RSACryptoServiceProvider not working in .net core

Question

I have to call a government API, session key needs to be encrypted using public key provided by them. Following code to encrypt the session key is working fine on windows server using .NET framework, but I need to host the API on aws lambda using .NET core. There is gives following error

System.InvalidCastException: Unable to cast object of type 'System.Security.Cryptography.RSAOpenSsl' to type 'System.Security.Cryptography.RSACryptoServiceProvider

private static string EncryptRsa(byte[] input)
{
    string output = string.Empty;
    System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new X509Certificate2(@"Cert/server_pub.cer");


    using (RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key)
    {
        byte[] bytesData = input;
        byte[] bytesEncrypted = csp.Encrypt(bytesData, true);
        output = Convert.ToBase64String(bytesEncrypted);
    }
    return output;
}

I changed the code to following, it runs successfully but when I call the API it give an error saying session key decryption error, please encrypt the session key using correct public key.

How to I get similar encryption to RSACryptoServiceProvider in .net core

private static string EncryptRsa(byte[] input)
{
    string output = string.Empty;
    System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new X509Certificate2(@"Cert/server_pub.cer");


    using (RSA csp = (RSA)cert.PublicKey.Key)
                {
                    byte[] bytesData = input;
                    byte[] bytesEncrypted = csp.Encrypt(bytesData, RSAEncryptionPadding.Pkcs1);
                    output = Convert.ToBase64String(bytesEncrypted);
                }
    return output;
}

Code in answer of other question is not working on .net core, it uses .net framework Casting private key to RSACryptoServiceProvider not working

Its not working using the code in answer of other question: https://stackoverflow.com/questions/55949510/casting-private-key-to-rsacryptoserviceprovider-not-working — Rahul Khanna, Jul 22 '19 at 14:46
`csp.Encrypt(bytesData, true)` is not the same thing as `csp.Encrypt(bytesData, RSAEncryptionPadding.Pkcs1)`. Pass `true` there as well, or better yet `RSAEncryptionPadding.OaepSHA1` (as that's what it effectively means). — Jeroen Mostert, Jul 22 '19 at 15:22

Rahul Khanna · Answer 1 · 2019-07-22T15:41:32.317

It worked, in the updated code I was trying, I changed the padding to OaepSHA1, its working now. Thank you

Below is the working code (Tested on AWS Lambda):

private static string EncryptRsa(byte[] input)
{
    string output = string.Empty;
    System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new X509Certificate2(@"Cert/server_pub.cer");


    using (RSA csp = (RSA)cert.PublicKey.Key)
                {
                    byte[] bytesData = input;
                    byte[] bytesEncrypted = csp.Encrypt(bytesData, RSAEncryptionPadding.OaepSHA1);
                    output = Convert.ToBase64String(bytesEncrypted);
                }
    return output;
}

Thanks, now work for both Dot Net framework and Dot Net Core also — Somnath Kadam, Nov 17 '20 at 09:39

RSACryptoServiceProvider not working in .net core

1 Answers1