I am trying to encript a string in an Android app with a public key that I get from my php server.
php server code:
$res = openssl_pkey_new();
openssl_pkey_export($res, $privKey);
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];
echo $pubKey;
The server create correctly the key. In my app I store the public key in "response" variable. This var is like:
response = "-----BEGIN PUBLIC KEY-----MIIB... etc ...wIDAQAB-----END PUBLIC KEY-----"
Android code:
String pass = "password";
String strEncryInfoData="";
try {
KeyFactory keyFac = KeyFactory.getInstance("RSA");
KeySpec keySpec = new X509EncodedKeySpec(Base64.decode(response.trim().getBytes(), Base64.DEFAULT));
Key publicKey = keyFac.generatePublic(keySpec);
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] cipherText = cipher.doFinal(pass.getBytes());
strEncryInfoData = new String(Base64.encode(cipherText,Base64.DEFAULT));
} catch (Exception e){
}
When I run the application, appear this error:
java.security.spec.InvalidKeySpecException: java.lang.RuntimeException: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
I don't know why the code doesn't encript the password. Any idea? It is about the encode type?
Thanks.
Try removing the BEGIN header and END footer and all the newlines, then you get the Base64 encoded DER which you need to decode and pass to the X509EncodedKeySpec constructor. Here's some code:
response = response.replaceAll("(-+BEGIN PUBLIC KEY-+\\r?\\n|-+END PUBLIC KEY-+\\r?\\n?)", "");
response = response.replace("\n", "").replace("\r", "");
// Use Base64.NO_WRAP because: https://stackoverflow.com/questions/32935783/java-different-results-when-decoding-base64-string-with-java-util-base64-vs-and/32935972
byte[] responseBytes = Base64.decode(response, Base64.NO_WRAP);
KeySpec keySpec = new X509EncodedKeySpec(responseBytes);
Related
I've exported an AWS certificate using the methods described in this tutorial:
https://docs.aws.amazon.com/acm/latest/userguide/sdk-export.html
But I want to decrypt the password encrypted private key in order to use it in my program. I wrote the following code to do that:
String private_key = "<encrypted private key of the form -----BEGIN ENCRYPTED PRIVATE KEY----->"
String passwd = "password used to export the key"
try{
EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(private_key.getBytes());
Cipher cipher = Cipher.getInstance(encryptPKInfo.getAlgName());
PBEKeySpec pbeKeySpec = new PBEKeySpec(passwd.toCharArray());
SecretKeyFactory secFac = SecretKeyFactory.getInstance(encryptPKInfo.getAlgName());
Key pbeKey = secFac.generateSecret(pbeKeySpec);
AlgorithmParameters algParams = encryptPKInfo.getAlgParameters();
cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(pkcs8KeySpec);
}
catch(Exception e){
e.printStackTrace();
}
But this code throws:
java.io.IOException: extra data given to DerValue constructor
Any suggestions what I'm missing here?
I am trying to integrate an API where I have to send the data in RSA encrypted and BASE64 encoded form. In response I get a BASE64 String which is supposed to be decoded and decrypted at my end. I am able to send the data in encrypted and encoded form. Also I am getting the response BASE64 String but I am NOT ABLE TO DECRYPT the string. In my decryption I am getting following error:
Exception in thread "main" java.lang.RuntimeException: javax.crypto.BadPaddingException: Decryption error
I have used following for encryption:
String result=new Gson().toJson(parameters);
byte[] cleartext = result.getBytes("UTF-8");
PublicKey publicKey=readPublicKey(path);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] ciphertext=cipher.doFinal(cleartext);
String securePayload = Base64.getEncoder().encodeToString(ciphertext);
Parameters is a (String,String) map and I have put the parameters in it that are required to POST in the API. After encryption I am sending "securePayload" in POST request and in response I am getting a BASE64 encoded string which I am supposed to decode and decrypt.
For decryption I am using following code:
public static String getDecrypted(String data, PrivateKey key) {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] dataArray=Base64.getDecoder().decode(data);
byte[] decryptedbytes = cipher.doFinal(dataArray);
return new String(decryptedbytes);
}
Above function I am using in following code to decrypt the String "data" which I am getting in API response:
PrivateKey pvtKey= readFromPrivateKey("C:\\Users\\Administrator\\Desktop\\myPrivateKey.key");
String result=getDecrypted(data, pvtKey);
To read the private key I have used following code:
public static PrivateKey readFromPrivateKey(String path) {
String privateKeyContent = new String(Files.readAllBytes(Paths.get(path)));
privateKeyContent = privateKeyContent.replaceAll(System.lineSeparator(), "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", "");
System.out.println(privateKeyContent);
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));
PrivateKey privKey = kf.generatePrivate(keySpecPKCS8);
return privKey;
}
Please help in the same. What wrong am I doing? I have checked that the Public and Private key pair used at my end is correct.
