Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / October 2005

Tip: Looking for answers? Try searching our database.

public and private key pair in Java

Thread view: 
Enable EMail AlertsStart New Thread
solid - 28 Oct 2005 21:13 GMT
Hi, I have the following question:
If I encrypted some text with the public key K, and tried to decrypt it
with a wrong key (i.e. a key which is NOT the corresponding private
key), will I get an exception, or is there is a boolean function to
test whether the right key has been used?
Reply to this Message
Mike Amling - 29 Oct 2005 00:41 GMT
> Hi, I have the following question:
> If I encrypted some text with the public key K, and tried to decrypt it
> with a wrong key (i.e. a key which is NOT the corresponding private
> key), will I get an exception, or is there is a boolean function to
> test whether the right key has been used?

  If the encryption with the public key was done with a proper padding
method, e.g. OAEP, the decryption will fail if you use the wrong private
key.

--Mike Amling
Reply to this Message
solid - 29 Oct 2005 04:53 GMT
By "fail" what do you mean? Exception?
And, is it using Java cryptography API?
Reply to this Message
Tommy Grändefors - 29 Oct 2005 20:05 GMT
Hi,

There's no boolean function available in the JCE framework to tell if
the given private key is the correct one.
If your 'Cipher' instance was correctly initialised, then it will throw
either an 'IllegalBlockSizeException' or a 'BadPaddingException' during
the call of method 'doFinal()' if the wrong key was given (or if the
given encrypted data is invalid). Please note that 'doFinal' might, in
rare occasions, not throw an exception and return garbled data for
unmatched keys, but it depends on the algorithm and padding used. If
you stumble into this situation you'll probably notice it anyway since
you won't be able to interpret the decrypted information.

Regards,
Tommy Grändefors
www.pheox.com

> By "fail" what do you mean? Exception?
> And, is it using Java cryptography API?
Reply to this Message
Mike Amling - 31 Oct 2005 19:18 GMT
> By "fail" what do you mean? Exception?
> And, is it using Java cryptography API?

  You need to know what padding method you used to encrypt "some text
with the public key". I don't know if you're using OAEP, or another good
padding method (e.g. SAEP+), or not. If you used no padding, then you do
not have secure encryption. If you used a good padding method, and you
supply an incorrect private key, you may get an Exception or a null
object, but if you get back some text, it will be your original text.

  The OAEP paper is at http://www-cse.ucsd.edu/users/mihir/papers/oae.pdf.

--Mike Amling
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.