I use RSA encryption in server authorization request. For version 4.3.3 works good. After upgrade to 5.0.6 server rejects my request with message "Incorrect encryption". When this happen I tryed to test compatibility RSA encryption between demos for both versions. When generate public and private keys and encrypt test data in demo 4.3.3 it is unable decrypt it in demo 5.0.6. When try to decrypt demo display folowing message:
Make sure your key pair and message are in base64 in 5.0, then:
RSA.inputFormat := base64; // if you change this, make sur that YourMessage and the keys have the selected format
RSA.outputFormat := base64;
Either generate a key pair or:
RSA.publicKey := YourPublicKey;
RSA.privateKey := YourPrivateKey;
RSA.Sign(YourBase64Message, YourBase64Signature)
To verify, rekey (keys are converted when used):
RSA.publicKey := YourPublicKey;
RSA.privateKey := YourPrivateKey;
IntegerValue := RSA.verify(YourBase64Message, YourBase64Signature);
IntegerValue must be 0
There is no inputFormat property in 4.3.3 and it may be the reason for the mismatch between the two versions as the key/message formats have to match the one for inputFormat in 5.0
O.K. I use RSA to encrypt (not sign) AES Key used to encrypt transfered data. Result in Base64 format is part of request to server. For version 4.3.3 works folowing code:
function TXmlInitReq.EncryptAesKeyByRSA(AES_Key : String) : String ;
var
RSAEnc : TRSAEncSign ;
I can share the source code but it is not enough to send requests to the server. The application I am currently working on is used to communicate with the government's system for issuing invoices by entrepreneurs. Even to work in a test environment, it is required to register with the system and have a tax ID assigned by the tax administration and a qualified signature with the ID encoded in it. The signature is needed to authorize each request sent to the server. the request is in the format of an XML file, which, after filling in the data of the actual transmission, must be signed (XAdES/BES) and sent using REST to the test gateway.
Another problem is the interaction of the application with other applications in my package. All in all, it's a rather complex system of several databases from which data is collected and sent.
I can send a sample invoice and Unit, which compresses it, encrypts it and builds the request to the server but I can only send it by having a test environment set up. I undertake to send any number of sample requests.
The error was due to a double conversion in LoadFromPublicKeyFile that was useless and causing the the public exponent to be in base64 (because outputFormat was set to base64) instead of being #1#0#1 (X509 mandatory value). Then encryption was giving a valid result for the incorrect public exponent but definitely invalid for #1#0#1. So decryption with the expected public exponent was failing on the server side.