I have a TR34 sample enveloped data from X9 TR34–2012. I am trying to decrypt it, but I am not sure which part of the token contains encrypted ephemeral key and which exact rsa algorithm is used for encryption
-----BEGIN TR34 Sample EnvelopedData PEM File-----
MIICVQIBADGCAZ4wggGaAgEAMEowQTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRS
MzQgU2FtcGxlczEbMBkGA1UEAxMSVFIzNCBTYW1wbGUgQ0EgS1JEAgU0AAAABzBF
BgkqhkiG9w0BAQcwODANBglghkgBZQMEAgEFADAYBgkqhkiG9w0BAQgwCwYJYIZI
AWUDBAIBMA0GCSqGSIb3DQEBCQQABIIBACy9CG3HIyhtl6phfB6UmA5Tmui/Uakm
xV/khYvkgIVlBvCPAJMn4urIE9d8eySgrlIyXFZFL3UEZs1Xge8ctLVzpgckEG0S
UvGMJ0IpWZt4h7o3nFCBeCGY3JoJRJPTicqD1vCNWNiOlUgG97AKYgsgymB5BnRy
fHnXS3ngOcmF4vEHvsMKf8guXNQmihos1Xn8gizDZqVy3GmVJqGxzAzj9oMK5/6q
K+FGTxv7SBTZePYAdkZAfyJLdYQPlhEn7w4jRyajajZWSjLSx0YFpQhJyb+fk/cn
0axo/tcg3u7SrQoGSzCsAdK+6zzNA9RjFdQPH/1tJg3G9lN9cOAoGKcwga0GCSqG
SIb3DQEHATCBnwYIKoZIhvcNAwcECAEjRWeJq83vgIGIUzKh+EUh3i07I+vjyy1n
SxYRTsWYIUECw97hdcKmaUAOsDkTbmMuSjIUCqtVRqxHh5n3t6AlM19FzKPNGJQx
T/UT4+Alc621E134sdsyd9neJz3GqLXnnSFfY7k6UhN9uvvlzD/0cpGdhtJAl2I3
D6gKd67Rg+HtWXv5v9ydKGk0x8Hh6NAD+w==
-----END TR34 Sample EnvelopedData PEM File-----
Above token parses as:
ContentInfo SEQUENCE @0+597 (constructed): (3 elem)
contentType ContentType [?] INTEGER @4+1: 0
content [0] [?] SET @7+414 (constructed): (1 elem)
ANY SEQUENCE @11+410 (constructed): (4 elem)
INTEGER @15+1: 0
SEQUENCE @18+74 (constructed): (2 elem)
SEQUENCE @20+65 (constructed): (3 elem)
SET @22+11 (constructed): (1 elem)
SEQUENCE @24+9 (constructed): (2 elem)
OBJECT_IDENTIFIER @26+3: 2.5.4.6|countryName|X.520 DN component
PrintableString @31+2: US
SET @35+21 (constructed): (1 elem)
SEQUENCE @37+19 (constructed): (2 elem)
OBJECT_IDENTIFIER @39+3: 2.5.4.10|organizationName|X.520 DN component
PrintableString @44+12: TR34 Samples
SET @58+27 (constructed): (1 elem)
SEQUENCE @60+25 (constructed): (2 elem)
OBJECT_IDENTIFIER @62+3: 2.5.4.3|commonName|X.520 DN component
PrintableString @67+18: TR34 Sample CA KRD
INTEGER @87+5: (38 bit)|223338299399
SEQUENCE @94+69 (constructed): (2 elem)
OBJECT_IDENTIFIER @96+9: 1.2.840.113549.1.1.7|rsaOAEP|PKCS #1
SEQUENCE @107+56 (constructed): (3 elem)
SEQUENCE @109+13 (constructed): (2 elem)
OBJECT_IDENTIFIER @111+9: 2.16.840.1.101.3.4.2.1|sha-256|NIST Algorithm
NULL @122+0
SEQUENCE @124+24 (constructed): (2 elem)
OBJECT_IDENTIFIER @126+9: 1.2.840.113549.1.1.8|pkcs1-MGF|PKCS #1
SEQUENCE @137+11 (constructed): (1 elem)
OBJECT_IDENTIFIER @139+9: 2.16.840.1.101.3.4.2.1|sha-256|NIST Algorithm
SEQUENCE @150+13 (constructed): (2 elem)
OBJECT_IDENTIFIER @152+9: 1.2.840.113549.1.1.9|rsaOAEP-pSpecified|PKCS #1
OCTET_STRING @163+0 (encapsulates): (0 byte)|
OCTET_STRING @165+256: (256 byte)|2CBD086DC723286D97AA617C1E94980E539AE8BF51A926C55FE4858BE480856506F08F009327E2EAC813D77C7B24A0AE52325C56452F750466CD5781EF1CB4B573A60724106D1252F18C274229599B7887BA379C5081782198DC9A094493D389CA83D6F08D58D88E954806F7B00A620B20CA60790674727C79D74B79E039C985E2F107BEC30A7FC82E5CD4268A1A2CD579FC822CC366A572DC699526A1B1CC0CE3F6830AE7FEAA2BE1464F1BFB4814D978F6007646407F224B75840F961127EF0E234726A36A36564A32D2C74605A50849C9BF9F93F727D1AC68FED720DEEED2AD0A064B30AC01D2BEEB3CCD03D46315D40F1FFD6D260DC6F6537D70E02818A7
SEQUENCE @425+173 (constructed): (2 elem)
OBJECT_IDENTIFIER @428+9: 1.2.840.113549.1.7.1|data|PKCS #7
SEQUENCE @439+159 (constructed): (3 elem)
OBJECT_IDENTIFIER @442+8: 1.2.840.113549.3.7|des-EDE3-CBC|RSADSI encryptionAlgorithm
OCTET_STRING @452+8: (8 byte)|0123456789ABCDEF
