f



Encrypt/Decrypt String with RSA and X509Certificate

Hi,
I've 2 files : CA.cert (X509 certificate) and CA.key (contains private
key)
I want to encrypt a string "secret message" with the public key of the
certificate and decrypt this string with the private key.
I think encryption is ok, but I can't import the private key from the
file.
Here is my code:
--------------------------------------------------------------------
[...]

InputStream inStream = new FileInputStream("./CA.crt"); //The X509
certificate
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		X509Certificate cert =
(X509Certificate)cf.generateCertificate(inStream);
		inStream.close();

RSAPublicKey rsaPublicKey = (RSAPublicKey)cert.getPublicKey();
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.addProvider(bcp);
Cipher encryptCipher = Cipher.getInstance("RSA", bcp);
encryptCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey);

String message = "secret message";
byte[] messageACrypter = message.getBytes();
byte[] messageCrypte = encryptCipher.doFinal(messageACrypter);

System.out.println("\nSource : "+message);
System.out.println("Source crypted: "+new String(messageCrypte)+"\n");

File keyFile = new File("./CA.key");
DataInputStream in = new DataInputStream(new FileInputStream(keyFile));
byte [] fileBytes = new byte[(int) keyFile.length()];
in.readFully(fileBytes);
in.close();
KeyFactory kf = KeyFactory.getInstance("RSA");
KeySpec ks = new X509EncodedKeySpec(fileBytes);
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)kf.generatePrivate(ks);

Cipher decryptCipher = Cipher.getInstance("RSA", bcp);
decryptCipher.init(Cipher.DECRYPT_MODE,rsaPrivateKey);

byte[] messageDecrypte = decryptCipher.doFinal(messageCrypte);
		System.out.println("Source decrypted: "+new
String(messageDecrypte)+"\n");
[...]
-------------------------------------------------------------
I've an error :

java.security.spec.InvalidKeySpecException: Key spec not RSA.

How to correct this?
Thanks a lot.

0
6/22/2005 8:22:46 AM
comp.lang.java.security 1502 articles. 0 followers. Post Follow

5 Replies
5141 Views

Similar Articles

[PageSpeed] 36

I forgot : the private key is protected with a passphrase....

0
iso
6/22/2005 8:57:05 AM
Hi,

The X509EncodedKeySpec is used for generating public keys. Use the
PKCS8EncodedKeySpec instead and make sure that the private key in your
file is DER (binary) encoded according to the PKCS#8 format. If the key
is base64 encoded (ASCII) then you can convert it to binary by using
Sun's "unsupported" converter class sun.misc.BASE64Decoder.

Hope it solves your problem.
If not, you have to supply more informaetion regarding the format of
your private key file.

Regards,
 Tommy
 www.pheox.com

Beno=EEt wrote:
> Hi,
> I've 2 files : CA.cert (X509 certificate) and CA.key (contains private
> key)
> I want to encrypt a string "secret message" with the public key of the
> certificate and decrypt this string with the private key.
> I think encryption is ok, but I can't import the private key from the
> file.
> Here is my code:
> --------------------------------------------------------------------
> [...]
>
> InputStream inStream =3D new FileInputStream("./CA.crt"); //The X509
> certificate
> 		CertificateFactory cf =3D CertificateFactory.getInstance("X.509");
> 		X509Certificate cert =3D
> (X509Certificate)cf.generateCertificate(inStream);
> 		inStream.close();
>
> RSAPublicKey rsaPublicKey =3D (RSAPublicKey)cert.getPublicKey();
> BouncyCastleProvider bcp =3D new BouncyCastleProvider();
> Security.addProvider(bcp);
> Cipher encryptCipher =3D Cipher.getInstance("RSA", bcp);
> encryptCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey);
>
> String message =3D "secret message";
> byte[] messageACrypter =3D message.getBytes();
> byte[] messageCrypte =3D encryptCipher.doFinal(messageACrypter);
>
> System.out.println("\nSource : "+message);
> System.out.println("Source crypted: "+new String(messageCrypte)+"\n");
>
> File keyFile =3D new File("./CA.key");
> DataInputStream in =3D new DataInputStream(new FileInputStream(keyFile));
> byte [] fileBytes =3D new byte[(int) keyFile.length()];
> in.readFully(fileBytes);
> in.close();
> KeyFactory kf =3D KeyFactory.getInstance("RSA");
> KeySpec ks =3D new X509EncodedKeySpec(fileBytes);
> RSAPrivateKey rsaPrivateKey =3D (RSAPrivateKey)kf.generatePrivate(ks);
>
> Cipher decryptCipher =3D Cipher.getInstance("RSA", bcp);
> decryptCipher.init(Cipher.DECRYPT_MODE,rsaPrivateKey);
>
> byte[] messageDecrypte =3D decryptCipher.doFinal(messageCrypte);
> 		System.out.println("Source decrypted: "+new
> String(messageDecrypte)+"\n");
> [...]
> -------------------------------------------------------------
> I've an error :
>
> java.security.spec.InvalidKeySpecException: Key spec not RSA.
>=20
> How to correct this?
> Thanks a lot.

