Closed k06a closed 9 years ago
This is how private key looks like:
[[NSString alloc] initWithData:privateKeyData encoding:NSUTF8StringEncoding]:
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALLr3k0RArHmj3xF
b2DaEbMC5C4OntsvFGef1aIBTSgsV+bzcg1LEOi9vrU5CK30wvzFVI5uxx5X74kN
R+tAAok0fHIbDZcmwPaoh2L5ZqxK8j9zl1173sI6Wl67BImwr1W0/mwicXbYW5MN
Ll0U2LjONCIqD1yainLNJ3KjdjlBAgMBAAECgYAwdBfbnwOv0dSBvvwOqn+ojtvk
bSkwCmvoNCzSlq+idX/Il50HZJDLtrbytONY2LQFaBsiB3X9Datc3i/f0ZHdyl/f
r47qkOt7h5PJghb5bgO+jpWOiyt6znfofVotKWcLZXgPtu7nENX6+B9nOobhPkL5
1nNmtQYrD8M/15dLwQJBANiWfBgePuycFOOMysh0fUMfVm0V8nEkY5DURRCXlXH9
udJZQxA2Wxdc0HXZOWrps5tSfe9fBFEqVRMkzcfZJGUCQQDTerscg8R36FoF1vri
EVjJ5f/lu3HW8eczuc+89yiyfOudW/voxFcDGbUPTq/H9pT2Wr7OjCcB7zPasOS+
qY2tAkA7cZnfeLWmdPQau/KP78DNYlVzHRnsSaN2BXxrIF9o6M1OWSdZ1MFNeTDR
l2v11uxvjcV4pChoKmktFuXPmt4tAkEAu+QYKD5+KRa8HOIjJwXIgCEkGYVPoGxu
QUu+YSKq+uH4KGgYSXdf43ZMopwDm0LemH6JdlOZOKPAy3VM1oUoRQJABUr+aI2z
NOBc72Z8LxDlyH9ncP6Ax6yY3fx/kDcVve/cMxSM9AjphjS3QmeOLZ0YRG/uiMPX
KBFsX79jvsidBg==
-----END PRIVATE KEY-----
Online RSA key converter shows me this for my private key:
<RSAKeyValue>
<Modulus>suveTRECseaPfEVvYNoRswLkLg6e2y8UZ5/VogFNKCxX5vNyDUsQ6L2+tTkIrfTC/MVUjm7HHlfviQ1H60ACiTR8chsNlybA9qiHYvlmrEryP3OXXXvewjpaXrsEibCvVbT+bCJxdthbkw0uXRTYuM40IioPXJqKcs0ncqN2OUE=</Modulus>
<Exponent>AQAB</Exponent>
<P>2JZ8GB4+7JwU44zKyHR9Qx9WbRXycSRjkNRFEJeVcf250llDEDZbF1zQddk5aumzm1J9718EUSpVEyTNx9kkZQ==</P>
<Q>03q7HIPEd+haBdb64hFYyeX/5btx1vHnM7nPvPcosnzrnVv76MRXAxm1D06vx/aU9lq+zownAe8z2rDkvqmNrQ==</Q>
<DP>O3GZ33i1pnT0Grvyj+/AzWJVcx0Z7EmjdgV8ayBfaOjNTlknWdTBTXkw0Zdr9dbsb43FeKQoaCppLRblz5reLQ==</DP>
<DQ>u+QYKD5+KRa8HOIjJwXIgCEkGYVPoGxuQUu+YSKq+uH4KGgYSXdf43ZMopwDm0LemH6JdlOZOKPAy3VM1oUoRQ==</DQ>
<InverseQ>BUr+aI2zNOBc72Z8LxDlyH9ncP6Ax6yY3fx/kDcVve/cMxSM9AjphjS3QmeOLZ0YRG/uiMPXKBFsX79jvsidBg==</InverseQ>
<D>MHQX258Dr9HUgb78Dqp/qI7b5G0pMApr6DQs0pavonV/yJedB2SQy7a28rTjWNi0BWgbIgd1/Q2rXN4v39GR3cpf36+O6pDre4eTyYIW+W4Dvo6Vjosres536H1aLSlnC2V4D7bu5xDV+vgfZzqG4T5C+dZzZrUGKw/DP9eXS8E=</D>
</RSAKeyValue>
@k06a Which version are you using?
@akhilstanislavose I just wrote pod 'MIHCrypto'
and got 0.2.0
version
It is very strange, but I just slept for 8 hours and decryption error was fixed. I'll close this issue. Thanks all.
