Cant encrypt key

Hi, I'm trying to use e
object RSA: TRSAEncSign
Version = '4.3.3.0'
encType = oaep
hashFunction = sha256
keyLength = kl2048
Unicode = yesUni
outputFormat = base64
pssSaltLen = 0
withOpenSSL = True

to encrypt sign in key as mentioned in this document
https://isecure.fi/wsapi_v2/index.html#operation--account--Email---Mode--put

are able to do it with:
openssl-1.0.2u-x64_86-win64\openssl.exe rsautl -oaep -encrypt -pubin -inkey test.pem -in req.txt -out req.sign
openssl.exe base64 -A -in req.sign -out res.txt

RSA.withOpenSSL := true;
RSA.FromOpenSSLPublicKey(path);
key := RSA.Encrypt(pw);

but are getting error: RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
from supplier, so some thought on this?
I've tried all kind of combination without any luck.

Hi, can you try with pssSaltLen = 20?
bernard

I cant get it to work, but I've tried by creating a sample project:
object rsa: TRSAEncSign
Version = '4.3.3.0'
pssSaltLen = 0
Left = 304
Top = 224
end

procedure test;
var
s,pw:string;
fs:TMemoryStream;
begin
pw := 'my test text';
RSA.withOpenSSL := true;
RSA.FromPublicKeyFile('public-key.pem');
s := rsa.Encrypt(pw);
fs := TMemoryStream.Create;
fs.Size := length(s) div 2;
HexToBin(pansichar(s),fs.Memory,fs.Size);
fs.SaveToFile('C:\openssl\test\encoded.txt');
end;

openssl genrsa -out private-key.pem 2048
openssl rsa -in private-key.pem -pubout -out public-key.pem

openssl rsautl -oaep -decrypt -inkey private-key.pem -in encoded.txt
result:
RSA operation error
15580:error:040A1079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error:.\crypto\rsa\rsa_oaep.c:264:
15580:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:591:

Would you help with producing a working example?

I couldn't make it work either, so I tried to decrypt with TMS CP and found and issue with the key format in SetPrivateExponent. A key provided in hex shall not be converted to hex again.
Once fixed, I could decrypt.
I'll do more tests to understand what's wrong.

Hi, any news on this, will there be a fix released soon?

Hi, I have yet to identify where the issue is.

Hi, any news regarding a update?

Hi, version 5.0 should be published soon.

Hi, thank you for new version, but still i cant get this to work, so tried with the demo i made over, outcome of openssl is:
10616:error:04065084:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data too large for modulus:.\crypto\rsa\rsa_eay.c:519:

tried with the demo application to encrypt and decrypt base64 code between openssl and application but failes all the time. Could you verify a working setup for rsa 2048 oaep with a public/private pem certificate?

Hi, is it the same code as in

begin
pw := 'my test text';
RSA.withOpenSSL := true;
RSA.FromPublicKeyFile('public-key.pem');
s := rsa.Encrypt(pw);
fs := TMemoryStream.Create;
fs.Size := length(s) div 2;
HexToBin(pansichar(s),fs.Memory,fs.Size);
fs.SaveToFile('C:\openssl\test\encoded.txt');
end;

The error message looks like the outcome of a conversion (or lack of) issue.

And also, nothing to do with your example, but the RSACore.pas file needs to be edited on line 2912:
writeln(S1, ':', S2, ':', S3); needs to be commented or deleted

This section is used to clock the sequence and is useless for normal use.

Yes thats my test code, then I try to decode it with
openssl.exe rsautl -oaep -decrypt -inkey private-key.pem -in encoded.txt

openssl returns RSA operation error
8688:error:04065084:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data too large for modulus:.\crypto\rsa\rsa_eay.c:519

After a few conversion corrections, I get (using openSSL):
304C0000:error:02000079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error:crypto\rsa\rsa_oaep.c:308:

This needs to be investigated further as the OAEP padding doesn't seem to be correct.

Hello, I have found a couple of issues in the mask generation function (MGF) and here is the state of play:

  • RSA OAEP is now interoperable with BearSSL and OpenSSL
  • I need to check that the PSS mode for signatures has not been impacted

I will then release a new version of TMS CP.