RSA-Encryption | Scripts for Encrypting with RSA | Encryption library

You are facing a limitation of asymmetric encryption. It is very slow for large chunks of data and the encryption string size is limited by the RSA key size you are using.

RSA is usually used to exchange symmetric keys and handle large part of data. If you must use asymmetric for a big load of data, then you need to break your payload to smaller ones and reconstruct on the other side.

RSA is only able to encrypt data to a maximum amount of your key size (2048 bits = 256 bytes) minus padding / header data (11 bytes for PKCS#1 v1.5 padding).

If as you say, you are only sending 20 chars, then check indeed with a breakpoint, that your decrypt function gets indeed a small enough cypher text. If not you need to backtrack and check where you send the wrong thing.

It might also be that the standards of RSA are not the same in JSEncrypt and RSA in C# as it can be seen in this SO answer here

A typical sign process consists of
1) digest(message) => md
2) do_something_using_private_key(md) => signature

The EVP_DigestSignXXXs do these two steps for you, and RSA_sign do step 2 only, you need to do step 1 yourself, using EVP_DigestXXXs, SHA256_XXX, ...

For example:

A message that has been encrypted with the private key using the Chilkat-library cannot be decrypted with the public key using Java (at least not with the standard SunJCE-provider) or the java-based web-site, since different padding variants are used on both sides.

The prerequisite for a successful decryption is that both encryption and decryption use the same padding variant. The same applies to signing and verification.

There are two variants of the PKCS1-v1.5-padding described in RFC8017: One is RSAES-PKCS1-v1_5, which is used in the context of encryption and decryption, and the other is RSASSA-PKCS1-v1_5, which is used in the context of signing and verifying. RSAES-PKCS1-v1_5 is non-deterministic, i.e. repeated encryption of the same plaintext with the same key always generates different ciphertexts. RSASSA-PKCS1-v1_5 is deterministic, that is, it always generates the same ciphertext under the mentioned conditions.

Since the padding variant depends on the respective platform/library, a general statement is not possible. However, for the Chilkat-library and Java (standard SunJCE provider) the following applies (PKCS1-v1.5-padding assumed):

• The methods that Chilkat provides in the context of encryption/decryption use RSAES-PKCS1-v1_5 regardless of whether the public or private key is used for encryption. Analog methods also exist in the context of signing/verifying. These use RSASSA-PKCS1-v1_5. To check this, the padding variant can be determined by setting the Chilkat.Rsa#NoUnpad flag to true, so that the padding is not removed during decryption. Another option for a test is to repeatedly encrypt the same plaintext with the same key. Since RSAES-PKCS1-v1_5 is probabilistic, different ciphertexts are generated each time.

• In Java, the Cipher-class determines which padding variant is used based on the mode (encryption or decryption) and the key type used (private or public). For encryption with the public key and decryption with the private key, RSAES-PKCS1-v1_5 is used. For encryption with the private key and decryption with the public key, RSASSA-PKCS1-v1_5 is used. For signing/verifying, Java provides the Signature-class which uses RSASSA-PKCS1-v1_5. To check this, proceed as described above. In Java, you can prevent the padding from being removed with RSA/ECB/NoPadding during decryption.

Since in the context of encryption/decryption the public key is used for encryption and the private key is used for decryption, and dedicated classes or methods are used in the context of signing/verifying, there are no or few use cases for direct encryption with the private key and decryption with the public key. Furthermore or maybe because of that these processes are not uniformly implemented in the libraries as you can see in the example of the Chilkat-library and Java.

Altogether three cases can be distinguished for the Chilkat-library and Java:

• Within the same library/language, encryption can be performed with the public or private key and decryption with the respective counterpart. For this reason the encryption and decryption on the web site (using Java) works in the posted example Second Attempt: Both the encryption with the private key and the decryption with the public key use RSASSA-PKCS1-v1_5.
• If in the Chilkat-code the public key is used for encryption and in Java the private key is used for decryption, RSAES-PKCS1-v1_5 is used for both encryption and decryption, which is why decryption works.
• However, if in the Chilkat-code the private key is used for encryption and in Java the public key is used for decryption, RSAES-PKCS1-v1_5 is used for encryption and RSASSA-PKCS1-v1_5 is used for decryption. Both padding variants therefore differ and decryption fails. This corresponds to the scenario described in the question.

After this explanation now to your question: My question is, is there anything in Chilkat that I need to setup so that it can encrypt content that would allow a Java application (like the website link posted above) to be able to decrypt? Since the Java-code uses RSASSA-PKCS1-v1_5 for decryption with a public key, it would be necessary for compatibility to change the padding variant in the Chilkat-code from RSAES-PKCS1-v1_5 to RSASSA-PKCS1-v1_5 in the context of encryption/decryption. If you look at Chilkat's RSA-methods, it seems that this is not intended, but that the logic for determining the padding variant is hard coded (as probably with most libraries). You can only choose between PKCS1-v1.5-padding and OAEP for padding. This means that a message encrypted with the private key using the Chilkat-code cannot be decrypted with the public key in Java or on the website.

What are the alternatives? According to the question, the goal is: The reason for the public key decryption is to achieve a form of digital signing where the recipient decrypts the encrypted content to reveal a hash value.

• Here it would be a good idea to create a standard signature on the Chilkat-side, e.g. with signBytes. The hash of the data is created automatically and RSASSA-PKCS1-v1_5 is used as padding variant (if the data are already hashed, the method signHash can be used). On the Java-side, this signature can be verified. Alternatively, the signature can be decrypted with the public key, which allows the hash value to be determined, since Java uses the padding variant RSASSA-PKCS1-v1_5 in both cases. Decryption is also possible on the web site, but the decrypted data are not displayed properly because they are only given as a string (which does not produce any meaningful output because of the arbitrary byte-sequences in a hash) and the encoding cannot be changed to hexadecimal or Base64.
• Another possibility might be to use Chilkat on the Java-side as well. Probably Chilkat uses a uniform logic across platforms (which I didn't verify however).

You have to use flutters WebView package to send data from Flutter to HTML using JavaScript.

Follow this short tutorial to get a quick overview off the WebView package: https://medium.com/flutter/the-power-of-webviews-in-flutter-a56234b57df2

If you assign a WebViewController to the WebView (see tutorial) you can use the controller to send JavaScript messages to the HTML webpage from Flutter.

Use the following code in the «onPageFinished» function of the WebView widget:

This code solve my problem:

I have found an answer for one of the two problems I have, and is that I haven't readed completely the JOSE-JWT repo, it says:

Ended up going with bouncy castle implementation, though as Maarten points out there is likely a vanilla solution available.

I think i figured it out. When reading a private key file, you must include the ---BEGIN RSA PRIVATE KEY--- and ---END RSA PRIVATE KEY--- banner.

The details of what the fields of RSAParameters must look like are given at the bottom of the page in the Feedback section by user bartonjs (who is also a stackoverflow user of the same name). Here is a copy of his comment:

The full rules of the arrays for RSAParameters values are as follows:

• Modulus: The unsigned big-endian representation of the RSA modulus value. Modulus[0] must not have the value 0x00.
• Exponent: The unsigned big-endian representation of the RSA public exponent value. Exponent[0] must not have the value 0x00.

The other fields must either all be null (public key parameters), or all non-null (private key parameters). When the values are non-null:

• D: The unsigned big-endian representation of the RSA private exponent value. This array must be equal in length to the length of the Modulus value, inserting 0x00-value bytes at low indexes as necessary.
• P: The unsigned big-endian representation of the RSA prime p. This array must be equal in length to half of the length of the Modulus value (round up if necessary), inserting 0x00-value bytes at low indexes as necessary.
• Q: The unsigned big-endian representation of the RSA prime q. This array must be equal in length to half of the length of the Modulus value (round up if necessary), inserting 0x00-value bytes at low indexes as necessary. DP: The unsigned big-endian representation of the RSA CRT parameter dp. This array must be equal in length to half of the length of the Modulus value (round up if necessary), inserting 0x00-value bytes at low indexes as necessary.
• DQ: The unsigned big-endian representation of the RSA CRT parameter dq. This array must be equal in length to half of the length of the Modulus value (round up if necessary), inserting 0x00-value bytes at low indexes as necessary.
• InverseQ: The unsigned big-endian representation of the RSA CRT parameter qInverse. This array must be equal in length to half of the length of the Modulus value (round up if necessary), inserting 0x00-value bytes at low indexes as necessary.

Example: For a RSA key with a KeySize value of 2056 and having the standard public exponent value 0x010001, the array lengths are:

Public Key:

• Modulus: 257 bytes
• Exponent: 3 bytes
• D, P, Q, DP, DQ, InverseQ: null values.

Private Key:

• Modulus: 257 bytes
• Exponent: 3 bytes
• D: 257 bytes
• P: 129 bytes
• Q: 129 bytes
• DP: 129 bytes
• DQ: 129 bytes
• InverseQ: 129 bytes

Note that BigInteger.ToByteArray() returns the little-endian representation. This must be reversed to get the big-endian representation required by RSAParameters.