0
iso
6/22/2005 2:25:37 PM
Here is some sample code using PKCS8EncodedKeySpec:
   http://www.jensign.com/JavaScience/PEM/RSAPVK8.java

Also, there are a number of the standard PrivateKeyInfo spec (as exported
by Java) to Microsoft/Windows PRIVATEKEYBLOB format converter
utilities here:
  http://www.jensign.com/JavaScience/cryptoutils

- Mitch Gallant
   JavaScience Consulting
   www.jensign.com

"Tommy Gr�ndefors" <dala@telia.com> wrote in message news:1119450337.718353.258360@g47g2000cwa.googlegroups.com...
Hi,

The X509EncodedKeySpec is used for generating public keys. Use the
PKCS8EncodedKeySpec instead and make sure that the private key in your
file is DER (binary) encoded according to the PKCS#8 format. If the key
is base64 encoded (ASCII) then you can convert it to binary by using
Sun's "unsupported" converter class sun.misc.BASE64Decoder.

Hope it solves your problem.
If not, you have to supply more informaetion regarding the format of
your private key file.

Regards,
 Tommy
 www.pheox.com

Beno�t wrote:
> Hi,
> I've 2 files : CA.cert (X509 certificate) and CA.key (contains private
> key)
> I want to encrypt a string "secret message" with the public key of the
> certificate and decrypt this string with the private key.
> I think encryption is ok, but I can't import the private key from the
> file.
> Here is my code:
> --------------------------------------------------------------------
> [...]
>
> InputStream inStream = new FileInputStream("./CA.crt"); //The X509
> certificate
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert =
> (X509Certificate)cf.generateCertificate(inStream);
> inStream.close();
>
> RSAPublicKey rsaPublicKey = (RSAPublicKey)cert.getPublicKey();
> BouncyCastleProvider bcp = new BouncyCastleProvider();
> Security.addProvider(bcp);
> Cipher encryptCipher = Cipher.getInstance("RSA", bcp);
> encryptCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey);
>
> String message = "secret message";
> byte[] messageACrypter = message.getBytes();
> byte[] messageCrypte = encryptCipher.doFinal(messageACrypter);
>
> System.out.println("\nSource : "+message);
> System.out.println("Source crypted: "+new String(messageCrypte)+"\n");
>
> File keyFile = new File("./CA.key");
> DataInputStream in = new DataInputStream(new FileInputStream(keyFile));
> byte [] fileBytes = new byte[(int) keyFile.length()];
> in.readFully(fileBytes);
> in.close();
> KeyFactory kf = KeyFactory.getInstance("RSA");
> KeySpec ks = new X509EncodedKeySpec(fileBytes);
> RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)kf.generatePrivate(ks);
>
> Cipher decryptCipher = Cipher.getInstance("RSA", bcp);
> decryptCipher.init(Cipher.DECRYPT_MODE,rsaPrivateKey);
>
> byte[] messageDecrypte = decryptCipher.doFinal(messageCrypte);
> System.out.println("Source decrypted: "+new
> String(messageDecrypte)+"\n");
> [...]
> -------------------------------------------------------------
> I've an error :
>
> java.security.spec.InvalidKeySpecException: Key spec not RSA.
>
> How to correct this?
> Thanks a lot.


0
Michel
6/22/2005 9:31:26 PM
You must unprotect your private key before you can import it.

If you have generated your key through openssl, then you can transform
your private key to an unprotected DER encoded PKCS#8 key by executing:
openssl pkcs8 -nocrypt -topk8 -inform PEM -outform DER -in CA.key -out
CA.key.pkcs8

Then it can be successfully imported with your code (if you use the
PKCS8EncodedKeySpec).

Regards,
 Tommy
 www.pheox.com

Beno=EEt wrote:
> I forgot : the private key is protected with a passphrase....

0
iso
6/23/2005 7:20:34 AM
Thanks for your informations...
I will certainly use them

Bye

0
iso
6/23/2005 8:21:48 AM
Reply: