 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / June 2005Encrypt/Decrypt String with RSA and X509Certificate
Hi, I've 2 files : CA.cert (X509 certificate) and CA.key (contains private key) I want to encrypt a string "secret message" with the public key of the certificate and decrypt this string with the private key. I think encryption is ok, but I can't import the private key from the file. Here is my code: -------------------------------------------------------------------- [...] InputStream inStream = new FileInputStream("./CA.crt"); //The X509 certificate CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); inStream.close(); RSAPublicKey rsaPublicKey = (RSAPublicKey)cert.getPublicKey(); BouncyCastleProvider bcp = new BouncyCastleProvider(); Security.addProvider(bcp); Cipher encryptCipher = Cipher.getInstance("RSA", bcp); encryptCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey); String message = "secret message"; byte[] messageACrypter = message.getBytes(); byte[] messageCrypte = encryptCipher.doFinal(messageACrypter); System.out.println("\nSource : "+message); System.out.println("Source crypted: "+new String(messageCrypte)+"\n"); File keyFile = new File("./CA.key"); DataInputStream in = new DataInputStream(new FileInputStream(keyFile)); byte [] fileBytes = new byte[(int) keyFile.length()]; in.readFully(fileBytes); in.close(); KeyFactory kf = KeyFactory.getInstance("RSA"); KeySpec ks = new X509EncodedKeySpec(fileBytes); RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)kf.generatePrivate(ks); Cipher decryptCipher = Cipher.getInstance("RSA", bcp); decryptCipher.init(Cipher.DECRYPT_MODE,rsaPrivateKey); byte[] messageDecrypte = decryptCipher.doFinal(messageCrypte); System.out.println("Source decrypted: "+new String(messageDecrypte)+"\n"); [...] ------------------------------------------------------------- I've an error : java.security.spec.InvalidKeySpecException: Key spec not RSA. How to correct this? Thanks a lot. I forgot : the private key is protected with a passphrase.... You must unprotect your private key before you can import it. If you have generated your key through openssl, then you can transform your private key to an unprotected DER encoded PKCS#8 key by executing: openssl pkcs8 -nocrypt -topk8 -inform PEM -outform DER -in CA.key -out CA.key.pkcs8 Then it can be successfully imported with your code (if you use the PKCS8EncodedKeySpec). Regards, Tommy www.pheox.com > I forgot : the private key is protected with a passphrase.... Hi, The X509EncodedKeySpec is used for generating public keys. Use the PKCS8EncodedKeySpec instead and make sure that the private key in your file is DER (binary) encoded according to the PKCS#8 format. If the key is base64 encoded (ASCII) then you can convert it to binary by using Sun's "unsupported" converter class sun.misc.BASE64Decoder. Hope it solves your problem. If not, you have to supply more informaetion regarding the format of your private key file. Regards, Tommy www.pheox.com > Hi, > I've 2 files : CA.cert (X509 certificate) and CA.key (contains private [quoted text clipped - 49 lines] > How to correct this? > Thanks a lot. Here is some sample code using PKCS8EncodedKeySpec: http://www.jensign.com/JavaScience/PEM/RSAPVK8.java Also, there are a number of the standard PrivateKeyInfo spec (as exported by Java) to Microsoft/Windows PRIVATEKEYBLOB format converter utilities here: http://www.jensign.com/JavaScience/cryptoutils - Mitch Gallant JavaScience Consulting www.jensign.com Hi, The X509EncodedKeySpec is used for generating public keys. Use the PKCS8EncodedKeySpec instead and make sure that the private key in your file is DER (binary) encoded according to the PKCS#8 format. If the key is base64 encoded (ASCII) then you can convert it to binary by using Sun's "unsupported" converter class sun.misc.BASE64Decoder. Hope it solves your problem. If not, you have to supply more informaetion regarding the format of your private key file. Regards, Tommy www.pheox.com Benoît wrote: > Hi, > I've 2 files : CA.cert (X509 certificate) and CA.key (contains private [quoted text clipped - 50 lines] > How to correct this? > Thanks a lot. Thanks for your informations... I will certainly use them Bye Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.