This blog post explains the meaning of the error message "ASN1 bad tag value met".
Here is a sample of what one might see in a LastErrorText:
DllDate: Dec 3 2007
AcquireCSP: Microsoft Enhanced Cryptographic Provider v1.0,Chilkat,
decodeMessage.1: ASN1 bad tag value met.
NULL output data buffer
This error can happen if you pass non-ASN.1 data to a method that tries to decrypt using PKI, or verify a digital signature. For example, using Chilkat Crypt2:
Dim cStore As New Chilkat.CertStore
Dim myCert As Chilkat.Cert
myCert = cStore.GetCertificate(0)
Dim crypt As New Chilkat.Crypt2()
crypt.UnlockComponent("My unlock code")
crypt.CryptAlgorithm = "PKI"
Dim csp As New Chilkat.Csp()
crypt.EncodingMode = "base64"
<strong> Dim s As String
s = "This is definitely not ASN.1"
Dim bData As Byte()
bData = System.Text.ASCIIEncoding.ASCII.GetBytes(s)
Dim decryptedData As Byte()
decryptedData = crypt.DecryptBytes(bData)
TextBox1.Text = crypt.LastErrorText</strong>
Obviously, nobody is going to intentionally try to pass invalid data to the decrypting method. A more common mistake is to decrypt with a method that is not the reverse of the method used to encrypt. Here we list the encrypt methods and the corresponding decrypt methods:
- If encrypting with EncryptBytes, decrypt with DecryptBytes
- If encrypting with EncryptBytesENC, decrypt with DecryptBytesENC
- If encrypting with EncryptString, decrypt with DecryptString
- If encrypting with EncryptStringENC, decrypt with DecryptStringENC
The Chilkat encryption component is designed such that the method to be used for decrypting is the same name as that used for encrypting, except you replace "Encrypt" with "Decrypt".
Encryption methods ending in "ENC" perform an extra encoding step to return the encrypted data in a printable string form. The encoding is determined by the current setting of the EncodingMode property, which can be "base64″, "hex", "url", "quoted-printable", etc.
To decrypt, one must first decode to get the binary encrypted data, and then decrypt. The decrypt methods ending in "ENC" do this in one step (internally). Any decrypt method ending in "ENC" first decodes the string and then decrypts, returning either a string or byte array. DecryptString* methods return a string, DecryptBytes* methods return bytes.
If the decrypt method does not match the encrypt method, you’ll get an "ASN1 bad tag value met" error. For example, if you call EncryptBytesENC, but then call DecryptBytes. The EncryptBytesENC method returns the encrypted bytes as a base64-encoded string. However, DecryptBytes passes the data directly to the decryption process without first decoding from base64, therefore, the data passed to the decryptor is definitely not ASN.1.