[0] @462+136: (136 byte)|5332A1F84521DE2D3B23EBE3CB2D674B16114EC598214102C3DEE175C2A669400EB039136E632E4A32140AAB5546AC478799F7B7A025335F45CCA3CD1894314FF513E3E02573ADB5135DF8B1DB3277D9DE273DC6A8B5E79D215F63B93A52137DBAFBE5CC3FF472919D86D2409762370FA80A77AED183E1ED597BF9BFDC9D286934C7C1E1E8D003FB
My understanding is that:
2CBD086DC723286D97AA617C1E94980E539AE8BF51A926C55FE4858BE480856506F08F009327E2EAC813D77C7B24A0AE52325C56452F750466CD5781EF1CB4B573A60724106D1252F18C274229599B7887BA379C5081782198DC9A094493D389CA83D6F08D58D88E954806F7B00A620B20CA60790674727C79D74B79E039C985E2F107BEC30A7FC82E5CD4268A1A2CD579FC822CC366A572DC699526A1B1CC0CE3F6830AE7FEAA2BE1464F1BFB4814D978F6007646407F224B75840F961127EF0E234726A36A36564A32D2C74605A50849C9BF9F93F727D1AC68FED720DEEED2AD0A064B30AC01D2BEEB3CCD03D46315D40F1FFD6D260DC6F6537D70E02818A7
is ephemeral key (in clear '0123456789ABCDEFFEDCBA9876543210FFEEDDCCBBAA9988’.) encrypted using rsaOAEP encryption.
I have tried to decrypt using this C# code
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
public class RSAEncryptionWithCert
{
public static void Main()
{
// Load the certificate from the store
X509Certificate2 cert = LoadCertificate("My", "182E7FEF7EC9AAB536266FC24A04BA39B12F5F28");
if (cert == null)
{
Console.WriteLine("Certificate not found or failed to load.");
return;
}
// Decrypt data
byte[] encryptedData = StringToByteArray("2CBD086DC723286D97AA617C1E94980E539AE8BF51A926C55FE4858BE480856506F08F009327E2EAC813D77C7B24A0AE52325C56452F750466CD5781EF1CB4B573A60724106D1252F18C274229599B7887BA379C5081782198DC9A094493D389CA83D6F08D58D88E954806F7B00A620B20CA60790674727C79D74B79E039C985E2F107BEC30A7FC82E5CD4268A1A2CD579FC822CC366A572DC699526A1B1CC0CE3F6830AE7FEAA2BE1464F1BFB4814D978F6007646407F224B75840F961127EF0E234726A36A36564A32D2C74605A50849C9BF9F93F727D1AC68FED720DEEED2AD0A064B30AC01D2BEEB3CCD03D46315D40F1FFD6D260DC6F6537D70E02818A7");
Console.WriteLine("Encrypted Data size: " + encryptedData.Length);
byte[] decryptedData = DecryptData(encryptedData, cert);
Console.WriteLine("Decrypted Data: " + Encoding.UTF8.GetString(decryptedData));
}
public static byte[] StringToByteArray(string hex)
{
return Enumerable.Range(0, hex.Length)
.Where(x => x % 2 == 0)
.Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
.ToArray();
}
public static X509Certificate2 LoadCertificate(string storeName, string thumbprint)
{
using (X509Store store = new X509Store(storeName, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.Thumbprint != null && cert.Thumbprint.Equals(thumbprint, StringComparison.OrdinalIgnoreCase))
{
// Ensure the certificate has the private key
if (cert.HasPrivateKey)
{
return cert;
}
}
}
}
return null;
}
public static byte[] EncryptData(byte[] data, X509Certificate2 cert)
{
using (RSA rsa = cert.GetRSAPublicKey())
{
return rsa.Encrypt(data, RSAEncryptionPadding.OaepSHA256);
}
}
public static byte[] DecryptData(byte[] data, X509Certificate2 cert)
{
using (RSA rsa = cert.GetRSAPrivateKey())
{
if (rsa == null)
{
throw new InvalidOperationException("Private key not found in the certificate.");
}
return rsa.Decrypt(data, RSAEncryptionPadding.OaepSHA256);
}
}
}
Unfortunately decryption fails with:
System.Security.Cryptography.CryptographicException
HResult=0x80090027
President James K. Polk
42.3k35 gold badges114 silver badges149 bronze badges
-
There's not enough information here to actually test this, but if I understand the envelopedData blob correctly, your decryption code should be able to decrypt it provided you have the correct private key.President James K. Polk– President James K. Polk2025年05月20日 01:56:57 +00:00Commented May 20, 2025 at 1:56
lang-cs