Public key encryption with XML files

[steelcity_ballin]

Hi all,

I'm working with a client that is sending me data that is both encoded and encrypted. They are supplying an xml document. The first task I need to perform is a basic validation to ensure the file has not been tampered with, and that it's from who I anticipate. According to my documentation, a particular XML node will contain a signature node that I can validate with the public key.

So after a lot of googling and some learning, I can see that their public key is nothing more than the SSL certification request file converted to Base64. So decoding it I can read some of the plain text, the rest looks like garbage characters (zalgo!). Anyhow, because they are not supplying to me an XML file with all the XMLSigning nodes I need such as a digest etc, I am unsure of what I need to do to validate their XML node signature against this public key. Anyone with any experence?

I tried hashing, encoding, decoding, combinations to 1 side, the other side, both sides, all of course never matching. Ideas?

[steelcity_ballin]

Sample code: My code compiles and "works" in so far as it returns FALSE as my boolean. According to my client, this data is verified as good and should be passing.

Code: Select all

Sub page_load()
        Dim ByteConverter As New ASCIIEncoding
        Dim x509 As New X509Certificate2()
        Dim rawData As Byte() = ReadFile(Server.MapPath("publicKey.arm"))
        x509.Import(rawData)

        Dim publicKey As String = x509.PublicKey.Key.ToXmlString(False)
        Dim xmlFile As String = Server.MapPath("myTokenFile.txt")
        Dim settings As New XmlReaderSettings
        Dim xmlDoc As XmlDocument = New XmlDocument
        xmlDoc.Load(xmlFile)

        Dim token3 = xmlDoc.SelectSingleNode("/TOKEN/TOKEN3").InnerXml
        Dim token2 = xmlDoc.SelectSingleNode("/TOKEN/TOKEN2").InnerText
        Dim token1 = xmlDoc.SelectSingleNode("/TOKEN/TOKEN1").InnerText
       
        Dim rsacp As RSACryptoServiceProvider = New RSACryptoServiceProvider
        rsacp.FromXmlString(publicKey)       
     
        Dim ok As Boolean = rsacp.VerifyData(ByteConverter.GetBytes(token2), New SHA1CryptoServiceProvider, ByteConverter.GetBytes(token3))
        Response.Write(ok)       
    End Sub


I am stumped. I know they used the SHA1 Hash Algorithm and I know what the expected value of each token is, and it matches what I pull out. I then have to convert them to array of bytes for use with the VerifyData method of my rsacp object. It always returns false unless I create my own data and sign it, then it's true. Either the client's data is bad (unlikely) or I'm missing something. Ideas?

[steelcity_ballin]

Ignoring all my previous ramblings in this thread, let's say that I've managed to get as far as parsing the private key and that now, I need to use that private key to decrypt the actual message. Decrypting using the RijndaelManaged object suggests I need a Key and an IV (initialization vector) both of which can be had 2 ways: Either I am the creator of the original encryption hence I would know my own IV and Key, OR, from what I've read, those values may be passed in the private key.

My biggest problem now is I am not the creator, so how do I extract those 2 things so i can decrypt?