Currently i use the encryption instance in Java like this:
Cipher cipher = Cipher.getInstance("RSA");
But i cannot decrypt my encrypted message in OpenSSL where i want to use RSA_PKCS1_OAEP_PADDING.
What do i need to add to the "RSA" to be able to use the RSA_PKCS1_OAEP_PADDING?
Please help
Have you tried using "RSA/NONE/OAEPPadding" in getInstance()?
Otherwise, take a look at Java Cryptography Architecture Standard Algorithm Name Documentation to find a list of possible parameters.
Related
I have encrypted the string in PHP using AES-256-ECB.
$sString = "test"
$sEncryptionMethod = "AES-256-ECB";
$sEncryptionKey = "mysecretkey";
openssl_encrypt($sString, $sEncryptionMethod, $sEncryptionKey)
I would like to decrypt the same using Java/Scala?
String secret = "mysecretkey";
SecretKeySpec skeySpec = new SecretKeySpec(encKey.getBytes("UTF-8"), "AES");
byte[] decodedValue = Base64.getDecoder.decode(token);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
int decryptMode = Cipher.DECRYPT_MODE;
cipher.init(decryptMode, skeySpec);
new String(cipher.doFinal(decodedValue));
I am seeing the following error? how can we decrypt the same using Java?
Note: (decryption in PHP is working as expected) but I want to do this in Java
Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
The key has to be exactly 256 bit long. Clearly the PHP side is doing some unspecified magic voodoo to "mysecretkey" to obtain a 256 bit key. Java does not, as a rule, engage in 'the user does not appear to know what they are doing, eh, I'll take a wild stab in the dark', like PHP does, which is the problem here.
Figure out how "mysecretkey" is turned into a 256-bit key, and replicate that in java.
NB: ECB is extremely insecure. It sounds like you don't know enough about encryption to have any hope of producing an application that is actually hard to trivially break.
NB2: Note that the PHP documentation itself strongly suggests that 'key' should be some cryptographically derived secure source of 256 bits. The fact that openssl_encrypt actually gives you an answer when you provide a broken key is somewhat eyebrow raising. See the various comments at the PHP manual on openssl_encrypt which clearly highlight some weirdness is going on there but none are clear enough to actually explain what PHP is doing here.
I have to decrypt string in PHP, which is being generated from Java class. And I am not able to understand what exactly is being done in that class. Java class used for encryption-decryption
Can someone suggest me the equivalent code or process to decrypt the encrypted string.
that Java class seems to do a DES encryption.
In PHP you can do:
$result=mcrypt_decrypt ( "MCRYPT_DES" , $key , $data , $mode);
The $key and $mode variables are information you should know, $data is the input encrypted string. You may want to try MCRYPT_3DES if the other one doesn't work.
Well, if even you don't seem to know, which encryption algorithm is used, it's hard for us to help you. I'm not familiar with the code and the classes which are used there but it seems that DES is used (no shit) in a weird combination with Base64. Search for DES decryption with PHP, also PHP has functions for handling Base64-String.
You can also search for what SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec); does.
The code you linked generates an encryption key using a salt, passphrase and the number of md5 iterations.
With the encryption key you can encrypt / decrypt.
A couple of years ago I implemented a php version of the used algorithm PBEWithMD5AndDES: https://github.com/kevinsandow/PBEWithMD5AndDES
Is there any difference/benefits/draw backs from using Cipher.ENCRYPT_MODE
to encrypt a Secret Key for transmission over using Cipher.WRAP_MODE?
My understanding is that I still need to have a second, possibly less secret key to either wrap/encrypt and unwrap/decrypt the Secret Key
And if i use CBC Mode... i need to supply the unique IV for both as well....
so whats the difference/point of WRAP and UNWRAP?
BTW.. I'm using AES Encryption
Thanks
Check this: http://flylib.com/books/en/1.274.1.29/1/ It's explanation of what Cipher.WRAP_MODE and Cipher.UNWRAP_MODE does and how it differs from doing it on your own.
