**** this cipher!!!
I first tried public/private keys generated by DSA for assymetric encryption buy using Cipher class. But that didn't work out and ghstark pointed out that sun doesn't support encryption with DSA and adviced me to try out RSA.
So I tried RSA and everything is woking out fine. But now i want to encrypt a key that is created by DH alogrithm. They ofcourse only create keys of size in the multiples of 64 from 512 onwards (duh!!). But this godforsaken RSA algorithm only accepts a maximum data size of 117 for encryption.
So wht do i do now?
Is there any way to break up the key into blocks encrypt each block seperately and then decrypt and reattach all the blocks using the api( just a thought). or is there some other way.
confused and tired
[775 byte] By [
--jubs--a] at [2007-10-2 1:29:37]
Relax.
It seems you are not quite doing things in the "normal" way. You need to understand that there are symmetric crypto algorithms that are good for some things, and asymmetric public key crypto algorithms that are good for others. DSA, DH, and RSA are examples of public key crypto algorithms. You would use these for digital signatures, key generation and key transport. They are extremely inefficient for encrypting data, so they are commonly used to encrypt just a single block of data containing a symmetric key. The symmetric key is then used in its symmetric algorithm to encrypt the rest of the real data.
The Sun crypto provider will let you encrypt and decrypt data with RSA, but that it doesn't support encrypting more than one block. Furthermore, it uses a padding algorithm that uses up 11 bytes for padding, leaving you with k-11 bytes where k is the size in bytes of your RSA modulus. Thus, you modulus must be 128 bytes in size.
Now the DH algorithm is a different kind of public key algorithm. It is typically used in a type of crypto protocol called a key agreement protocol. I don't know why you are trying to encrypt a DH key with RSA. There are times when they might be used in the same protocol sensibly, e.g. IKE.
ok i think i got it...
It should have been done earlier but i had a party to attend to.
What i did was take 112 bytes of the 226 byte DH public key and encrypt it with the RSA public Key. I did the same for the next 112 bytes and so on till i encrypted the entire 226 bytes and appended each encrypted block into an byte array.
For decryption i did the same but I used 128 bytes instead of 112 bytes block and decrypted with the RSA private key.
but i have a problem the resulting decrypted key is appended with zeros because of the encryption algoritm. The only way to get the completely correct key is to use the length of the original DH public key. Is there any way to solve this small problem...
Here is the code hope it helps someone....
plz test it too...
thnks
public byte[] encryptDecrypt(String type,byte[] data,Key secretKey) throws EncryptDecryptException
{
byte cryptedCipherText[] = null ;
BufferedReader read;
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
System.out.println("Provider is-->" + cipher.getProvider().getInfo());
int j = 0;
int k=0;
boolean flag = false;
byte[] bufferedEncryption = null;
if(type.equals("ENCRYPT"))
{
cipher.init(Cipher.ENCRYPT_MODE,secretKey);
j = 112;
k=112;
bufferedEncryption = new byte[k];
}
else
{
cipher.init(Cipher.DECRYPT_MODE,secretKey);
j = 128;
k=128;
bufferedEncryption = new byte[k];
}
int cipherlength = cipher.getOutputSize(data.length);
System.out.println("data size-->" + data.length);
System.out.println("cipher size-->" + cipherlength);
cryptedCipherText= new byte[cipherlength];
ByteArrayOutputStream cryptedTextBuffer = new ByteArrayOutputStream();
int count =0;
int i = 0;
while( i< data.length)
{
System.arraycopy(data,i,bufferedEncryption,0,j);
System.out.println("sizeof bufferedencryption-->"+bufferedEncryption.length);
cryptedCipherText = cipher.doFinal(bufferedEncryption);
count+=cryptedCipherText.length;
System.out.println("Length-->"+count);
cryptedTextBuffer.write(cryptedCipherText);
System.out.println("i-->"+i);
i+=k;
bufferedEncryption = new byte[k];
if(flag == true)
break;
if(i+k > data.length)
{
j = data.length - i;
flag = true;
}
}
cryptedCipherText = cryptedTextBuffer.toByteArray();
//cryptedCipherText = cipher.doFinal(data);
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
//throw new EncryptDecryptException("Invalid Key in encrypt/decrypt");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
//throw new EncryptDecryptException("No such algorithm in encrypt/decrypt");
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
//throw new EncryptDecryptException("No such padding in encrypt/decrypt");
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return cryptedCipherText;
}
}
just give the inputs as "ENCRYPT"/"DECRYPT", your data and the public key for encryption and privatekey for decryption.
> OK, you need to authenticate the key exchange and you
> want to use RSA to do this. Sounds similar to what is
> done in IKE. You should examine
> http://www.ietf.org/internet-drafts/draft-ietf-ipsec-i
> kev2-17.txt for ideas; look at the section "2.15
> Authentication of the IKE_SA". Also, look at the
> DHE_RSA ciphersuites in TLS
> http://www.ietf.org/rfc/rfc2246.txt.
>
> I would think signing the DH keys is cleaner and
> faster than trying to encrypt them. You can also
> include other protocol data in your signature.
hmmm... Signing them is good idea. thanks for the hint.
Also thanks for the links
much appreciated.
thnks
