Home.... | log in.... | Pub my question! | Sign-up....

Session key can not help in RSA?

Hello, I used session key (des) in RSA public key encryption, but it still have the same problem, and the code here, anybody help,,please. thanks very much

//prepare for encryption

ecipherDES = Cipher.getInstance("des");

ecipherDES.init(Cipher.ENCRYPT_MODE, sessionKey);

so1 =new SealedObject(si, ecipherDES);

// prepare encryption

ecipherRSA = Cipher.getInstance("RSA");

ecipherRSA.init(Cipher.ENCRYPT_MODE, pair.getPublic());

so2 =new SealedObject(sessionKey, ecipherRSA);

[710 byte] By [easona] at [2007-10-3 3:08:52]

«« Netbeans + Tomcat = port 8084 is already in use (but its not)
»» How to check java instance in solaris

# 1

What is the 'same problem'?

ejpa at 2007-7-14 20:59:26 >

top of Java-index,Security,Cryptography...

# 2

> What is the 'same problem'? http://forum.java.sun.com/thread.jspa?threadID=761541&tstart=0

sabre150a at 2007-7-14 20:59:26 >

# 3

Well he seems to have the solution back to front. I thought 'RSA encrypted session key' was pretty clear.The comprehension levels on these forums seem to have taken a dramatic slide over the last four days even compared to what we had before, and I'm losing interest rapidly.

ejpa at 2007-7-14 20:59:26 >

# 4

> Hello, I used session key (des) in RSA public key

> encryption, but it still have the same problem, and

> the code here, anybody help,,please. thanks very

> much

> > //prepare for encryption

> ipherDES = Cipher.getInstance("des");

> ecipherDES.init(Cipher.ENCRYPT_MODE,

> E, sessionKey);

>so1 = new SealedObject(si, ecipherDES);

> // prepare encryption

> ipherRSA = Cipher.getInstance("RSA");

> ecipherRSA.init(Cipher.ENCRYPT_MODE,

> E, pair.getPublic());

> so2 = new SealedObject(sessionKey, ecipherRSA);

> ;

Rather than RSA the whole DES SecretKey (this takes with it a whole load of baggage you don't need) you should RSA just the bytes (secretKey.getEncoded()) of the session key. You can then reconstruct the DES SecretKey from the bytes extracted from the sealed object.

SecretKey key = new SecretKeySpec(sessionKeyBytes, "DES");

P.S. Though this ue of sealed objects seems an easy approach I don't like it because the result cannot (easily) be decrypted outside of Java.

sabre150a at 2007-7-14 20:59:26 >

# 5

> Well he seems to have the solution back to front. I

> thought 'RSA encrypted session key' was pretty

> clear.

The OP is actually using RSA to encrypt the session key but using a sealed object. Something I have never done but apart from the obvious problem he has (which I hope I have addressed) and the fact I try not to restrict my solutions to being Java specific the approach is not unreasonable.

> The comprehension levels on these forums seem to have

> taken a dramatic slide over the last four days even

> compared to what we had before, and I'm losing

> interest rapidly.

:-) I agree and I am now trying to be very selective! The problem I am having with this forum is that the problem posters do not seem to want to understand what they are doing.

Have you looked at reply 30 of http://forum.java.sun.com/thread.jspa?threadID=636835&tstart=0

Message was edited by:

sabre150

sabre150a at 2007-7-14 20:59:26 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Session key can not help in RSA?

Security New Topic

Security Hot Topic

Security

All Classified