The most recent version release around two weeks ago is 0.3.0
, but that shouldn't be the issue since this key feature worked since the first version.
But your issue seems very strange, since all your code is valid. Anyway fine that it is working now.
Did you pushed new version of MIHCrypto to CocoaPods trunk?
No, I pushed the last update two weeks ago. Never touch this framework in the last days.
Looks like my CocoaPods client side don't wanna pull Specs repo automatically. Doing it manually is boring :(
Hi I've got the same bug here ("MIHCrypto", "~> 0.3.2"). These are my lines of code:
NSString *encrypted_text = @"BdhFH0sd7e9DExiCd50Ykh4spm2BX126skjJ1o8HHjKsN+J7r9IoI9kbB9AAacEpJsAfyesiJsq5gDBhQtcNbB6l88aSgPrEoVwR9ilzuzVcv1q3J1dxs4uIEMuhzoWT+R8//dD2jDdXPyFsdGWJc10CEizPFKpmy2jWhvU8CVs=";
NSBundle *myBundle = [NSBundle mainBundle];
NSString *privateKeyPath= [myBundle pathForResource:@"rsa_1024_priv" ofType:@"pem"];
NSData *privateKeyData = [[NSFileManager defaultManager] contentsAtPath:privateKeyPath];
MIHRSAPrivateKey *privateKey = [[MIHRSAPrivateKey alloc] initWithData:privateKeyData];
NSError *decryptionError = nil;
// decryption
NSData *encData = [encrypted_text dataUsingEncoding:NSUTF8StringEncoding];
NSData *decryptedEncData = [privateKey decrypt:encData error:&decryptionError];
NSString* decryptedText = [[NSString alloc] initWithData:decryptedEncData encoding:NSUTF8StringEncoding]; // iOS 7+, by iOS Core API
if(decryptionError){
DDLogDebug(@"error: %@",[encryptionError localizedDescription]);
}
DDLogDebug(@"decrypted: %@",decryptedEncData);
The problem is the same as above:
error: OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)
Do you have any Idea??
by the way: OpenSLL(?!) intern...
The error message data greater than mod len
is already in the error message. RSA should only be used to encrypt small pieces of code.
The data you want to encrypt MUST BE smaller then the key. For example a 1024-bit key can only encrypt up to ~1000-bits of data (some other bits are lost for padding). RSA is not designed to encrypt large blocks of data. In fact it would lost it's cryptographic strength if one key would repeated within on large data set.
The most common method to encrypt large blocks of data with asymmetric cryptography is encrypting the data with a random AES key and then use RSA to encrypt the random AES key with the known RSA key. This way both strengths, the symmetric features of the fast AES-algorithms and the asymmetric features of RSA, would be utilized to safely encrypt the data.
by the way: OpenSLL(?!) intern... I don't know what you want me to tell? As mentioned in the project description this project utilizes OpenSSL.
Thank's for your comment, hohl!
My data was a really small piece of data (username and password). After that I tried another OpenSSL wrapper (https://github.com/jslim89/RSA-objc), that worked fine.
Last thing: 'OpenSLL' -> 'OpenSSL' ...
You can use RSA to encrypt data of any kind of size. This is done by splitting up the data into blocks of sizes of the key and then encrypting every block after another. But this is considered insecure since it could leak the key. Standard OpenSSL prevents this, by not implementing this "block-splitting" feature.
My data was a really small piece of data
The sample you posted consisted of 1416 bits. Which is more then the 1024-bit key. That's why it failed. I'll consider catching this OpenSSL internal exception and throw a more informative one in the next release.
Last thing: 'OpenSLL' -> 'OpenSSL' ...
Thank you for the information about that typo. Will be fixed in next release.
You can use RSA to encrypt data of any kind of size. This is done by splitting up the data into blocks of > sizes of the key and then encrypting every block after another. But this is considered insecure since it > could leak the key. Standard OpenSSL prevents this, by not implementing this "block-splitting" feature.
That is a very interesting fact. Thank you!!
Secure way to encrypt any size of data with RSA is to generate AES key, encrypt all data with AES and the encrypt AES key with RSA. So passive listener will always see really random bytes encrypted with RSA. So he will not be available to get any statistic values and decrypt...
This is how I generated keys:
This is how I am crypting data:
With this values:
This is how I am trying to decrypt data:
With this values:
Can you help me with this error?