Import CSP blob exported from .NET into python pyCrypto

问题

I have a CPS Blob exported from certificate using RSACryptoServiceProvider.ExportCspBlob in my .NET application.

return Convert.ToBase64String(rsaAlg.ExportCspBlob(false /*includePrivateParameters*/));

Now, I need to import that blob in python application. I tried using pyCrypto, but with no luck.

# that's the value I'm getting from .NET code above
key = 'BgIAAAAkAABSU0ExAAgAAAEAAQARMnLlzOgHkmHssf6ZSFJn8TlTiOBSoRSEnkI4U0UI6n1jFY2bTWS9O5uApMNXz1vr5OyxoXsNVF2XrNM4DOC+lRn3R/H+mZZxZY1F8oXxhe4L5AFOMhyykPreQtu9z+oKOzVB80zR+EU+nc/290POVK9/LGzP94cTk0VHSZdXDgL1eOiXLSg8h1OnJmMGxY6HyNvbF90onoHMWNrIeRue1vP/S5QLwuzkHv6tgm54bSwXWXFdDRbjtrA9HJkbf74hflAIqivO34bx+53whl2fEsC51eXqFdCr7XJJw+bwlENwDF9bUtCXQ+jXbiYtzvMbntRCKZ8LPRqlN9OWrBC2';

from Crypto.PublicKey import RSA
from Crypto.Util import asn1
from base64 import b64decode

# let's decrypt base64 first
keyDER = b64decode(key)

seq = asn1.DerSequence()
seq.decode(keyDER)
keyPub = RSA.importKey(keyDER)

I'm getting

Traceback (most recent call last): File "C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\Extensio ns\Microsoft\Python Tools for Visual Studio\2.1\visualstudio_py_util.py", line 1 06, in exec_file exec_code(code, file, global_variables) File "C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\Extensio ns\Microsoft\Python Tools for Visual Studio\2.1\visualstudio_py_util.py", line 8 2, in exec_code exec(code_obj, global_variables) File "c:\users\marcinj\documents\visual studio 2013\Projects\PythonApplication 1\PythonApplication1\PythonApplication1.py", line 12, in seq.decode(keyDER) File "C:\Python27\lib\site-packages\Crypto\Util\asn1.py", line 237, in decode raise ValueError("Not a DER SEQUENCE.") ValueError: Not a DER SEQUENCE.

回答1:

The CSP blob format is proprietary to Microsoft and poorly documented. Rather than use that format I would instead use the ExportParameters method to get an RSAParameters struct. From this struct I would directly access the Exponent and Modulus byte arrays and base64 encode them for transfer to the python program, as in the following snippet:

var rsa = RSA.Create ();
var RsaParms = rsa.ExportParameters (false);
Console.WriteLine (Convert.ToBase64String( RsaParms.Modulus));
Console.WriteLine (Convert.ToBase64String (RsaParms.Exponent));

In the python program, the documentation for PyCrypto's RSA importKey mentions a few options for acceptable formats. The simplest of these is the PKCS#1 RSAPublicKey structure. This is quite easy to construct from the asn1 module, as in the following snippet:

mod_raw = b64decode('qLhDLGNh7+9xRahkaWILm5HcG3T0Q4SUoDA3bpQtqLxU3AQ/fmYQWLXh0Se1mhQ3AIMduVgKaJhK1sH+G/toXuQ0n5ENw6PtGMODwsDXF072kaBKD3JBZSESC9a9a8QDoGtv7WwvH1UcIE9di60C7YdBMlqqBgkjMQ6c3CTh9KU=')
exp_raw = b64decode('EQ==')
mod = int.from_bytes(mod_raw, 'big')
exp = int.from_bytes(exp_raw, 'big')
seq = asn1.DerSequence()
seq.append(mod)
seq.append(exp)
der = seq.encode()
keyPub = RSA.importKey(der)

来源：https://stackoverflow.com/questions/28288397/import-csp-blob-exported-from-net-into-python-pycrypto