{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 看我几分像从前 的问题《The data to be decrypted exceeds the maximum for t》','https://www.manongdao.com/q-407839.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to make a password safe, but theres something wrong with how I use RSA. Heres my codes:
private void testencodedecode()
{
string mehdi = "mehdi";
var enc = encodePass(mehdi);
var dec = decodePass(enc);
}
private RSAParameters rsaKey()
{
var setting = context.Settings.First(s => s.ID == 1);
byte[] pwd = Encoding.ASCII.GetBytes(setting.PWDKEY);
byte[] expo = {1,0,1};
var key = new System.Security.Cryptography.RSAParameters();
key.Exponent = expo;
key.Modulus = pwd;
return key;
}
private string encodePass(string pass)
{
var provider = new RSACryptoServiceProvider();
provider.ImportParameters(rsaKey());
var encryptedBytes = provider.Encrypt(Encoding.UTF8.GetBytes(pass), false);
return Encoding.UTF8.GetString(encryptedBytes);
}
private string decodePass(string pass)
{
var provider = new RSACryptoServiceProvider();
provider.ImportParameters(rsaKey());
string decrypted = Encoding.UTF8.GetString(provider.Decrypt(Encoding.UTF8.GetBytes(pass), true));
return decrypted;
}
It seems to encrypt fine, but on decryption has the following error:
The data to be decrypted exceeds the maximum for this modulus of 36 bytes.
The modulus for RSA should be at least 1024 bits (128 bytes). Anything less will be completely insecure. And for modern applications it is even recommended to use a 2048 or larger modulus.
And secondly, you are not generating the RSA keys properly! You shouldn't just use the password as a modulus..
The public exponent and the modulus must be chosen such that the exponent is relatively prime to
p-1for all primespwhich divide the modulus. If you are just arbitrarily setting the modulus to a binary representation of a password (PWDKEY) it's unlikely that you are choosing an appropriate exponent/modulus pair. And as I said earlier the modulus must be a relatively large number, usually chosen to be 1024, 2048 or 4096 bits long.There are some major issues with the method here. The first, as you mentioned in a comment on another answer is that you're using a
Guidto construct the RSA modulus, which is entirely invalid. You cannot use random data to construct the public key directly for a number of reasons:Guidin binary form generally will not be.You should be generating the RSA key using the
RsaCryptoServiceProviderconstructor e.g.:The parameters for this newly generated key can then be exported:
The parameters can then be stored (securely) and used to re-initialize the CSP for decryption later.
There are also other obvious problems, such as the fact that the amount of data you can actually encrypt with RSA is limited by the key size, so with a 2048 bit key as created above, you can encrypt 2048 / 8 - 11 = 245 bytes (where the 11 bytes is a result of the PKCS#1 v1.5 padding that is applied). If you want to encrypt more than this, the general method is to use a symmetric cipher (e.g. AES) to encrypt the data, and then use RSA only to encrypt the AES key.
Finally, whilst this may work, I still wouldn't rely on it for security as there are almost always issues with roll-your-own encryption schemes.