Non-matching values for modulus and p*q in RSA encryption
回答
The problem is that reversing the arrays is not enough. Because they are unsigned they also require padding depending on the value at the end of the array.
If the value at the end of the array is >= 128 the high bit of that value is set and the byte[] constructor for BigInteger interprets this as a negative sign. Tacking on a 0 in this case prevents this.
public static BigInteger FromBigEndian(byte[] p)
{
var q = p.Reverse();
return new BigInteger((p[0] < 128 ? q : q.Concat(new byte[] { 0 })).ToArray());
}
Convert parameters as follows instead
byte[] p = rsaparams.P;
BigInteger primeP = FromBigEndian(p);