RSACryptoServiceProvider使用公钥解密失败

Question

I am thinking I should be able to decrypt using the public key when the server sends data by encrypting with the private key. But this is throwing an error.

    var message = "test";

    byte[] encryped;
    byte[] decryped;

    {
        string path = ".\\1.pfx";
        string password = "1";
        X509Certificate2 certificate = new X509Certificate2(path, password);
        RSACryptoServiceProvider provider = 
                certificate.PrivateKey as RSACryptoServiceProvider;

        encryped = RSAEncrypt(provider, Encoding.Unicode.GetBytes(message));
    }

    {
        string path = ".\\1.cer";
        X509Certificate2 certificate = new X509Certificate2(path);
        RSACryptoServiceProvider provider = 
                certificate.PublicKey.Key as RSACryptoServiceProvider;

        decryped = RSADecrypt(provider, encryped);
    }

    Assert.IsTrue(message == Encoding.Unicode.GetString(decryped));

The methods themselves are simple.

    public static byte[] RSAEncrypt(RSACryptoServiceProvider rsa, byte[] plaintext)
    {
        byte[] encryptedData;
        encryptedData = rsa.Encrypt(plaintext, true);
        return encryptedData;
    }



    public static byte[] RSADecrypt(RSACryptoServiceProvider rsa, byte[] ciphertext)
    {
        byte[] decryptedData;
        decryptedData = rsa.Decrypt(ciphertext, true);
        return decryptedData;
    }

This is throwing the following error.

System.Security.Cryptography.CryptographicException: 'Error occurred while decoding OAEP padding.'

Answer 1

.NET does not expose "raw" (or "unpadded") RSA operations.

In a signing operation with RSA, the signer takes the hash algorithm and the hash value, builds the padded structured message around it, and does the RSA operation using the private key.

In a verification operation, the verifier does the RSA operation using the public key, checks that the padding structure is intact, and (directly or indirectly) checks that the hash algorithm and hash value match the expected results.

In an encryption operation the message is put into an encryption padding structure and the RSA operation is performed with the recipient's public key.

In a decryption operation the message goes through the RSA operation using the recipient's private key, the padding structure is verified, and then the encapsulated message is returned.

|-----------|--------------|-----------------|
| Operation | Pub/Priv Key | Add/Rem Padding |
|-----------|--------------|-----------------|
| Sign      | Private      | Add PKCS#1/PSS  |
| Encrypt   | Public       | Add PKCS#1/OAEP |
| Decrypt   | Private      | Remove (Encrypt)|
| Verify    | Public       | Remove (Sign)   |
|-----------|--------------|-----------------|

Since you have a signature you need an operation which uses the public key with the RSA operation and removes padding (instead of adds it). That means only VerifyData or VerifyHash will do what you want.