I'm trying to encrypt data in my C# client with public RSA key from the Java server. To do this I generated KeyPair in Java
KeyPairGenerator.java
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
KeyPair kp = kpg.generateKeyPair();
Key pub = kp.getPublic();
Key pvt = kp.getPrivate();
String outFile = "rsa_key";
FileOutputStream outPvt = new FileOutputStream(outFile + ".key");
outPvt.write(pvt.getEncoded());
outPvt.close();
FileOutputStream outPub = new FileOutputStream(outFile + ".pub");
outPub.write(pub.getEncoded());
outPub.close();
It gave me two files (rsa_key.key and rsa_key.pub) and then I encoded public key with Base64 so C# could read it:
PublicKeyBase64.java
String keyFile2 = "rsa_key.pub";
Path path2 = Paths.get(keyFile2);
byte[] bytes2 = Files.readAllBytes(path2);
X509EncodedKeySpec ks2 = new X509EncodedKeySpec(bytes2);
KeyFactory kf2 = KeyFactory.getInstance("RSA");
PublicKey pub = kf2.generatePublic(ks2);
Base64.Encoder encoder = Base64.getEncoder();
String outFile = "en_rsa_key";
Writer out = new FileWriter(outFile + ".pub");
out.write(encoder.encodeToString(pub.getEncoded()));
out.close();
Then I created my C# class to encrypt data
Encrypter.cs
class Encrypter
{
private const string PATH = "..\\..\\key\\en_rsa_key.pub";
private string PublicKey;
public Encrypter()
{
PublicKey = File.ReadAllText(PATH);
Console.WriteLine(PublicKey.Length);
}
public string encryptData(string dataToEncrypt)
{
Asn1Object obj = Asn1Object.FromByteArray(Convert.FromBase64String(PublicKey));
DerSequence publicKeySequence = (DerSequence)obj;
DerBitString encodedPublicKey = (DerBitString)publicKeySequence[1];
DerSequence publicKey = (DerSequence)Asn1Object.FromByteArray(encodedPublicKey.GetBytes());
DerInteger modulus = (DerInteger)publicKey[0];
DerInteger exponent = (DerInteger)publicKey[1];
RsaKeyParameters keyParameters = new RsaKeyParameters(false, modulus.PositiveValue, exponent.PositiveValue);
RSAParameters parameters = DotNetUtilities.ToRSAParameters(keyParameters);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(parameters);
//Console.WriteLine(dataToEncrypt);
byte[] encryptedData = rsa.Encrypt(Encoding.UTF8.GetBytes(dataToEncrypt), true);
//Console.WriteLine(Convert.ToBase64String(encryptedData));
return Convert.ToBase64String(encryptedData);
}
}
And at last my Decrypter class
public class Decrypter {
private static final String PATH = "I:\\rsa_key.key";
private File privateKeyFile = new File(PATH);
private RSAPrivateKey privateKey;
public Decrypter() throws Exception {
DataInputStream dis = new DataInputStream(new FileInputStream(privateKeyFile));
byte[] privateKeyBytes = new byte[(int)privateKeyFile.length()];
dis.read(privateKeyBytes);
dis.close();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privateKeyBytes);
privateKey = (RSAPrivateKey) keyFactory.generatePrivate(privSpec);
}
public String decrypt(String data) throws Exception{
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return new String(cipher.doFinal(data.getBytes()));
}
}
I send encrypted data in C# via WebSocket and receive it without any problem because data while sending and receiving is the same. The problem is that data length is 344 characters (bytes) so when I decrypt my data it shows me and error: javax.crypto.IllegalBlockSizeException: Data must not be longer than 245 bytes
I'm using 2048 bit key so it's 256B - 11B for padding that's why it's 245B. But the problem is that it always generates 344B and it doesn't depend on message to encode length. For example encoding "A" gives 344B and "Hello world" also 344B.
In this topic people say to use symmetric key, Encrypt the data with the symmetric key and then Encrypt the symmetric key with rsa. But it won't help because any encrypted string in my code has 344B size, so I won't be able to decrypt encrypted symmetric key.
What's wrong with my code?
