I am trying to encypt some data using RSA public key and signing with SHA-512 algo. But response recevied is differnet in different plat
form.
In C#:
RSACryptoServiceProvider crypto = new RSACryptoServiceProvider();
crypto.ImportCspBlob(Convert.FromBase64String(publickey));
crypto.exportParameters(false); // and got the public key modulus and exp
byte[] response = crypto.SignData(data, "SHA512");
In Java:
// got modulus and exp for public key from c#
byte[] modulo = {.....};
byte[] exp = {1,0,1};
BigInteger modulus = new BigInteger(1, modulo);
BigInteger pubExp = new BigInteger(1, exp);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec priKeySpec = new RSAPublicKeySpec(modulus, pubExp);
RSAPublicKey Key = (RSAPublicKey)keyFactory.generatePublic(priKeySpec);
// Calculate Hash
MessageDigest sha1 = MessageDigest.getInstance("SHA-512");
byte[] digest = sha1.digest(data);
// Encrypt digest
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, Key);
byte[] response = cipher.doFinal(digest);
but both response are not matching.C# generate correct one but java not generating the same byte[]
Any missing part in java code.
private static final String algorithm = "AES/CBC/NOPadding";
if we convert type 中國傳統的 languages then we get null value when we encryt.To overcome this problem we use below thing.
private static final String algorithm = "AES/CBC/PKCS5Padding";
if we do diifferent type languages like 中國傳統的 converion can be encryted.
Related
I have to write PHP program to do the same function with the java sign function as follow
public static String sign(byte[] data, String privateKey) throws Exception {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(data);
byte[] hashData = messageDigest.digest();
StringBuffer hexString = new StringBuffer();
byte[] keyBytes = Base64Utils.decode(privateKey.getBytes());
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance("NONEWithRSA");
signature.initSign(privateK);
signature.update(hashData);
byte[] sign = signature.sign();
return Base64.getEncoder().encodeToString(sign);
}
I have done some research on google and try to write the PHP code as follow
public function sign($data, $privateKeyString){
$privateKey = openssl_pkey_get_private($privateKeyString);
$hashData = hash("sha256",$data);
openssl_sign($hashData, $signature, $privateKey);
openssl_free_key($privateKey);
return base64_encode($signature);
}
I try to pass the same key with the data let's say "Hello" to both function and testing
the hash data are map but the outcome signature are different
Is there anyone can spot what cause the return base64 signature are different between the java and php?
public function sign($data, $privateKeyString){
$privateKey = openssl_pkey_get_private($privateKeyString);
$hashData = openssl_digest("sha256",$data);
openssl_private_encrypt($hashData, $signature, $privateKey);
openssl_free_key($privateKey);
return base64_encode($signature);
}
Finally fixing the problem by using openssl_digest "sha256" instead of passing sha256 hash value into the for private key encrytion, due to the hashing need to be convert into the hex string instead of the original value.
RSA encryption and decryption work well in java side with modulus and exponent as below:
Java RSA Modulus and Exponent:
String nModulusPublic = "AJ+L/dVL9jnRX6IM87H8x2fR24t6wpzBDV7bcgPWblegR0LNK91z/OSX+lSLUgHSKJ9to/Eo8OMsREpNoJlEzI0=";
String eExponentPublic = "AQAB";
String eExponentPrivate = "AIpmE5C9TiAlgYG/Hn5dOlTS9FFv8fWseX65eZPepOUY4ivxN0lOZ+MsugZd03wmKvnxBuCGu5nv2qrUBTPzjcE=";
Java Public and Private Key Generators:
static PublicKey GetPublicKey(String publicKString, String publicExponentStr) throws Exception {
byte[] modulusBytes = Base64.getDecoder().decode(publicKString);
byte[] exponentBytes = Base64.getDecoder().decode(publicExponentStr);
BigInteger modulus = new BigInteger(1, modulusBytes);
BigInteger exponent = new BigInteger(1, exponentBytes);
RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent);
KeyFactory fact = KeyFactory.getInstance("RSA");
PublicKey pubKey = fact.generatePublic(rsaPubKey);
return pubKey;
}
static PrivateKey GetPrivateKey(String nModulusPublic, String eExponentPrivate) throws Exception {
byte[] modulusBytes = Base64.getDecoder().decode(nModulusPublic);
byte[] exponentBytes = Base64.getDecoder().decode(eExponentPrivate);
BigInteger modulus = new BigInteger(1, modulusBytes);
BigInteger exponent = new BigInteger(1, exponentBytes);
RSAPrivateKeySpec privSpec = new RSAPrivateKeySpec(modulus, exponent);
KeyFactory fact = KeyFactory.getInstance("RSA");
PrivateKey privKey = fact.generatePrivate(privSpec);
return privKey;
}
I use nModulusPublic and eExponentPublic in c# to encrypting and decrypting in Java but doesn't work.
