Encrypting using publicKey from seckeygeneratepair

Question

Our iOS developer generated a private / public key using the following documentation. The other details includes using RSA 2048 and padding is PKCS1.

https://developer.apple.com/documentation/security/1395339-seckeygeneratepair?language=objc

I've mostly encountered certificate based encryption using certficates from windows store I I can't seem to fit their public key into the examples I've previously encountered. Has anyone tried something like this?

1. The app generates a public private key pair and provides me the public key.
2. On the server I encrypt a message with the public key.
3. On the app the message is decrypted using the private key.

Here are some references that I've read but none of them seem to fit this.

https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=netframework-4.7.2 https://codereview.stackexchange.com/questions/92761/very-simple-asymmetric-rsa-encryption-in-c

Answer 1

After some trial and error here are the lessons learned from this.

• The iOS should return a valid RSA public key in the following format. Previously, the key generated was not in standard format so only iOS and encrypt and decrypt it. Here is also a line to validate it.

  openssl rsa -in example.pem -text -pubin -RSAPublicKey_in

  -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAz1zfbybUt5jZX5P6ymy+g04wj3iTYCV8eGbkFyqFNsfN8Lnk6x4x zstfnpE6asV6NkBecQnT1a9X6AVxA4Mxq4CeysR10TRr8HGczQGKl7R3Nbvvmgw+ jX8LZGxsQTO6qYWhMAtOPFfsMW9iy3AsDE7OIYfya6y/l919ExbgPzJ+0nLdiBmd bmmzOQ1PaKt3OcxG6qZyBoixRTTOm4UDCLDzYdjz5dS1rbvb7pD15TpkZBkuMRm5 QDv+xhKcz1UFGQP7ssZS++ZoQlF2CZJuLz8R1uUYg4xQnF0r1IBBrlVtKnblgMcA ZykNweGwrdPaWF3PeZmbvG+/m+Kt7/4BJwIDAQAB -----END RSA PUBLIC KEY-----

• On the .NET side, I was able to encrypt the text but I needed to use bouncy castle to do it. Here is a sample code.

  public string Encrypt(string plainText, string publicKey) { UTF8Encoding ByteConverter = new UTF8Encoding(); using (RSACryptoServiceProvider csp = new RSACryptoServiceProvider()) { PemReader reader = new PemReader(new StringReader(publicKey)); object kp = reader.ReadObject(); csp.ImportParameters(DotNetUtilities.ToRSAParameters((kp as RsaKeyParameters))); var encryptedData = csp.Encrypt(data: ByteConverter.GetBytes(plainText), padding: RSAEncryptionPadding.Pkcs1); return Convert.ToBase64String(encryptedData); } }