Decrypt file using RSACryptoServiceProvider in powershell

Question

I encrypted a file with a private key on a debian machine with the command :

openssl rsautl -encrypt -inkey private.pem -in test.txt -out test.txt.ssl

I also converted my public key from pem to xml with the python script here : https://github.com/MisterDaneel/PemToXml

I'm trying to decipher the test.txt.ssl file on a windows machine and I can't install any software. So I have to use onlyRSACryptoServiceProvider. My powershell script looks like this:

$InputFileLocation = (Get-Location).tostring() + "\public.pem.xml"
$InputFile = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($InputFileLocation)
$pemRawStr = (Get-Content $InputFile) -join ''

$rsa = New-Object -TypeName System.Security.Cryptography.RSACryptoServiceProvider
$key = $rsa.FromXmlString($pemRawStr)
$rsa.ExportParameters($false)
[byte[]]$str = Get-Content "test.ssl" -Encoding Byte
$DecryptedStr = $rsa.Decrypt($str, $false);  
Write-Host "File content : " $DecryptedStr

But it's not working. I have this error :

Exception calling "Decrypt" with "2" argument(s): "Key doesn't esist.
"
At C:\Users\RICHARDAN\Documents\Dev - Git\protectmi_analysis_processing-master\windows\test.ps1:9 char:1
+ $DecryptedStr = $rsa.Decrypt($str, $false);
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CryptographicException

Try `Get-Content -Encoding Byte` to fetch contents as byte arrays instead of strings you then join together. — Jeroen Mostert, Aug 21 '20 at 13:06
I always have the same error : `Cannot convert argument "rgb", with value: ""....", for "Decrypt" to type "System.Byte[]": "Cannot convert value "....." to type "System.Byte[]". Error: "Cannot convert value ""~...." to type "System.Byte". Error: "The format of the character string is incorrect."+ $DecryptedStr = $rsa.Decrypt($str, $false); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodException + FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument` — Rig0L, Aug 21 '20 at 13:18

score 1 · Answer 1 · answered Aug 21 '20 at 13:21

1

As Jeroen Mostert comments, the issue here is that Decrypt() expects a [byte[]], not a [string]!

To fix this, use Get-Content -Encoding Byte and assign to a variable with a [byte[]] type constraint:

[byte[]]$str = Get-Content "test.ssl" -Encoding Byte
$DecryptedStr = $rsa.Decrypt($str, $false);  
Write-Host "File content : " $DecryptedStr

answered Aug 21 '20 at 13:21

Mathias R. Jessen

157,619
12
148
206

If you call `$rsa.ExportParameters($false)` after `$rsa.FromXmlString($pemRawStr)`, what does it return? Are the `Exponent` and `Modulus` properties on the object both set? If you compare with the corresponding values `openssl` show for the key, are they the same? – Mathias R. Jessen Aug 21 '20 at 15:11
Here's the return of the call: `Exponent : {1, 0, 1} Modulus : {204, 89, 206, 161...} P : Q : DP : DQ : InverseQ : D : File content : zFnOoYQ8EP8JhT0OsNfKlhZguLNhG66+3uT2QCpx96/Qmd2ZYabY5L+tCYiZ7sU1WlM/VJ+RtBx+omU1QG Z+heSOVius9Qyc09Htouqf+ttMOqu98i8zasA2r3fqYPtYckZQpvK6hUZPX6uln7ge7fVRrwt/Lm/E7HU2LnUlYac=AQAB` – Rig0L Aug 21 '20 at 15:20
And you've verified that's the same `Exponent` and `Modulus` values as shown when inspecting the original pem-formatted pub key with `openssl rsa -pubin -in pub.pem -inform PEM -text -noout`? Modulus shown by OpenSSL should start with `cc:59:ce:a1...` based on your comment – Mathias R. Jessen Aug 21 '20 at 15:24
You're right, it's not the same values. RSA Public-Key: (1024 bit) Modulus: 00:cc:59:ce:a1:84:3c:10:ff:09:85:3d:0e:b0:d7: ca:96:16:60:b8:b3:61:1b:ae:be:de:e4:f6:40:2a: 71:f7:af:d0:99:dd:99:61:a6:d8:e4:bf:ad:09:88: 99:ee:c5:35:5a:53:3f:54:9f:91:b4:1c:7e:a2:65: 35:40:66:7e:85:e4:8e:56:2b:ac:f5:0c:9c:d3:d1: ed:a2:ea:9f:fa:db:4c:3a:ab:bd:f2:2f:33:6a:c0: 36:af:77:ea:60:fb:58:72:46:50:a6:f2:ba:85:46: 4f:5f:ab:a5:9f:b8:1e:ed:f5:51:af:0b:7f:2e:6f: c4:ec:75:36:2e:75:25:61:a7 Exponent: 65537 (0x10001) – Rig0L Aug 21 '20 at 15:29
That would explain :) In that case I'd probably try to base64-decode the public key contents from the pem file directly instead of trying to convert to xml. – Mathias R. Jessen Aug 21 '20 at 15:49
I tried to base64-decode my pem key instead of trying to convert to xml but I've other error : `Exception calling "FromXmlString" with "1" argument(s): "Invalid syntax on line 1 - 'Character > expected.'.". At \test.ps1:14 char:1 + $test = $rsa.FromXmlString($pemRawStr1) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo: NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId: XmlSyntaxException` – Rig0L Aug 24 '20 at 07:58
And `Exception calling "Decrypt" with "2" argument(s): "Incorrect data. " At test.ps1:17 char:1 + $DecryptedStr = $rsa.Decrypt($str, $false); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CryptographicException` – Rig0L Aug 24 '20 at 07:59
I've adapted my first post – Rig0L Aug 24 '20 at 13:07

Decrypt file using RSACryptoServiceProvider in powershell

1 Answers1