Worked on RSA.Encrypt(textBytes, true); parameters in c# function change it to false and RSAEncryptionPadding.Pkcs1 but doesn't' work. When I use the result of the c# Encrypt function in java to decrypt it always encounter with this error :
javax.crypto.IllegalBlockSizeException: Data must not be longer than 64 bytes
C# encrypt function:
static string Encrypt(string text)
{
string outputB64 = string.Empty;
byte[] textBytes = Encoding.UTF8.GetBytes(text);
RSAParameters result = new RSAParameters()
{
Modulus = Convert.FromBase64String(nModulusPublic),
Exponent = Convert.FromBase64String(eExponentPublic)
};
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
RSA.ImportParameters(result);
byte[] encryptedData = RSA.Encrypt(textBytes, true);
outputB64 = Convert.ToBase64String(encryptedData);
}
return outputB64;
}
Extra Information, Java Encrypt and Decrypt main functions:
static String Decrypt(String encodedString,PrivateKey privKey) {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privKey);
byte[] decrypted = cipher.doFinal(Base64.getDecoder().decode(encodedString));
return new String(decrypted, "UTF-8");
} catch (Exception err) {
return err.fillInStackTrace().toString();
}
}
static String Encrypt(String encodedString,PublicKey pubKey) {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] plainBytes = new String(encodedString).getBytes("UTF-8");
byte[] cipherData = cipher.doFinal(plainBytes);
String encryptedString = Base64.getEncoder().encodeToString(cipherData);
return encryptedString;
} catch (Exception err) {
return err.fillInStackTrace().toString();
}
}
Update:
I was working on it and found that java encrypts function and c# have two different types, Java result always ended with "==" but c# function have one "=" at the end, It seems this is the problem.
C# Encrypt function result:
AJiltxqa1/8HU20XZlKJsJvclQ8PyQetpWdbCOpbqrXVg0q
/v4x5tXLxbzGKbO5InvKkib7tDQp+9BU0SYbZLv0=
Java Encrypt function result:
RlarFQBo2mcCWjidQ5l7ho2EOG6KGQWpR3ByXXHsGo6+HRQzmO4v7
TUTMdfB9wjI3aO6quruSReitrWu7QF9Vw==
On C# encrypt function you give the parameter 'true':
byte[] encryptedData = RSA.Encrypt(textBytes, true);
This means that C# is NOT using the PKCS1Padding but the OEAPPadding.
Simply change on Java-side in your Decrypt-method (and in your ENCRYPT-method as well :-) the line
// change:
//Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
// to
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING");
I tested it with your keypair and it works like expected.
Edit:
On C#-side I run this code:
string plaintext = "The quick brown fox";
string encryptedDataBase64So = Encrypt(plaintext);
Console.WriteLine("encrypted SO : " + encryptedDataBase64So);
Console output:
encrypted SO : ZLylMsqcqbuDM7DprrmqIU8c8Q79fPXHudOY4INCNAo+iU7Oor3mZ8i+PP5PjtDkifqAXKYT8ON/ia9WjEFqRQ==
On Java-side I took the base64-String as input:
String fromCsharp = "Ew3nTEQuOX1tWfRNJEERa75A1o2bn6+HurVPYzGzA7kt+HAZAMdXKNACY2emvU6Bf42i8zpBO89lqvzuxNmRIw==";
String decryptedtext = DecryptWorking(fromCsharp, privateKey);
System.out.println("\ndecrypted from c#: " + decryptedtext);
Console output:
decrypted from c#: The quick brown fox
BTW: this is the PublicKey on C#-side that I generated from the PublicKey on Java-side and used it like this as source for the RSA-Encryption:
var publicKey = "<RSAKeyValue><Modulus>n4v91Uv2OdFfogzzsfzHZ9Hbi3rCnMENXttyA9ZuV6BHQs0r3XP85Jf6VItSAdIon22j8Sjw4yxESk2gmUTMjQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
RSA.FromXmlString(publicKey);
Besides the padding error described in detail in Michael Fehr's answer, there is another issue which is actually responsible for the error message IllegalBlockSizeException: Data must not be longer than 64 bytes. The inconsistent padding would throw a BadPaddingException if the IllegalBlockSizeException would not be thrown first.
The posted ciphertext has a leading 0 byte and is therefore 65 bytes in size:
Base64: AJiltxqa1/8HU20XZlKJsJvclQ8PyQetpWdbCOpbqrXVg0q/v4x5tXLxbzGKbO5InvKkib7tDQp+9BU0SYbZLv0=
Hex: 0098a5b71a9ad7ff07536d17665289b09bdc950f0fc907ada5675b08ea5baab5d5834abfbf8c79b572f16f318a6cee489ef2a489beed0d0a7ef415344986d92efd
If you try to decrypt this ciphertext on the Java side, you will get the posted error: IllegalBlockSizeException: Data must not be longer than 64 bytes.
Why does the C# code produce a too long ciphertext? This is because of the modulus, which also has a leading 0 byte and therefore a length of 65 bytes:
Base64: AJ+L/dVL9jnRX6IM87H8x2fR24t6wpzBDV7bcgPWblegR0LNK91z/OSX+lSLUgHSKJ9to/Eo8OMsREpNoJlEzI0=
Hex: 009f8bfdd54bf639d15fa20cf3b1fcc767d1db8b7ac29cc10d5edb7203d66e57a04742cd2bdd73fce497fa548b5201d2289f6da3f128f0e32c444a4da09944cc8d
The modulus was derived with BigInteger.toByteArray() (see this question, Update section), which returns the two's-complement representation and places a leading 0 byte in front if the frontmost byte has a value larger than 0x7f.
The leading 0 byte in the modulus results in a ciphertext generated by the C# code, which also has a leading 0 byte and thus an invalid length of 65 bytes. This does not make much sense and might be a bug.
To solve the problem the 0 byte in the modulus should be removed for the C# code, resulting in the following Base64 encoded modulus (which will produce 64 bytes ciphertexts):
n4v91Uv2OdFfogzzsfzHZ9Hbi3rCnMENXttyA9ZuV6BHQs0r3XP85Jf6VItSAdIon22j8Sjw4yxESk2gmUTMjQ==
Alternatively the 0 byte in the ciphertext can be removed, resulting in the following ciphertext (Base64 encoded):
mKW3GprX/wdTbRdmUomwm9yVDw/JB62lZ1sI6luqtdWDSr+/jHm1cvFvMYps7kie8qSJvu0NCn70FTRJhtku/Q==
which can now be successfully decrypted by the Java code to the plaintext (if a consistent padding is applied, see Michael Fehr's answer):
Davood
I'm currently doing RSA encryption on Java and I have to use private and public modulus for the encryption. I currently Have the following:
private void createPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
String publicModulus = "d2c34017ef94f8ab6696dae66e3c0d1ad186bbd9ce4461b68d7cd017c15bda174045bfef36fbf048" +
"73cfd6d09e3806af3949f99c3e09d6d3c37f6398d8c63f9a3e39b78a187809822e8bcf912f4c44a8" +
"92fe6a65a477ddea9582738317317286a2610ba30b6b090c3b8c61ffb64207229b3f01afe928a960" +
"c5a44c24b26f5f91";
BigInteger keyInt = new BigInteger(publicModulus, 16);
BigInteger exponentInt = new BigInteger("10001", 16);
RSAPublicKeySpec keySpeck = new RSAPublicKeySpec(keyInt, exponentInt);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
publicKey = keyFactory.generatePublic(keySpeck);
}
private void createPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
String privateModulus = "6c97ab6369cf00dd174bacd7c37e6f661d04e5af10670d4d88d30148ec188e63227b8dac0c517cf9" +
"67aa73cd23684c9165dc269f091bfab33b6c5c7db95b54130e348255c30aaaac1c7f09ef701e0d6f" +
"6dc142d2e4ed78466cc104e28d50be7adf3863afc021dbdd8b5f0b968b7cd965242c7d8d4b32ee84" +
"0fac3cad134344c1";
BigInteger privateModulusInt = new BigInteger(privateModulus, 16);
BigInteger exponentInt = new BigInteger("10001", 16);
RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(privateModulusInt, exponentInt);
KeyFactory factory = KeyFactory.getInstance("RSA");
privateKey = factory.generatePrivate(privateKeySpec);
}
In the main method I have the following:
createPrivateKey();
createPublicKey();
String data = "12";
Cipher cipher1 = Cipher.getInstance("RSA/ECB/NoPadding");
cipher1.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedData = cipher1.doFinal(data.getBytes());
Cipher cipher2 = Cipher.getInstance("RSA/ECB/NoPadding");
cipher2.init(Cipher.DECRYPT_MODE,privateKey);
byte[] decryptedData = cipher2.doFinal(encryptedData);
System.out.println(new String(decryptedData));
In the console I get the following: ���.7���p;%kV�9y���xa�ɼ{ and not "12" If I make the String data = "12345";, I then get: javax.crypto.BadPaddingException: Message is larger than modulus
Firstly why is the encryption and decryption not working? Why am I not getting back "12". Secondly why can I not have data be greater than 2 characters?
Note I'm using the following website to get the modulus and exponent values.
There is an error creating the private key. You are providing the public exponent instead of private and (as commented #dave_thomsom_085) private exponent instead of modulus
Change createPrivateKey() with
private static PrivateKey createPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
String publicModulus = "d2c34017ef94f8ab6696dae66e3c0d1ad186bbd9ce4461b68d7cd017c15bda174045bfef36fbf048" +
"73cfd6d09e3806af3949f99c3e09d6d3c37f6398d8c63f9a3e39b78a187809822e8bcf912f4c44a8" +
"92fe6a65a477ddea9582738317317286a2610ba30b6b090c3b8c61ffb64207229b3f01afe928a960" +
"c5a44c24b26f5f91";
String privateExponent = "6c97ab6369cf00dd174bacd7c37e6f661d04e5af10670d4d88d30148ec188e63227b8dac0c517cf9" +
"67aa73cd23684c9165dc269f091bfab33b6c5c7db95b54130e348255c30aaaac1c7f09ef701e0d6f" +
"6dc142d2e4ed78466cc104e28d50be7adf3863afc021dbdd8b5f0b968b7cd965242c7d8d4b32ee84" +
"0fac3cad134344c1";
BigInteger privateExponenInt = new BigInteger(privateExponent, 16);
BigInteger keyInt = new BigInteger(publicModulus, 16);
RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(keyInt, privateExponenInt);
KeyFactory factory = KeyFactory.getInstance("RSA");
return factory.generatePrivate(privateKeySpec);
}
Also you should not use raw RSA without padding for security reasons. Use RSA/ECB/PKCS1Padding or the new OAEP padding RSA/ECB/OAEPWithSHA1AndMGF1Padding
According to this answer you can encrypt with PKCS1Padding data up to 11 bytes less than the key size. and using OAEP it must be less than the size of the key modulus – 41
Then, using your 1024 bits key:
PKCS1: (1024 bits / 8) - 11 = 117 bytes
OAEP: (1024 bits / 8) - 42 = 86 bytes
Also is recommended to use CRT instead of private exponent directly
RSAPrivateCrtKeySpec privateKeySpec =
new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExpP, primeExpQ, crtCoefficient);
I have the public modulus and exponent for a key. I am encoding a test piece of text and getting different results than the java code that I am trying to replicate.
The java code is here:
RSAPublicKeySpec rsaPublicSpec = new RSAPublicKeySpec(modulus, exponent);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(rsaPublicSpec);
X509EncodedKeySpec encodedPublicKeySpec = new X509EncodedKeySpec(publicKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance(“RSA”);
PublicKey publicKey = keyFactory.generatePublic(encodedPublicKeySpec);
Cipher cipher = Cipher.getInstance(“RSA / ECB / PKCS1Padding”);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedBytes = cipher.doFinal(clearTextString.getBytes());
BASE64Encoder b64 = new BASE64Encoder();
String base64EncodedStr = b64.encode(encryptedBytes);
What I have in C# right now using Bouncy Castle is:
BigInteger publicModulus = new BigInteger(1, Convert.FromBase64String(publicKeyString));
BigInteger publicExponent = new BigInteger(1,Convert.FromBase64String("AQAB"));
RsaKeyParameters pubParameters = new RsaKeyParameters(false, publicModulus, publicExponent);
IAsymmetricBlockCipher eng = new Pkcs1Encoding(new RsaEngine());
eng.Init(true, pubParameters);
byte[] plaintext = Encoding.UTF8.GetBytes("test data");
byte[] encdata = eng.ProcessBlock(plaintext, 0, plaintext.Length);
Console.WriteLine(Convert.ToBase64String(encdata));
I'm a confused about why the java code gets the public key and then does the X509 version (and whether I need to do that in the C# implementation).
I'm also not sure if I need to compensate for endianness of c# vs. java.
Appreciate some help.
