Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component

Index of Chilkat Blog Posts

December 4, 2007

ASN1 bad tag value met.

This blog post explains the meaning of the error message "ASN1 bad tag value met".
Here is a sample of what one might see in a LastErrorText:

    DllDate: Dec  3 2007
    keyLengthInBits: 128
    numBytes: 373580
    paddingScheme: 0
    algorithm: pki
    providerType: 1
    AcquireCSP: Microsoft Enhanced Cryptographic Provider v1.0,Chilkat,
    using_algorithm: 3DES
    decodeMessage.1: ASN1 bad tag value met.
    NULL output data buffer

This error can happen if you pass non-ASN.1 data to a method that tries to decrypt using PKI, or verify a digital signature. For example, using Chilkat Crypt2:

        Dim cStore As New Chilkat.CertStore
        cStore.LoadPfxFile("testUser-rsa1.pfx", "password")
        Dim myCert As Chilkat.Cert
        myCert = cStore.GetCertificate(0)
        Dim crypt As New Chilkat.Crypt2()
        crypt.UnlockComponent("My unlock code")
        crypt.CryptAlgorithm = "PKI"
        Dim csp As New Chilkat.Csp()
        crypt.EncodingMode = "base64"
<strong>        Dim s As String
        s = "This is definitely not ASN.1"
        Dim bData As Byte()
        bData = System.Text.ASCIIEncoding.ASCII.GetBytes(s)
        Dim decryptedData As Byte()
        decryptedData = crypt.DecryptBytes(bData)
        TextBox1.Text = crypt.LastErrorText</strong>

Obviously, nobody is going to intentionally try to pass invalid data to the decrypting method. A more common mistake is to decrypt with a method that is not the reverse of the method used to encrypt. Here we list the encrypt methods and the corresponding decrypt methods:

  • If encrypting with EncryptBytes, decrypt with DecryptBytes
  • If encrypting with EncryptBytesENC, decrypt with DecryptBytesENC
  • If encrypting with EncryptString, decrypt with DecryptString
  • If encrypting with EncryptStringENC, decrypt with DecryptStringENC

The Chilkat encryption component is designed such that the method to be used for decrypting is the same name as that used for encrypting, except you replace "Encrypt" with "Decrypt".

Encryption methods ending in "ENC" perform an extra encoding step to return the encrypted data in a printable string form. The encoding is determined by the current setting of the EncodingMode property, which can be "base64″, "hex", "url", "quoted-printable", etc.
To decrypt, one must first decode to get the binary encrypted data, and then decrypt. The decrypt methods ending in "ENC" do this in one step (internally). Any decrypt method ending in "ENC" first decodes the string and then decrypts, returning either a string or byte array. DecryptString* methods return a string, DecryptBytes* methods return bytes.

If the decrypt method does not match the encrypt method, you’ll get an "ASN1 bad tag value met" error. For example, if you call EncryptBytesENC, but then call DecryptBytes. The EncryptBytesENC method returns the encrypted bytes as a base64-encoded string. However, DecryptBytes passes the data directly to the decryption process without first decoding from base64, therefore, the data passed to the decryptor is definitely not ASN.1.

Privacy Statement. Copyright 2000-2011 Chilkat Software, Inc. All rights reserved.
Send feedback to

Components for Microsoft Windows XP, 2000, 2003 Server, Vista, Windows 7, and Windows 95/98/NT4.