Menu
I'm trying to decode the HelloWorks callback signature to add security to an endpoint. As it stays in the documentation I need to generate a private key using the following openssl command:
openssl genrsa -des3 -out helloworks.pem 4096
and then make the public key:
openssl rsa -in helloworks.pem -outform PEM -pubout -out public.pem
I have created both keys and configured it. Now I need to decode base64 the X-Helloworks-Signature sent by them, then decrypt the result using the private key.
I have been trying several ways to do this in C# but with no luck. One approach that I have done using BouncyCastle library is:
var signature = mvcContext.HttpContext.Request.Headers["X-Helloworks-Signature"];
var url = mvcContext.HttpContext.Request.Path.Value;
var bytesToDecrypt = Convert.FromBase64String(signature);
AsymmetricCipherKeyPair keyPair;
var pemPath = Path.Combine(env.ContentRootPath, "./helloworks.pem");
using (var reader = File.OpenText(pemPath))
keyPair = (AsymmetricCipherKeyPair)new PemReader(reader, new PasswordFinder("password")).ReadObject();
var decryptEngine = new Pkcs1Encoding(new RsaEngine());
decryptEngine.Init(false, keyPair.Private);
var decryptedToken = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length));
But it always throws the same exception message:
Org.BouncyCastle.Crypto.DataLengthException: 'input too large for RSA cipher.'
I have been trying other approaches that I have found here in SO and the web but no luck.
How can I use the private key pem file to decrypt the signature in C#, specifically .Net Core 2?
Update 1
An example of the signature is:
X-Helloworks-Signature: bGNTNUVOZ0w5akx4U1VXUTFrcHQ0ZmZSZU1KQnNpbDhwVDFGVllSMzF5aVdtQkZOcTRMTFNrY2FmV3o5aFZJVk5rbmVRUEdydTZLZ1BHQ1dCdkFYVVRMWUs1bUYxSXplam5mZVEwVFZvMjFZRS1rM0l4SDBkNU45clJDX1RYOVZPcThwUzI5V2pTd1k2d0kxaGQ0VXpiSkU2NERJaVljaWxCWkJwVVJhN0NRcGphbkxlZV8tZFMxQWtUbTdRUHdEVTZtVDNnc2ZPQkNiMFZMeUR2TGVtdmVTZldXZnVUOXg0NTRYSU1rZjE3elRvR0xHT29YeEpKWjk5LUcyc3VjWkk5NWpmRldvaGo0S2Z0dXV1SHMtMmpZajZuNXhpMFI5S0hmT2xNRkRwRlFtbEpUbG9TTURGREVPeDE3RjNoX1NXMk1RSUR2b2hGazBtTkstMk9OVHhHQ05tQXhuS1c5Nm9SN0N4QlJnQ2xyLXlvOXJTWXp2anNlVVhGZ0hqakYzZE8ybGhUdXFPV1A0NU9TaUVoY21zSHVMRnV0Zy10a0J5QTJLYTB2Yk1sNi1wMVlLR09QZVdMVm9QN0k5ellyWFdNRFl0S2dPaXZkSldEa1B0SmdvbVMwbU1DdWMyblBFUHFxUTEtQkdJMHNFdjNNWVFfYVNjeGJsZ2p2VHVZZzRmZy1VXzk3R0pON1ZsM1IwWllZSF9QU2syQll6LTN3Vjc3QjMxbGFjT3lWSU15WDVJdktKWXIwTXZMQ190cjIwZk9hZkx5c011eWpsSXV6Tl96Q2VHbkpfbkJiQnJYNXNyNmktZDB4UW9rc0JKSUtUZUNMR3dVWWEtVEJVUE5FeWplM09RT0NOYW02R242OEdLeDRZdTlzZDVNa1BCQ1B6NTI3aUhoYm9aLTg9
954
RSA(Rivest-Shamir-Adleman) is an Asymmetric encryption technique that uses two different keys as public and private keys to perform the encryption and decryption. With RSA, you can encrypt sensitive information with a public key and a matching private key is used to decrypt the encrypted message.
Thanks to James K Polk comment I ended doing the following method:
private static byte[] Base64Decode(StringValues signature)
{
string incoming = signature.ToString().Replace('_', '/').Replace('-', '+');
switch (signature.ToString().Length % 4)
{
case 2:
incoming += "==";
break;
case 3:
incoming += "=";
break;
}
return Convert.FromBase64String(incoming);
}
and modifying my code from:
var bytesToDecrypt = Convert.FromBase64String(signature);
to:
var decoded = Base64Decode(signature);
var text = Encoding.ASCII.GetString(decoded);
var bytesToDecrypt = Base64Decode(text);
I needed to decode two times the signature using the URL-safe version of base64 decoding.
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With