The confusing code didn't do anything. Also, Bouncy Castle wasn't actually needed once I got the modulus as a base64 string. Here's what worked.
var publicKey =
"<RSAKeyValue><Modulus>base64modulusgoeshere</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
var sbytes = Encoding.UTF8.GetBytes(s);
var rsa = new RSACryptoServiceProvider(2048);
rsa.FromXmlString(publicKey);
var encdata = rsa.Encrypt(sbytes, false);
enc = Convert.ToBase64String(encdata);
I have a Java working sample app (which uses Bouncy Castle) that I need to port to C# (I'm using Bouncy Castle for C# too).
The code is almost the same. However, even when I provide exactly the same modulus and exponent for both, the result arrays are completely different also the strings.
Reiterating: The Java excerpt is the code that works
Where do I'm getting wrong? Thank you in advance!
Java:
public static String encodeRSA(String keyModulus, String keyExponent,
String data) {
try {
byte btMod[] = Base64.decode(keyModulus);
byte btExp[] = Base64.decode(keyExponent);
BigInteger modulus = new BigInteger(1, btMod);
BigInteger pubExp = new BigInteger(1, btExp);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(modulus, pubExp);
RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] cipherData = cipher.doFinal(data.getBytes());
String tmp = new String(Base64.encode(cipherData));
System.out.println(tmp);
return tmp;
} catch (Exception e) {
System.out.println(e.getMessage());
}
return "";
}
C#:
private static string EncodeRSA(string modulus, string exponent, string data)
{
//Base64, DotNetUtilities functions and BigInteger type are from Bouncy Castle
byte[] btMod = Base64.Decode(modulus);
byte[] btExp = Base64.Decode(exponent);
BigInteger mod = new BigInteger(1, btMod);
BigInteger exp = new BigInteger(1, btExp);
RsaKeyParameters bcKeySpec = new RsaKeyParameters(false, mod, exp);
RSAParameters keySpec = DotNetUtilities.ToRSAParameters(bcKeySpec);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(keySpec);
byte[] plaintext = Encoding.UTF8.GetBytes(data);
byte[] ciphertext = rsa.Encrypt(plaintext, false);
string cipherresult = Encoding.UTF8.GetString(Base64.Encode(ciphertext));
return cipherresult;
}
Modulus:
gdBAMJVXCuEGhX0b1hPAggpD7Ayi33JhsARksGkEatQsdox3BG3bTR/vz8M4vZe74EZj0aZrk0rGJGmAEJZ9GlXq6JzIRYBW5zULsBoPDq4spgobECJLsXq8CnZzOrOM+meIXFhoK8Jyob4X9q62HkDwhMMyqsBG0epWMHPIgkU=
Exponent:
AQAB
Output:
Java output for the entry "1]teste]111111]MTExMTExMTExMTExMTExMQ=="
using the given modulus/exponent
dUCVsGrZIwSyh0ZAxon3wMSPPoQqflpRNtQ5c+TILuOR/5IihABJpZRL6E1TjYs62WXvQUbeFqRYbdAvbjY3YZk+aSviBosdN54+T8+/5agjveeDBi6LXu6r1+KBriq2K1ULg9YC62SrSbRN8VMJ9gkgatF2ux06PyouJOPJPN8=
EDIT - C# Output with given entry, modulus and exponent
CHyg5J+OMuG9H9S7R24Lg2iXeLN/Rgh7XcyDQJqMNZobH0V1hqe2dxrcE3R+UrVl/aDWJg3aXNtP3+8YFA17fLr9yIbIYv5o2zeRMdHbyrW/z26JGaynsay096KEzJ0uBAACJQ3LZryd5ei7zzo77Bnka2Un7C9TJvldswhldxM=
The output of RSA encryption, or any secure encryption method, outputs data that is indistinguishable from random to an attacker. This is performed by the IV for symmetric ciphers and by the padding method for RSA. If this wasn't the case then an attacker would be able to see similarities for different ciphertext; encrypt "yes" twice and the same ciphertext would appear. So an attacker could easily distinguish E(pk, "yes") | E(pk, "yes") from E(pk, "yes") | E (pk, "no").
So Java and C# both output a ciphertext that is precisely the size of the modulus before encoding. However the plaintext is first padded with secure random data before the modular exponentiation used for RSA. The way to verify that the ciphertext generation was correct is by decrypting the ciphertext using the private key. Actually, if you have multiple runs of either Java or C# you will find that the ciphertext keeps changing even within the same language/runtime.