000026122 - How to make RSA BSAFE libraries interoperate with Microsoft's CryptoAPI (MS CAPI)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026122
Microsoft CryptoAPI (MS CAPI)
Trying to extract an RSA Public Key from the RSA_CSP_PUBLICKEYBLOB defined in wincrypt.h
IssueHow to make RSA BSAFE libraries interoperate with Microsoft's CryptoAPI (MS CAPI)
How to use RSA BSAFE Crypto-C with Microsoft's CryptoAPI
RSA BSAFE Crypto-C unable to use the public key
User sees a 533 (BE_MODULUS_LEN) error from B_SetKeyInfo.
CauseMicrosoft CryptoAPI deals with data "blobs" using little-endian byte ordering, while the BSAFE products depend on big-endian (canonical) order of bytes.  Therefore, when BSAFE gives you a signature value (for example), the B_SignFinal routine fills in an array with the signature bytes with the most significant byte in position 0.  When you feed this signature to Microsoft CryptoAPI to be verified (for example), the least significant byte must be in position 0.
ResolutionTry reversing the byte order of the byte array. In other words, construct a new byte array from the reverse of those bytes. So, if your old array was 4f 3d 2c (in hex), you would reverse those bytes and use 2c 3d 4f and so on.

Also, download the Crypto-C 4.2 CryptoAPI Testcase on RSA SecurCare Online for an example demonstrating verification of a signature created using CryptoAPI.  Even though this testcase was originally written using Crypto-C 4.2, the latest version of Crypto-C can be substituted for Crypto-C 4.2.
NotesThis is a completely seperate issue from the little-endian ordering of integers on Intel hardware.  This issue concerns the reversing of big-number data in byte arrays, which can span hundreds of bytes.
Legacy Article ID6.0.3318149.2914371