f



RSA cipher keeps giving error BadPaddingException: Message is larger than modulus

I'm trying to encrypt a byte array using a public key I get from a
network stream. The problem is that that the cipher keeps giving me an
error:

"BadPaddingException: Message is larger than modulus"

here is the code:

_rsaKey is a byte array (size 128)
temp is a zero filled byte array (size)
======================================================
kfac = KeyFactory.getInstance("RSA")
modulus = BigInteger(self._rsaKey)
kspec1 = RSAPublicKeySpec(modulus, RSAKeyGenParameterSpec.F4)
publicKey = kfac.generatePublic(kspec1)

rsaCipher = Cipher.getInstance("RSA/ECB/nopadding")
rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey)
rsaEncryptedData = rsaCipher.doFinal(temp,0x00,0x80)
======================================================

everything goes well up until rsaCipher.doFinal(temp,0x00,0x80)
which throws the exception mentioned above

sometimes i get the exception, sometimes i don't. don't know whats
wrong.

example data values that threw that exception:

==============================================
_rsaKey: array('b',[-111, 56, 32, -77, 103, -86, -102, -89, 20, -74,
70, -116, 8
1, -107, -118, -67, -11, 120, 100, 17, -6, -21, -34, -1, 80, 46, -28,
-90, -42,
-2, -113, -61, -43, 30, 34, -35, -4, -8, 75, 98, -82, 23, -16, -19,
87, 56, -89,
 -89, 95, 57, -47, -70, 40, -126, -17, 106, -81, 62, 76, -79, 6, -37,
54, -64, -
3, 75, 79, -92, 115, -97, 96, 40, 16, -90, -31, 101, 102, 88, 78, -47,
21, -90,
50, -12, 112, -54, -78, -38, 17, -108, -60, 96, 123, 74, 87, -46, -44,
63, -19,
-62, 89, 48, -14, -35, 81, 76, 96, 82, 105, -112, -91, 30, -34, -3,
96, 96, 104,
 -97, 120, -86, 17, -127, -86, 120, 63, -23, -45, 67])

modulus:
-73073110056286640340097954246863433406112399401091916201456987043760182047884172
921300903878547695582385476703704119802885172774202508430737971758333982209240166
114559892444958685053471229837771943027402558952284852854396505019440462809471970
625231422840483143051964274679306161359974365557628502797717641392

temp:
array('b',[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0,
 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0
, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0])
0
the.ech0 (11)
4/14/2009 6:47:48 AM
comp.lang.java.programmer 52711 articles. 1 followers. Post Follow

1 Replies
7860 Views

Similar Articles

[PageSpeed] 15

According to ech0  <the.ech0@gmail.com>:
> _rsaKey is a byte array (size 128)
> temp is a zero filled byte array (size)
> ======================================================
> kfac = KeyFactory.getInstance("RSA")
> modulus = BigInteger(self._rsaKey)
> kspec1 = RSAPublicKeySpec(modulus, RSAKeyGenParameterSpec.F4)
> publicKey = kfac.generatePublic(kspec1)
> 
> rsaCipher = Cipher.getInstance("RSA/ECB/nopadding")
> rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey)
> rsaEncryptedData = rsaCipher.doFinal(temp,0x00,0x80)
> ======================================================

This is not Java code; for instance, it lacks a "new" just before
"BigInteger". That being said, there are a number of problems in what
you try to do:

-- The BigInteger(byte[]) constructor expects a binary representation
of an integer, in big-endian _signed_ notation. I.e., if the high bit
of the first byte is set, you will end up with a negative modulus, which
is not good for RSA. Use BigInteger(int, byte[]) instead.

-- "ECB" and "nopadding" make little sense for RSA. These are parameters
for symmetric encryption algorithm.

-- RSA, as an encryption algorithm, is defined by PKCS#1, which
specifies several kind of transformations which are applied to the input
data before computing the modular exponentiation which lies at the core
of RSA. Those transformations are called "padding" in PKCS#1 but they
are not to be confused with any "padding" from the realm of symmetric
ciphers. More precisely, two paddings are defined for RSA: the new
padding named "OAEP", and the old padding called "v1.5". The old padding
is the one which accepts the largest input message (with regards to the
modulus) and is also the one which is used just about everywhere.
Nevertheless, both paddings add some bytes to the data. With v1.5, the
maximum size of the input message is 11 bytes less than the modulus.
Thus, if the modulus is an integer greater than 2^1016 and less than
2^1024 (i.e. the kind of modulus which you will encode as 128 bytes),
then the maximum message size which you will encrypt with it is 117
bytes. No more.


You may have other bugs as well.


	--Thomas Pornin
0
pornin1 (320)
4/14/2009 12:27:21 PM
Reply: