Error occurred while decoding OAEP padding
Solution 1
A common mistake is to try to decrypt using the public key.
Solution 2
I ran into this exact problem. UnicodeEncoding.GetBytes
is not always the inverse of UnicodeEncoding.GetString
.
byte[] a = new byte[32];
RandomNumberGenerator gen = new RNGCryptoServiceProvider();
gen.GetBytes(a);
UnicodeEncoding byteConverter = new UnicodeEncoding();
byte[] b = byteConverter.GetBytes(byteConverter.GetString(a));
//byte array 'a' and byte array 'b' will not always contain the same elements.
This is why RSACryptoServiceProvider.Decrypt
fails. A lot of encrypt/decrypt examples on the web use Unicode encoding. Do not use Unicode encoding. Use Convert.FromBase64String
and Convert.ToBase64String
instead.
Solution 3
This error normally indicates you are using a public key to decrypt, while you should be using a private key for decryption. Give it a try.
Solution 4
FYI, you can still be (en/de)crypting in the right key sequence (encr:pub key, decr:priv key) - i.e. can still get this error decrypting with a private key - it just may be the wrong private key (i.e. from another cert/key pair), not the one paired w/ the pub key with which u encrypted initially. If u turn off OAEP padding and get a "bad data" exception, that's another indication.
Solution 5
In my case the error has been caused by wrong padding settings.
Error: RSA decrypt: error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error
I had openssl_public_encrypt()
with OPENSSL_PKCS1_PADDING
as a default value in PHP and keypair.decrypt()
with the default value RSA_PKCS1_OAEP_PADDING
in node-rsa.
So don't forget to check these options too.
Meetu Choudhary
I am a web developer over 4+ years of experiance. i work in jaipur. you can catch me at my blog. I have recived the DNS-MVM Award: you can have a look at my profile. Recently I have been awarded MVP you can see the Announcement here and Do have a look at my MVP Profile Dot Net Forums Launched on my site MsDnH
Updated on June 11, 2020Comments
-
Meetu Choudhary almost 4 years
While decrypting text using
RSACryptoServiceProvider.Decrypt
, I am getting the error:Error occurred while decoding OAEP padding.
Here's my code:
CspParameters cspParam = new CspParameters(); cspParam = new CspParameters(); cspParam.Flags = CspProviderFlags.UseMachineKeyStore; clsCertificates cc = new clsCertificates(); string a = ""; cc.OpenStoreIE(ref a); cc.SetProperties(); X509Certificate2 cert = new X509Certificate2(); cert = cc.x509_2Cert; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParam); //to gentrate private and public keys from the certificate rsa.FromXmlString(cert.PublicKey.Key.ToXmlString(false)); String publicKey = rsa.ToXmlString(false); // gets the public key String privateKey = rsa.ToXmlString(true); // gets the private key working if paramter is false if true give error key is not valid for use in specified state Response.Write("<Textarea rows=10 cols=100>PUBLIC: " + publicKey + "</TextArea>"); Response.Write("<Textarea rows=10 cols=100>PRIVATE: " + privateKey + "</Textarea>"); Response.Write("<BR>Encrypting the string \"HelloThere\" with the public Key:<BR>"); String str = "HelloThere"; RSACryptoServiceProvider RSA2 = new RSACryptoServiceProvider(cspParam); //---Load the Public key--- RSA2.FromXmlString(publicKey); //working with the folowing line instead of above but i need the keys of he certificte //RSA2.ToXmlString(true); Byte[] EncryptedStrAsByt = RSA2.Encrypt(System.Text.Encoding.Unicode.GetBytes(str), true); String EncryptedStr = System.Text.Encoding.Unicode.GetString(EncryptedStrAsByt); Response.Write("<Textarea rows=10 cols=100>Encrypted String: " + EncryptedStr + "</Textarea>"); Response.Write("<BR>Decrypting the Encrypted String with the Private key:<BR>"); RSACryptoServiceProvider RSA3 = new RSACryptoServiceProvider(cspParam); //---Load the Private key--- RSA3.FromXmlString(privateKey); //working with the folowing line instead of above but i need the keys of he certificte //RSA3.ToXmlString(true); Byte[] DecryptedStrAsByt = RSA3.Decrypt(EncryptedStrAsByt, true );//Error if true then error is error occured while decoding the OAE$P padding and if false then error is bad key i am using windows xp so it should be true. String DecryptedStr = System.Text.Encoding.Unicode.GetString(DecryptedStrAsByt); Response.Write("<Textarea rows=10 cols=100>Decrypted String: " + DecryptedStr + "</Textarea>");
The above is works if I am not using the keys of my digital certificate. but if the keys are from the digital certificate, I get the OAEP padding error.
Note: This question is in continuation of the Error occurred while decoding OAEP padding question
-
Ben over 11 yearsThanks this solved my problem, which was starting to drive me nuts!
-
NoOne over 10 yearsI want to encrypt data with my private key and then decrypt it with my public key on the client machine. Why is this a mistake ? I thought that was a normal way of using RSA. :(
-
OldTinfoil over 10 yearsNo, the "normal" way is to encrypt with the public key and decrypt with the private key. If you encrypt data with the private key, anyone with your public key can decrypt that data. While this is not useful for keeping the data private, it is useful for verifying that the data did come from the expected origin.
-
OldTinfoil over 10 years(This is in the general case. I'm pretty sure the OpenSSL library RSA_encrypt/decrypt functions cannot perform this action).
-
jww over 9 years@NoOne: "I want to encrypt data with my private key and then decrypt it with my public key" - yes, its not correct. Perhaps you want a Signature Scheme with Recovery.
-
Dan about 4 yearsAnother reason for this is that you're simply using the wrong keyset for decryption. I've encountered this when, for example, loading the wrong key file into an application to decrypt data.
-
Harold_Finch almost 4 yearsCurrently facing this hurdle at this present time.
-
Prageeth Liyanage over 2 yearsThanks....Faced same issue..This helped
-
Nguyen Duc Tien almost 2 yearsThank for you advice. I used the correct private key, but wrong public key. When replace it by the correct public key file, it solved.