InverseQ>
    <D>MHQX258Dr9HUgb78Dqp/qI7b5G0pMApr6DQs0pavonV/yJedB2SQy7a28rTjWNi0BWgbIgd1/Q2rXN4v39GR3cpf36+O6pDre4eTyYIW+W4Dvo6Vjosres536H1aLSlnC2V4D7bu5xDV+vgfZzqG4T5C+dZzZrUGKw/DP9eXS8E=</D>
</RSAKeyValue>

[akhilstanis]

@k06a Which version are you using?

[k06a]

@akhilstanislavose I just wrote pod 'MIHCrypto' and got 0.2.0 version

[k06a]

It is very strange, but I just slept for 8 hours and decryption error was fixed. I'll close this issue. Thanks all.

[hohl]

The most recent version release around two weeks ago is 0.3.0, but that shouldn't be the issue since this key feature worked since the first version.

But your issue seems very strange, since all your code is valid. Anyway fine that it is working now.

[k06a]

Did you pushed new version of MIHCrypto to CocoaPods trunk?

[hohl]

No, I pushed the last update two weeks ago. Never touch this framework in the last days.

[k06a]

Looks like my CocoaPods client side don't wanna pull Specs repo automatically. Doing it manually is boring :(

[tillmannheigel]

Hi I've got the same bug here ("MIHCrypto", "~> 0.3.2"). These are my lines of code:

NSString *encrypted_text = @"BdhFH0sd7e9DExiCd50Ykh4spm2BX126skjJ1o8HHjKsN+J7r9IoI9kbB9AAacEpJsAfyesiJsq5gDBhQtcNbB6l88aSgPrEoVwR9ilzuzVcv1q3J1dxs4uIEMuhzoWT+R8//dD2jDdXPyFsdGWJc10CEizPFKpmy2jWhvU8CVs=";
NSBundle *myBundle = [NSBundle mainBundle];
NSString *privateKeyPath= [myBundle pathForResource:@"rsa_1024_priv" ofType:@"pem"];    
NSData *privateKeyData = [[NSFileManager defaultManager] contentsAtPath:privateKeyPath];
MIHRSAPrivateKey *privateKey = [[MIHRSAPrivateKey alloc] initWithData:privateKeyData];
NSError *decryptionError = nil;

// decryption
NSData *encData = [encrypted_text dataUsingEncoding:NSUTF8StringEncoding];
NSData *decryptedEncData = [privateKey decrypt:encData error:&decryptionError];
NSString* decryptedText = [[NSString alloc] initWithData:decryptedEncData encoding:NSUTF8StringEncoding]; // iOS 7+, by iOS Core API

if(decryptionError){
    DDLogDebug(@"error: %@",[encryptionError localizedDescription]);
}
DDLogDebug(@"decrypted: %@",decryptedEncData);

The problem is the same as above:

error: OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)

Do you have any Idea??

[tillmannheigel]

by the way: OpenSLL(?!) intern...

[hohl]

The error message data greater than mod len is already in the error message. RSA should only be used to encrypt small pieces of code.

The data you want to encrypt MUST BE smaller then the key. For example a 1024-bit key can only encrypt up to ~1000-bits of data (some other bits are lost for padding). RSA is not designed to encrypt large blocks of data. In fact it would lost it's cryptographic strength if one key would repeated within on large data set.

The most common method to encrypt large blocks of data with asymmetric cryptography is encrypting the data with a random AES key and then use RSA to encrypt the random AES key with the known RSA key. This way both strengths, the symmetric features of the fast AES-algorithms and the asymmetric features of RSA, would be utilized to safely encrypt the data.

by the way: OpenSLL(?!) intern... I don't know what you want me to tell? As mentioned in the project description this project utilizes OpenSSL.

[tillmannheigel]

Thank's for your comment, hohl!

My data was a really small piece of data (username and password). After that I tried another OpenSSL wrapper (https://github.com/jslim89/RSA-objc), that worked fine.

Last thing: 'OpenSLL' -> 'OpenSSL' ...

[hohl]

You can use RSA to encrypt data of any kind of size. This is done by splitting up the data into blocks of sizes of the key and then encrypting every block after another. But this is considered insecure since it could leak the key. Standard OpenSSL prevents this, by not implementing this "block-splitting" feature.

My data was a really small piece of data

The sample you posted consisted of 1416 bits. Which is more then the 1024-bit key. That's why it failed. I'll consider catching this OpenSSL internal exception and throw a more informative one in the next release.

Last thing: 'OpenSLL' -> 'OpenSSL' ...

Thank you for the information about that typo. Will be fixed in next release.

[tillmannheigel]

You can use RSA to encrypt data of any kind of size. This is done by splitting up the data into blocks of > sizes of the key and then encrypting every block after another. But this is considered insecure since it > could leak the key. Standard OpenSSL prevents this, by not implementing this "block-splitting" feature.

That is a very interesting fact. Thank you!!

[k06a]

Secure way to encrypt any size of data with RSA is to generate AES key, encrypt all data with AES and the encrypt AES key with RSA. So passive listener will always see really random bytes encrypted with RSA. So he will not be available to get any statistic values and decrypt...