Archived Forum Post

Index of archived forum posts

Question:

decrypting saml with ssl

Jan 22 '13 at 16:49

Does any one have experience decrypting a base64 sting that is signed with my public ssl(pki) key? The application is in asp classic so I can not use any of the pre-built .net libraries. Looking at the saml, it is just a xml doc. My question is the decryption part.

This is what I have so far:

FN = "C:ecerts_insurancevisions_com.cer"

Set oCert = Server.CreateObject("Chilkat.Cert") Set crypt = Server.CreateObject("Chilkat.Crypt2")

crypt.UnlockComponent "123456" crypt.AddEncryptCert oCert crypt.CryptAlgorithm = "pki" crypt.EncodingMode = "base64"

strBase64 = "za4K/+V645Uyj1l5AjmTiM8Ys4zYt8htPastC7Lk29J5JrBO99yqRXv52y9....."

decoded = crypt.DecryptStringENC(strBase64) Response.Write crypt.lasterrorhtml Response.Write len(decoded) Response.Write Server.HTMLEncode(decoded)


Here is the last error that is returned
ChilkatLog:

DecryptStringENC:

    DllDate: Apr 17 2012
    UnlockPrefix: 30-day trial
    Username: BUTCHER:IUSR_INSVISIONS-1
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    hcCurDate: Thu, 17 Jan 2013 09:34:02 -0800
    hcExpire: 7/2012
    SizeAfterDecoding: 4640
    algorithm: pki
    ASN.1 length should not be more than 4 bytes in definite long-form.
    This error typically occurs when trying to decode data that is not ASN.1
    A common cause is when decrypting ASN.1 data with an invalid password,
    which results in garbage data. An attempt is made to decode the garbage bytes
    as ASN.1, and this error occurs...
    Failed to parse ASN.1 header.
    DER contains no ASN.1 nodes.
    Failed to decode DER.
    Not PKCS7 DER
    Failed to decrypt.
    Failed to decrypt data.

Answer

I base64 decoded the first part of the string you provided ("za4K/+V645Uyj1l5AjmTiM8Ys4zYt8htPastC7Lk29J5JrBO99yqRXv52y9") and it does not decode to any recognizable DER-encoded ASN.1 -- which agrees with the information in the LastErrorText. Unfortunately, I don't know what it is you have in your Base64 string.