Question on decrypting with RSA private key

[ocelhay]

> res$encryptedDOB
[1] "-----BEGIN PKCS7-----\nMIIB7AYJKoZIhvcNAQcDoII   
AND A DOZEN MORE LINES
 yKoAQ\nODSdYaqI0HoIg7UiOuVDPw==\n-----END PKCS7-----"
> key <- openssl::read_key("/Users/olivier/Documents/UCSD/HBCD/TLFB/encryption/tlfb-private-key.pem")
> key
[2048-bit rsa private key]
md5: 250cbf869f2d922960afcd82302a9e16
sha256: d763792c2e7933296322f2fc3ac984dfdebb990003f991e4d526c74b4efe1e62
> openssl::rsa_decrypt(data = res$encryptedDOB, key = key)
Error in openssl::rsa_decrypt(data = res$encryptedDOB, key = key) : 
  check failed: (is.raw(data))
> openssl::rsa_decrypt(data = charToRaw(res$encryptedDOB), key = key)
Error: OpenSSL error in rsa_ossl_private_decrypt: data greater than mod len

I think that res$encryptedDOB has been created with the command echo "yyyy-mm-dd" | openssl smime -encrypt -aes-256-cbc -outform PEM tlfb_dob-public-key.pem > tlfb_dob_inline.enc

What is wrong with the above attempt to decrypt using my private key?

[jeroen]

You are mixing up different formats. rsa_encrypt does raw encryption of small blobs using an RSA key.

However, you are using PKCS7, which is a container format that requires a certificate to encrypt (not just a public key). How did you convert your RSA key to a certificate exactly?

[ocelhay]

Thanks, indeed I was mixing things up. I could find an encryption that worked for us.

[jeroen]

I've also added the ability to decrypt pkcs7 format if you are still interested: https://github.com/jeroen/openssl/commit/c1fe346538912707170d7bd3759b110425ab43c3