[CryptoAPI] Invalid syntax on line 9
Question
Forge component by João Barata

Hello everyone, 

I'm having this error message when trying to encrypt a text using a public key generated on an authentication server here in the company. As you can see in the OML file, I created a server action with RSA_Encrypt and put the public key in the PublicKey parameter and a text 123456 in the PlainText parameter. When running WebScreen the error "Invalid syntax on line 9" is displayed on the screen. Can you help me with this?


If you need the public key I am using is:


----- BEGIN PUBLIC KEY -----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Ro6mO + SICi7unoYbkt1

HCQbbfNMjoB8BDOcGi63R / wlxl4SAQZp5J5BTPtAI5h6Ym9j7 + IJYC8qZyZzq7Z6

mhOAlDWztPT + Eidn4tF2NzIXLaQRNJMxpvIArZs8Oigh7s3WqDPH2ENPKxECbiQ0

sbzDMZ0Cy98BCsHadmGY8sszQjT63dSwAgOhmvQdxABwDtC / w955XDWOAjKYX + Xd

yyr / aNVKEuM / E8Vn / 0JyiDow4EgDgBpR4hyXELUiyZFBHT3AyNvik / qHrlwGbAwn

HRZLq4rxT1dtlmmufV4DWOHVf1d7ZQ5eHtNZp6gADuNkfl0XCFOM91dvdEpfMfDF

LQIDAQAB

----- END PUBLIC KEY -----


The OML file is attached.

CryptoTest.oml

Hi Thiago,

CryptoAPI actions don't directly support PEM encoded RSA keys. You'll need to convert them to XML notation using RSA_PrivateKeyFromPEM (yes, I'm aware the name doesn't make it obvious you should use it for a public key).

I don't remember if I tried it with a public key directly, but think it should work.

Please give it a go and let me know if you're having issues so I can look further into it.

Hi Ricardo,

I tried to use RSA_PrivateKeyFromPEM, but I did not succeed.

However, since you said that I needed to convert my PEM file to XML I made this conversion through https://superdry.apphb.com/tools/online-rsa-key-converter


With a public key generated for testing it worked. But with my public key generated by the authentication platform did not work, I'm not sure if the error could be in PKCS format or in another detail that I have not seen.


I keep trying here.

Hi,

What exactly didn't work with the key generated by the application?

Was it the online tool for converting that failed? Or was CryptoAPI which then failed to use the converted XML key?

Hi Ricardo,

Sorry for the delay in coming back here.

So I had some evolution from yesterday to today.

I was able to use the RSA_PrivateKeyFromPEM.

I believe that the manipulation of private and public keys is already ok.


But I believe I'm having trouble with the encryption type.

I believe that the error reported in the topic has already been remedied. I'll open another post, because I think the error is already related to something else.


Thank you so far Ricardo.

Not working please advise.

Error detail

Back to Log

Id

0f51a171-2b16-4201-8c7c-04f6288587b9


Request Key

4a4877de-a379-4f05-b850-9b1c3ef1afbc

Module

calvinust02_SFO_SOAP

Tenant

Users

User

 (7)

Session Id

GfVoqDWw3EOmh7aq7qtRUw==

Server

EC2AMAZ-TEQ9CUL

Source


Message

Length cannot be less than zero.
Parameter name: length

Environment Information

eSpaceVer: Id=311, PubId=0, CompiledWith=11.10.8.060000
RequestUrl: https://hkust-dev.jku3mkvfan.getoutsystems.com/calvinust02_SFO_SOAP/moduleservices/log?clientTimeInMillis=1630898510720 (Method: POST)
AppDomain: /LM/W3SVC/1/ROOT/calvinust02_SFO_SOAP-321-132753720728033366
FilePath: D:\OutSystems\Platform Server\running\calvinust02_SFO_SOAP.01577510155\
ClientIp: 10.0.0.158 X-Forwarded-For: 143.89.239.137
Locale: en-US
DateFormat: yyyy-MM-dd
PID: 3504 ('w3wp', Started='8/17/2021 10:21:51 PM', Priv=965Mb, Virt=2109827Mb)
TID: 154
Thread Name:
.NET: 4.0.30319.42000
Client Runtime Packages: client-runtime-core= 3.0.7;client-runtime-view-framework-react= 1.5.6;client-runtime-widgets= 1.5.6;
Client-Side Log