I am trying to decrypt an encrypted message that is encrypted in a Ruby web app using the encrypted_strings RubyGem library.
The encryption client code looks like this:
cipher = EncryptedStrings::SymmetricCipher.new(:passphrase => "abcdefgh"*2)
cipher.encrypt("howdy")
=> "jEUQrH58Ulk=\n"
The default symmetric cipher algorithm appears to be DES-EDE3-CBC (although the documentation for the RubyGem disagrees, but I will go with what the code says). So on the Java side I tried the following which I found online as an example of DES-EDE3-CBC usage of the Java Cryptography API:
import javax.crypto.spec.DESedeKeySpec
import javax.crypto.spec.IvParameterSpec
import javax.crypto.Cipher
import javax.crypto.SecretKeyFactory
...
DESedeKeySpec k;
Cipher c;
...
k = new DESedeKeySpec("abcdefghabcdefgh".getBytes());
c = Cipher.getInstance("DESede/CBC/PKCS5Padding");
c.init(Cipher.DECRYPT_MODE, k);
decrypted = c.doFinal("jEUQrH58Ulk=\n".getBytes());
When I do this on the Java side I get the following:
Wrong key size
I also tried using the Java Crypto API with an initialization vector but didn't know what I should set the bytes to since I am not doing this on the Ruby side via the encrypted_strings library and it appears to be set in the C code interfacing with OpenSSL.
Any pointers would be much appreciated.
I am using the bouncy castle JCA provider. I also tried DES/ECB/PKCS5Padding (which corresponds with the documented default algorithm in the RubyGems documentation eventhough the code appeared to be referencing the previously mentioned algorithm, DES-EDE3-CBC).
I have tried reading around the Java crypto API, but the documents all seem to have the same code samples and not very many new clues. My sources include:
http://www.angelfire.com/tx4/cus/notes/javaxcrypto.html
http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
I'll post it as an answer. With DESede you can use either 192 bit DES ABC keys or 128 bit ABA keys. Many versions of Java only accept 192 bit (24 byte) DES ABC keys. DES ABA keys is where the first and last key of the encrypt, decrypt, encrypt (EDE) operation is the same; in other words, it's the same as DESede with ABC, where C=A.
So to create such a key, you can copy the first 8 bytes (in your case 8 ASCII characters - using characters directly as key is wrong) of your key and concatenate them at the end. This would result in "abcdefghabcdefghabcdefgh".getBytes("ASCII"). Note that you should always indicate the character encoding, as the platform might as well use UTF-16 as default character encoding, resulting in a key of double the size.
I'm wondering how I should approach a homework assignment.
I must develop a simple server and client in Java, which I have done. Next, I must encrypt the traffic between this server and client by using RSA with the following given keys.
Client Public Key: (5, 10142789312725007)
Client Private Key: (8114231289041741, 10142789312725007)
Server Public Key: (5, 10142701089716483)
Server Private Key: (6085620532976717, 10142701089716483)
Does Java have built-in functionality that will allow me to do this easily?
Thanks!
Yes, Java has built-in support for RSA that would let you do this easily.
It also has support for arbitrary-precision integers, including a modPow operation that make it pretty easy for you to implement RSA encryption yourself.
Honestly, simply implementing RSA using BigInteger is probably easier than learning enough about the Java Cryptography Architecture to use the built-in RSA implementation.
Here are some links that might help:
A Java implementation of RSA
Java Class - RSA Implementation
Generate an N-bit public and private
RSA key and use to encrypt and decrypt
a random message.
Using RSA encryption with Java - tutorial
You should be able to use the Java Cryptographic Extension that comes with Java.
For making the given numbers an RSA key convert them to BigInteger and "feed" them into a RSAPrivateKeySpec resp. RSAPublicKeySpec.
Using a KeyFactory you can then make the *Spec to regular Public and private keys that can be used with all cryptographic functions within Java.