c# – Decrypt PKCS # 7 data encrypted according to GOST 28147

Question:

There is a PKCS # 7 file with data encrypted according to the GOST 28147 algorithm. The certificate and private key are exported to a pfx file. I am trying to decrypt data using the BouncyCastle 1.8.1 library:

var cmsEnvelopedData = new CmsEnvelopedData(File.ReadAllBytes(@"encrypted-file.bin"));
var recipient1 = cmsEnvelopedData.GetRecipientInfos().GetRecipients().Cast<RecipientInformation>().First();

string path = @"cert.pfx";
string password = "1111";
var builder = new Pkcs12StoreBuilder();
var store = builder.Build();
using (var stream = File.OpenRead(path))
{
    store.Load(stream, password.ToCharArray());
}
var privateKey = store.GetKey(store.Aliases.Cast<string>().Single()).Key;

byte[] data1 = recipient1.GetContent(privateKey);

On the last line, an error falls:

Org.BouncyCastle.Cms.CmsException: couldn't create cipher. —> Org.BouncyCastle.Security.SecurityUtilityException: Cipher 1.2.643.2.2.19 not recognized. at Org.BouncyCastle.Security.CipherUtilities.GetCipher (String algorithm) at Org.BouncyCastle.Security.WrapperUtilities.GetWrapper (String algorithm) at Org.BouncyCastle.Cms.KeyTransRecipientInformation.UnwrapKey exception of innerParameters stack — trace — at Org.BouncyCastle.Cms.KeyTransRecipientInformation.UnwrapKey (ICipherParameters key) at Org.BouncyCastle.Cms.KeyTransRecipientInformation.GetContentStream (ICipherParameters key) at Org.BouncyCastle.Cms.RecipientInformation.

It looks like the GetContent method is unable to parse the private key. What could be the problem?

Answer:

According to this table, there is only one encryption algorithm, and it really is 28147, only its OID is 1.2.643.2.2.21.

You have, judging by mistake, OID 1.2.643.2.2.19, which refers to the export / import of keys. So, either you took the wrong file, or did the wrong decryption.

On the topic of decryption, I would advise you to look aside for example this question , although I may be mistaken.

Scroll to Top