Difference between PKCS1-padding/RSA encryption ios objc and java

Question

I’m developing a application for ios and Android. I’m relatively new to crypto tasks and for the last 3 Days I keep banging my head against the wall because I’m not able to get

Answer 1

In Android or Java, the generated keys are in standard ASN.1 format which works fine in outer world(Client Side, Server side) but in iOS the generated keys(public, private) are in raw format, you have to convert it in proper ASN.1 format to make them workable.

Answer 2

Try up with splitting cipher text into multiple parts so that each contains 16 char long and separately decode them. I too faced the same problem but that was in PHP for a long time and above trick worked for me.

This may be help you to get-out of the problem.

Answer 3

Decoding the Base64 key gives:

MCwwDQYJKoZIhvcNAQEBBQADGwAwGAIRAK+dBpbOKw+1VKMWoFxjU6UCAwEAAQ==
-> 302c300d06092a864886f70d0101010500031b003018021100af9d0696ce2b0fb554a316a05c6353a50203010001

Interpreting this as DER-encoded ASN.1, we find:

30(2c) //SEQUENCE
  30(0d)  //SEQUENCE
    06(09): 2a 86 48 86 f7 0d 01 01 01  //OID 1.2.840.113548.1.1.1 (RSA Encryption)
    05(00): //NULL                           
    03(1b): [00] 30 18 02 11 00 af 9d 06 96 ce 2b 0f b5 54 a3 16 a0 5c 63 53 a5 02 03 01 00 01 //BITSTRING

Where the BITSTRING also seems to contain DER-encoded ASN.1:

30(18) //SEQUENCE
  02(11): 00 af 9d 06 96 ce 2b 0f b5 54 a3 16 a0 5c 63 53 a5 02 03 01 00 01 //INTEGER

 = 0xaf9d0696ce2b0fb554a316a05c6353a50203010001

Walking through the IOS code, you can see that it is parsing the DER-encoded ASN.1. It correctly identifies the first two SEQUENCE tags, and skips over the OID field without even verifying that it is an OID. Then the problem occurs: the IOS code expects the next tag to be BITSTRING(0x03)---but in our data, we have an additional NULL(0x05) field to denote that the public exponent is implicit. The IOS code raises an exception upon encountering the 0x05 tag. If the NULL weren't there, we see that the IOS code would have successfully extracted the contents of the BITSTRING.

So: either the NULL is an optional field, and the IOS code isn't permitting it, or the IOS code is expecting a different ASN.1 structure. For example, it appears that the BITSTRING is also a DER-encoded ASN.1 INTEGER (presumably the RSA modulus). Yet the IOS code makes no attempt to parse it. It may be that the IOS SecKeyEncrypt routine expects this format for the modulus, or it may be that the caller is supposed to extract the raw bytes of the modulus.

So there's a little bit of experimentation still needed. But the following additional conditional is definately necessary if this code is to parse the supplied data object:

/* Skip OID */
i += 15;

if (i >= bytesLen - 2)
    [Exception raise:FAILURE function:__PRETTY_FUNCTION__ line:__LINE__ description:@"Could not set public key."];

if (bytes[i] == 0x05)    /* This should handle the spurious ASN.1 NULL field */
    i += 2;

if (bytes[i++] != 0x03)