So I am trying to connect to a website service (Steam) which requires the program to have a Base64 encrypted key which contains the password of the account which I am trying to logon to. I have the RSA key but am having a little difficulty encrypting it with the password. Here is my code:
if(jsonObject.getBoolean("success")){
String timeStamp = jsonObject.getString("timestamp");
String publickey_mod = jsonObject.getString("publickey_mod");
String keyexp = jsonObject.getString("publickey_exp");
String modulus_preHex = new BigInteger(1, publickey_mod.getBytes("UTF-8")).toString(16);
String exponent_preHex = new BigInteger(1, keyexp.getBytes("UTF-8")).toString(16);
BigInteger modulus_post = new BigInteger(modulus_preHex);
BigInteger exponent_post = new BigInteger(exponent_preHex);
PublicKey key = getEncrpytedKey(modulus_post, exponent_post);
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] passArray = pass.getBytes("UTF-8");
String encode = Base64.encodeBase64(cipher.doFinal(passArray)).toString();
System.out.println(encode + " - encode");
}
This takes place after a successful POST to the URL where I retrieve the RSAKEY (publickey_mod) and when it expires (keyexp). After ciphering the PublicKey I Base64 encode the string.
public PublicKey getEncrpytedKey(BigInteger m, BigInteger e) throws Exception{
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(m, e);
KeyFactory fact = KeyFactory.getInstance("RSA");
PublicKey pubKey = fact.generatePublic(keySpec);
return pubKey;
}
^^^The method seen being used to get the PublicKey.
When I run this program, the 'encode' String does not change, even when I change the password that is it running with, it is currently:
String encode = [B#32d992b2
When the RSAKey is AB8AA7A6C2513D3CFFCA147F64E7B9C5400CCE5B36D3F881387659A51701D76BB383C1E50F52EF8DE28AD20F6257B8E0013720E4704F6ABDBCC19E477BD58C534A93895408157BE7874152A0153499773BC3AE4E536543A74341D58F7EA9CF74487C9560625BACE2315FB0983BD9E78BD812AE7DDC356427CC7626DCB8D25900658FE5E309D35BF794445F6EF9279882699E1CCBEE2F4193BA2634D0F7B24CFD7EC6A2AA8B35A48969C43DBF759095FCBD087C4D2D8123F598A4F43AECE0CE4E8FA536ECD84782092A329DF96FF88A25677AA386669B4ACAA41D7B6AAD456307357C70E25FD027970F5F0CF952894A065A37BA1BD2222A3AC2CD8FB69632560F
Note that I am not really well versed with encryption, as this is one of my first times trying it out.
Thanks for any help,
Tim
NOTE: I am using org.apache.commons.codec.binary.Base64; for Base64.
Base64.encodeBase64 returns a byte array so what you want is
encode = new String (Base64.encodeBase64(cipher.doFinal(passArray));
I have RSA Public-Key on server side in below format:
<string xmlns="http://www.cherripik.com/">
<RSAKeyValue><Modulus>abc</Modulus><Exponent>abc</Exponent></RSAKeyValue>
</string>
I have tried almost all possible ways but could not able to encrypt string with this public key on android side. Could anyone give me an example in which i will encrypt any of the string like "abc" with this public key and also decrypt that encrypted key to back to "abc". It will be very helpful to me.
Advance Thanks.
Below are the ways which i have used but no success. It gave some value but it is not correct.
public String encrypt(String message, String Modulus, String Exponent) {
String outputEncrypted = "";
try {
byte[] modulusBytes = Base64Coder.decode(Modulus);
byte[] exponentBytes = Base64Coder.decode(Exponent);
BigInteger modulus = new BigInteger(modulusBytes );
BigInteger exponent = new BigInteger(exponentBytes);
RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent);
KeyFactory fact = KeyFactory.getInstance("RSA");
PublicKey pubKey = fact.generatePublic(rsaPubKey);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] plainBytes = new String("abc").getBytes("UTF-8");
byte[] cipherData = cipher.doFinal( plainBytes );
String encryptedString = new String(Base64Coder.encode(cipherData));
Log.i(this.getClass().getSimpleName(), "encryptedString : "+encryptedString);
} catch (Exception e) {
// TODO: handle exception
}
return outputEncrypted;
}
One more thing when I create encrypted string with above method. It will give 346 characters encrypted string. But on my server, I have only encrypt and decrypt method. On server encrypt method, it will producing 344 character. Lastly when I put my encrypted string to server method to verify that my encrypted string is correct. Server throw this error.
<string xmlns="http://www.Myserver.com/">Error occurred while decoding OAEP padding.</string>