Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 days ago.
The community reviewed whether to reopen this question 6 days ago and left it closed:
Original close reason(s) were not resolved
Improve this question
Question on public/private key asymmetric encryption, hypothetical with some code. So let's say in our Java code, use asymetric crypto, public key and private key encryption.
So let's say we have a server side API...let's call it, stringEncrypterDecrypter and it will encrypt or decrypt some random string.
abc123.
On the API Side:
So we normally would do:
base64Encode(encrypt(abc123))
Here we would use the private key, because it is available for encryption.
And we could also decrypt data come from the client side:
encrypt(base64Decode(YWJjMTIz))
Here we could also use the private key..because we have it.
And the public key and private key are embedded in the java JKS file on the API side.For the consumer side.
Here is the question...
For the consumer of the API to send and receive, encrypt and decrypt into that same API, wouldn't the client consumer also have to have the same public and private key.
Let's say the private key for the API is on server 1 at our company site 1.
And the same private key for the client is on server 2 at our company site 2.
That is ok to share as the private key is shared within the company? Normally with this type of encryption, I thought you wouldn't ever share private keys...between the two servers? Now let's say the client is at server 3 at external company site 3, in that case...would you create both public key and private key, save the private key at external company site 3 and share the public key between the the server side API and client?
Code would be this, also saving the data in the JKS file.
Note the keys are at public and private keys could be at separate locations. But could possibly be shared.
Code:
this.cipher = Cipher.getInstance(RSA);
this.cipher.init(Cipher.ENCRYPT_MODE, key);
return Base64.encodeBase64String(cipher.doFinal(msg.getBytes(UTF8)));
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 months ago.
Improve this question
On RSA cryptographic algorithm, the private key is used to decrypt and public key is used to encrypt data. however I'd like an algorithm to:
Generate private key based on specific data so we can recover it
later
Generate public key based on private key
Encrypt data using private key
Decrypt data using public key
What algorithms should I use and is there a java implementation for this?
Step 1 is probably a bad idea unless your seed data has at least as much entropy as the private key. But then, it is equally difficult to store/remember than the private key itself.
Are you sure you are looking for encryption? Your steps 3 and 4 look more like you actually want a signature.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I am using bouncy castle libraries for generating a Certificate signing request, but instead of the keypair generator function provided by them, I am using a public key which I have generated knowing the modulus and exponent. Now I want to just hash the details and send to another server which has the private key to sign it. The private key wont leave that server.
Is it possible to do so in bouncy castle or any other libraries?
I have checked that bouncy castle hashes and signs the CSR together in on command, is it possible to separate these two commands?
This is the public key generation with known modulus and exponent
This is the createCSR function making the csr from the user details
This is the fun called which returns a string to the X500 principle function
Generally, no, at least not without hacking.
In principle it is of course possible to do this. For instance, you could simply send over a structure using CertificationRequestInfo :
https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
This is basically the CSR without signature. You could then lift the signing procedure from Bouncy Castle and implement that part. However, that's not a structure that has been standardized to be used alone, so by default software won't know how to process it. Generally the CSR is always generated where the private key is located.
There are of course other options (or hacks):
implement a CSR creation service at the location of the private key;
sign the request with a temporary key, replace the public key of the CSR and re-sign the request at the location of the private key.
Of course, the problem with those options is that you would still need to do significant work at the location of the private key, which probably makes them next to useless.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have a Web API project made with .net core, I'm using IdentityCore for the user password sign up and log in. However, I need to migrate the API to Java. How can I do it without losing all my user data, is there any way to replicate the algorithm that IdentityCore uses?
Your data are saved in a database when you are using .net core Identity: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/customize-identity-model?view=aspnetcore-3.1
So if you have correctly setup the IdentityCore authorization in your api, then there should be a connection string somewhere in your config like this:
{
"ConnectionStrings": {
"DefaultConnection": "Server=(localdb)\\MSSQLLocalDB;Database= IdentityDB;Trusted_Connection=True;MultipleActiveResultSets=true"
}
}
You can follow it, extract the tables and the data and you are set.
The source code can be found here: https://github.com/aspnet/Identity
The hashing algorithms: https://andrewlock.net/exploring-the-asp-net-core-identity-passwordhasher/
ASP.NET Identity Version 2: PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations
ASP.NET Core Identity Version 3: PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I have a requirement to encrypt a string in java using AES algorithm and to decrypt the data in PHP. I have searched SO but I dint get any exact answer.
In some posts, they used Padding. And also they spoke about the key size.
But, I don't have any idea about the key size and what padding I should use.
So please help me by posting some sample code and explanations to understand better.
Thanks in advance!!
The key size is not important, any of the available sizes are secure.
AES is a block cipher, that means that input must be a multiple of the block size: 16-bytes. Unless the input is always a multiple of the block size padding will be required.
The standard padding for AES is PKCS#7 (sometimes stated PKCS#5). The problem is PHP and the usual mcrypt library used, it does not support PKCS#7 padding, only null padding and can not be used with binary data. The bozo maintainers refuse to add PKCS#7 padding. You will have to add your own PKCS#7 padding support if you use mcrypt, it is not hard, generally three lines of code.
But there are more issues. The encryption mode and CBC mode requires an iv which should be random data. Authentication to determine if the decrypted data is correct. The key should not be a string, if it is it should be used to derive a key with a function such as PBKDF2.
I suggest using RNCryptor which is available for Java, php and many other languages. It provided all the necessary elements to create secure encryption including: AES-256 encryption,CBC mode, password stretching with PBKDF2, password salting, random IV, encrypt-then-hash HMAC authentication, and versioning.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
I want to find the RSA code in both Javascript and Java code. And they can return the same result in encrypt and decrypt.
My purpose is: I can encrypt a message in the user's browser using Javascript (with the public key). After I can decrypt that message in my server (with private key).
I found on internet but Javascript and Java return difference result: if I encrypt using Javascript, I cannot decrypt using Java.
This is not a good idea.
RSA public key encryption is suitable for encrypting a session key, not the entire message. It's too slow and it's susceptible to a man-in-the-middle attack when used directly.
Just use SSL and be done with it.
I am curious why the javascript and java had different results, as RSA isn't platform dependent, but, converting the key to a byte array can differ, so that could be your difficulty.
If you are encrypting a password then it may make sense to use RSA, as the number of bytes that can be encrypted/decrypted is related to the length of the key.
Where you found the source code for Java and Javascript would be useful to see, or at least to know how the keys were turned into byte arrays, and then the private or public keys were created from those.
Here is a simple RSA algorithm for Javascript (numbers only); you can easily convert it to Java by following the source code of the page:
http://www.alporal.com/rsa.htm