Reputation: 145
Failed to RSA decrypt with java
My password is encrypted with RSA in an android app. On the server side, I need to decrypt it., What I have is a .pem file, and the php code for decrypting:
function privatekey_decodeing($crypttext, $fileName, $fromjs = FALSE)
{
$key_content = file_get_contents( $fileName );
$prikeyid = openssl_get_privatekey( $key_content, "1234" );
$crypttext = str_replace(' ', '+', $crypttext);
$crypttext = base64_decode( $crypttext );
$padding = $fromjs ? OPENSSL_NO_PADDING : OPENSSL_PKCS1_PADDING;
if( openssl_private_decrypt( $crypttext, $sourcestr, $prikeyid, $padding ) )
{
return $fromjs ? rtrim( strrev( $sourcestr ), "/0" ) : "" . $sourcestr;
}
return;
}
the fileName is frivatekey file(.pem file) Now I need to use java to decrypt it. I have tried some methods, all have failed. Here is what I have tried:
- using the .pem file to generate a .der key file
- reading the .der file to get the privateKey
using the byte[] read from .der file to generate keyfile
public static PrivateKey generatePrivateKey(byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException { KeySpec keySpec = new PKCS8EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return keyFactory.generatePrivate(keySpec); }decrypt my password
public static byte[] decrypt(PrivateKey privateKey, byte[] data) throws Exception { Cipher ci = Cipher.getInstance(ALGORITHOM, DEFAULT_PROVIDER); ci.init(Cipher.DECRYPT_MODE, privateKey); return ci.doFinal(data); }
But it does not work, and I do not know where is going wrong.
In the php code I see $prikeyid = openssl_get_privatekey( $key_content, "1234" );
But I don't know what does the "1234" means. Does it mean using "1234" to encrypt the keyfile? Is this the reason the decrypt failed?
Upvotes: 1
Views: 567
Answers (1)
Reputation: 34113
$padding = $fromjs ? OPENSSL_NO_PADDING : OPENSSL_PKCS1_PADDING;
These are both bad options:
- Unpadded RSA is insecure
- PKCS1 padding (which is also the default padding mode) is vulnerable to chosen-ciphertext attacks; thus it's also insecure
Please don't implement RSA yourself. You're going to make your application incredibly insecure.
Recommended reading:
- Cryptographic right answers
- The original cryptographic right answers
- Recommended PHP cryptography libraries
- Crypto Fails
- How to safely implement cryptography in any application (covers Java and PHP)
Upvotes: 1
Related Questions
- RSA Encryption in Java / Decryption in PHP Fails
- Why I get this exception by trying to decrypt RSA with java but encrypted with php?
- Problem with encrypting and decrypting using RSA on JAVA
- RSA Encryption: Java code to PHP code
- RSA Encryption Error
- JAVA RSA Decryption not working, throws InvalidKeySpecException
- Decryption is not working using RSA
- RSA Encryption: Java to PHP
- RSA encryption in Java, decrypt in PHP
- Decryption problem using RSA