on android, getting xml rsa public key and encrypt a string with it

Question

I'm developing an android app and getting this public key from the server of the company that I work with:

PFJTQUtleVZhbHVlPjxNb2R1bHVzPnZOcFhkRWVOTU5pZDhuOTlUekRGMVo4MDNvTEdRSzlqWnNFODlDd2tiS29GV0tGZmt2QTZKODBNWHhPZnhqbFZIYU8vYWM4YUpMc1AxWVR1RFNHVis3VExQL0puVVpyNlJQQTdpbFlmMitVWExiS0U2ZW1RYzBKdXlOaVArL0FTMGZmKzYwSnZQekhYeEdQQnVIbWtTcmRqdEtFV0JCZXJzWWNuQVJyT2ZSYz08L01vZHVsdXM+PEV4cG9uZW50PkFRQUI8L0V4cG9uZW50PjwvUlNBS2V5VmFsdWU+

the server is windows with IIS 7.5.

base64decode it give me this XML

<RSAKeyValue><Modulus>vNpXdEeNMNid8n99TzDF1Z803oLGQK9jZsE89CwkbKoFWKFfkvA6J80MXxOfxjlVHaO/ac8aJLsP1YTuDSGV+7TLP/JnUZr6RPA7ilYf2+UXLbKE6emQc0JuyNiP+/AS0ff+60JvPzHXxGPBuHmkSrdjtKEWBBersYcnARrOfRc=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>

Extracting the Modulu and the Exponent from this xml, base64decode them and making the spec for the public key object:

    PublicKey pbKey = null;
    XMLParser parser = new XMLParser();
    Document doc = parser.getDomElement(publicKeyString);
    Element rsakeyvalue = doc.getDocumentElement();

    String modulusBase64 = parser.getValue(rsakeyvalue, "Modulus");
    byte[] modulus = Base64.decode(modulusBase64, 0);

    String exponentBase64 = parser.getValue(rsakeyvalue, "Exponent");
    byte[] exponent = Base64.decode(exponentBase64, 0);

    BigInteger modBigInteger = new BigInteger(1,modulus);
    BigInteger exBigInteger = new BigInteger(1,exponent);

    RSAPublicKeySpec spec = new RSAPublicKeySpec(modBigInteger, exBigInteger);
    try {
        KeyFactory factory = KeyFactory.getInstance("RSA");
        pbKey = factory.generatePublic(spec);
    } catch (Exception e) {
        e.printStackTrace();
    }

Creating the cipher and adding the plain text to encrypt with:

    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");

    byte[] keyBytes =   Base64.decode(this.publicKey, 0);

    /* the strToPublicKey is the previews code block */
    PublicKey publickey = strToPublicKey(new String(keyBytes));
    cipher.init( Cipher.ENCRYPT_MODE , publickey );

    // Base 64 encode removed.
    //byte[] encryptedBytes = Base64.encode( cipher.doFinal(plainText.getBytes()), 0 );
    byte[] encryptedBytes = cipher.doFinal(plainText.getBytes());

everything here is working but the server don't accept it, I'm base64 encode it and sending it as byte array.

the server admin saying it's too long, supposed to be 128 bit but it's 174 bit... what I'm doing wrong?

How its called this key? RSA XML is correct? or it's got other name?

I can also get PEM string from the server if someone have an idea how to do it with it.

Edit: i forgot to put here an important part, i'm sending the data to the server as byte array, this is how i make the string of it:

public static int unsignedToBytes(byte b) {
    return b & 0xFF;
}
StringBuilder byteArrayString = new StringBuilder();
int bytesLength = bytes.length;
int bytesCounter = 0;
for (byte aByte : bytes) {
    bytesCounter++;
    byteArrayString.append(unsignedToBytes(aByte));
    if(bytesCounter < bytesLength){
        byteArrayString.append(",");
    }
}

SOLVED! - the solution: the bytes that the string builder used are signed so i use this function unsignedToBytes() to make them unsigned and i removed the base64Encription on the encrypt() function. this was the problem, i hope it will help anyone else.

Answer 1

Your variable naming is bad. encryptedBytes contains not the encrypted bytes but the encrypted bytes in base64 encoding.

This is the reason you do not get the expected result.

The length of the encrypted data before applying Base64 encoding is 128 byte.

Afterwards the length is 172 bytes.