|Applies To||RSA BSAFE|
Microsoft CryptoAPI (MS CAPI)
Trying to extract an RSA Public Key from the RSA_CSP_PUBLICKEYBLOB defined in wincrypt.h
|Issue||How to make RSA BSAFE libraries interoperate with Microsoft's CryptoAPI (MS CAPI)|
How to use RSA BSAFE Crypto-C with Microsoft's CryptoAPI
RSA BSAFE Crypto-C unable to use the public key
User sees a 533 (BE_MODULUS_LEN) error from B_SetKeyInfo.
|Cause||Microsoft CryptoAPI deals with data "blobs" using little-endian byte ordering, while the BSAFE products depend on big-endian (canonical) order of bytes. Therefore, when BSAFE gives you a signature value (for example), the B_SignFinal routine fills in an array with the signature bytes with the most significant byte in position 0. When you feed this signature to Microsoft CryptoAPI to be verified (for example), the least significant byte must be in position 0.|
|Resolution||Try reversing the byte order of the byte array. In other words, construct a new byte array from the reverse of those bytes. So, if your old array was 4f 3d 2c (in hex), you would reverse those bytes and use 2c 3d 4f and so on.|
Also, download the Crypto-C 4.2 CryptoAPI Testcase on RSA SecurCare Online for an example demonstrating verification of a signature created using CryptoAPI. Even though this testcase was originally written using Crypto-C 4.2, the latest version of Crypto-C can be substituted for Crypto-C 4.2.
|Notes||This is a completely seperate issue from the little-endian ordering of integers on Intel hardware. This issue concerns the reversing of big-number data in byte arrays, which can span hundreds of bytes.|
|Legacy Article ID||6.0.3318149.2914371|