Stack

RSA_PrivateKeyFromPEM
System.ArgumentOutOfRangeException: Length cannot be less than zero.
Parameter name: length
at Object.s [as getException] (https://hkust-dev.jku3mkvfan.getoutsystems.com/calvinust02_SFO_SOAP/scripts/OutSystems.js?LTlhHECPOUxqT4vuxlhDGg:2:6362)
at c.onSuccess (https://hkust-dev.jku3mkvfan.getoutsystems.com/calvinust02_SFO_SOAP/scripts/OutSystems.js?LTlhHECPOUxqT4vuxlhDGg:3:709)
    at XMLHttpRequest.<anonymous> (https://hkust-dev.jku3mkvfan.getoutsystems.com/calvinust02_SFO_SOAP/scripts/OutSystems.js?LTlhHECPOUxqT4vuxlhDGg:2:28299)

I cannot use the RSA_PrivateKeyFromPEM.

My private key is RSA Encrypted 2048 Bytes PKCS-1 Padding required.

My Private Key is 

-----BEGIN PRIVATE KEY-----

base 64 encoded string here


-----END PRIVATE KEY-----


I copy the string as shown above exactly.

I tried to removed the -----BEGIN PRIVATE KEY-----,

-----END PRIVATE KEY----- and place the string into the private Key input parameters it does not work.


Only XML notation of the key worked.  To get the XML notation key, I need to do manual calculation of the RSA algorithm which is quite time consuming.  The C# .NET 4.0 supports ImportParameters or FromXMLString.

If I need to use an online XML converter,

https://superdry.apphb.com/tools/online-rsa-key-converter

My Private key is submitted via the internet which is undesirable.  

If I need to convert my PEM to XML String, I do not need this extension, I can write me own C# Extension because the specification required to Sign the Data with custom parameters , furthermore I have to create an Extension to Call the SOAP Request , Parse the Response and decrypt the message to get the security token.




This is the Actions I have been using 

RSA_PrivateKeyFromPEM

The PEM I input is the private key I copied directly and the following error occured.

RSA_PrivateKeyFromPEM
System.ArgumentOutOfRangeException: Length cannot be less than zero.
Parameter name: length




Development platform: Reactive

Outsystems Service Studio Versions:11.11.13, Build 47944

Could you provide me an example of a Private key that causes this error so I can try to replicate it?

In the meantime, could you also check if the private key that you have is valid by using openssl

openssl rsa -in privateKey.key -check

https://www.sslshopper.com/article-most-common-openssl-commands.html

Regards,

Sorry I had missed it before, you mentioned that your private key is "RSA Encrypted 2048 Bytes".


That means that it looks like:

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: <encryption algorithm info here>


<base 64 encoded string here >

-----END RSA PRIVATE KEY-----


Unfortunately, that is not supported at the moment but I'll make sure I'll add it to my backlog for a future version.

Currently, only unencrypted private keys are supported.
They look like this:

-----BEGIN RSA PRIVATE KEY-----

<base 64 encoded string here >

-----END RSA PRIVATE KEY-----




Try it with 

-----BEGIN RSA PRIVATE KEY-----

Did you try my suggestion? 


Thanks freek, but it does not work

Keep in mind only a private key kan be transformed.

Try the private key generated on this site:

https://8gwifi.org/RSAFunctionality?rsasignverifyfunctions=rsasignverifyfunctions&keysize=2048


I tried it myself and the RSA_PrivateKeyFromPEM function works.


Hi Nick,

I just found an issue on the Demo application where the input text area was being limited to 500 characters. This was clearly not enough characters to receive a 2048bit RSA key in PEM format.

I've just uploaded the version of the fix to the component as well as to the "Try Now" example.
Using the private key from the example link you provided, is working fine now.

Alternatively, you could use OpenSSL to generate a Private key.

Please be aware that the current version only supports unencrypted private keys, so in order to generate one you will need to run the following commands:

openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM

https://rietta.com/blog/openssl-generating-rsa-key-from-command/


Then use the contents of the private_unencrypted.pem on the demo application and check that it was able to parse it.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.