current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free, no registration required.
up vote 1 down vote favorite

Let me explain the back-story to my question:

I have made a .NET program that logs into an account on a website and scrapes various pages of information. In order to login to the website, I must perform an RSA encryption on the password using a public key and exponent (which are both provided by the Server's HTTP response). So far, I cannot find an RSA library that you can call from C# which will perform this encryption in such a way that the server won't throw a security error.

Since none of the C# RSA options can successfully talk to the server I must use a modified version of this Javascript RSA library in order to encrypt a password the server will recognize:

http://www-cs-students.stanford.edu/~tjw/jsbn/

The javascript code above is also provided by the server when you attempt to login.

Initially, I called the Javascript library by using a Jurassic.DLL Javascript engine which would compile the Javascript code into CIL and easily allow me to perform the encryption that the server would accept. However, this introduced an unwanted dependency on a javascript file to my program. So, I decided to take it one step further.

I wrapped the functionality of the javascript file into a JScript.NET class and created a function that would do the encryption. I compiled it to a .NET DLL using the JScript.NET compiler and now I can call that DLL to get the encryption that I need. This works great since the server accepts the result without my program depending on some javascript file, but it still isn't quite as 'tight' as I would like.

I was considering the following options, and I need some educated opinions on either one:

  1. Painstakingly convert the RSA code to C#. This is very, very difficult since JS by nature doesn't have static types, and it is difficult to deduce what variable is what type in the RSA code, not even mentioning the idea of mapping one js data type to a C# one. Moreover, the RSA code has undescriptive variable names like c, x, w, etc. In spite of these shortcomings, this option would bring the advantage of having one fewer dependency on a dll. Would this option really be worth the trouble, though?

  2. Keep the RSA dll and continue using it. It would introduce another dependency, but at least it would work. The downside is that it was compiled from JScript.NET and is being called from C#. This may introduce some strange problems.

I would use RSACryptoServiceProvider in the .NET library or even ManagedOpenSSL.NET, but no matter what I try to do, I cannot get either of those libraries to send an encrypted password that the server won't reject after spending quite some time on it.

share|improve this question

closed as primarily opinion-based by jwenting, Kilian Foth, Snowman, MichaelT, ratchet freak Nov 17 '14 at 9:40

Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise.If this question can be reworded to fit the rules in the help center, please edit the question.
2  
why is relying on a JScript.NET assembly in any way not desirable? Sounds like a 3rd party library that works perfectly well for your very narrow use case. I don't see the downside. If you really have some bone to pick with the idea a non-homogenous system (pressing for homogeny over pragmatism is the cause of many terrible systems in the world), you can just use ILSpy or Reflector to reverse the IL in the dll to C#, then refactor it as you like into something that looks less disassembled... –  Jimmy Hoffa Oct 29 '14 at 19:20
2  
While your question hasn't been closed, you might want to take a look at Why was my question closed as primarily opinion-based?. –  Adam Zuckerman Oct 29 '14 at 22:00
    
Implementing textbook RSA encryption in C# is trivial: BigInteger.ModPow(plaintext, e, n). But I don't know what kind of padding the java implementation applies. –  CodesInChaos Oct 30 '14 at 8:59
    
Thanks for your responses. Jimmy, after considering the situation, I am inclined to agree with you. And CodesInChaos, I will try that solution as well. I think the problem is that the JScript.NET function uses a different padding scheme that never works out the way that the server would accept it. And sorry for the opinion-based question, Adam. –  idungotnosn Oct 31 '14 at 13:51

Browse other questions tagged or ask your own question.