views:

375

answers:

2

Where can I find a RSA encrypt example that does not use "NoPadding"?

--update

Better: how to make this SSCCE run correctly without throw the "too much data for RSA block" exception?

import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;

import javax.crypto.Cipher;

/**
 * Basic RSA example.
 */
public class TestRSA {

    public static void main(String[] args) throws Exception {

 byte[] input = new byte[100];

 Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC");
 KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");

 // create the keys

 RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("d46f473a2d746537de2056ae3092c451",
  16), new BigInteger("11", 16));
 RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger(
  "d46f473a2d746537de2056ae3092c451", 16), new BigInteger("57791d5430d593164082036ad8b29fb1",
  16));

 RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
 RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);

 // encryption step

 cipher.init(Cipher.ENCRYPT_MODE, pubKey);

 byte[] cipherText = cipher.doFinal(input);

 // decryption step

 cipher.init(Cipher.DECRYPT_MODE, privKey);

 byte[] plainText = cipher.doFinal(cipherText);

    }
}

--update: about loop

Using:

 byte[] cipherText = new byte[input.length];
 for (int i = 0; i < input.length; i++) {
     byte[] singleByteArray = new byte[] { input[i] };
     cipherText[i] = cipher.doFinal(singleByteArray)[0];
 }

does not work fine. For a unknown reason the cipherText became full of zeros - even if the input is an array of 0x03.

A: 
 Cipher cipher = Cipher.getInstance("RSA");
 cipher.init(Cipher.ENCRYPT_MODE, publicKey);
 byte[] cipherData = cipher.doFinal(content);

Update: Are you sure you need bouncycastle for this? And why not just pass RSA as argument to Cipher.getInstance(..) ?

Update 2: Why don't you try any of these RSA encryption examples?

Bozho
Thanks. Please, see my update..
Tom Brito
Passing just RSA to Cipher.getInstance() occur the same fail. This code is a adaptation (a try) from a book example.
Tom Brito
so, you can try getting rid of "BC". The default provider also supports RSA.
Bozho
Ok. But this still does not solve the fail.
Tom Brito
are you sure your keys are correctly generated? Have you used `KeyPairGenerator` ?
Bozho
in the posted example see no problems in the keys..
Tom Brito
I can't see a problem in a hex value. But they might be of wrong length for example. Use a `KeyPairGenerator` to make new keys and try.
Bozho
please, see my "about loop" update
Tom Brito
@Тom Brito check mine.
Bozho
looks like works fine with little size data. What about large size? I'm not finding examples..
Tom Brito
+2  A: 

The Sun Providers Documentation for the SunJCE provider tells you what padding specifications are allowed in the Cipher.getInstance() argument. Try Cipher.getInstance("RSA/ECB/PKCS1PADDING");

EDIT:
It is not a padding issue, it is more that you have a misunderstanding of how RSA is used in cryptography. You can either 1) make the modulus bigger than the data, 2) use a Hybrid cryptosystem, or 3) least desirable is to manually break up the input into chunks that are each smaller than the modulus. If you are going to use PKCS1 padding (which is generally recommended), then the input must be not larger than n-11 bytes in length, where n is the number of bytes needed to store the RSA modulus.

GregS
I tryied this, but I get the same fail.. please, see my update.
Tom Brito
Yes, because you are using RSA wrong. You can't RSA encrypt a value bigger than the modulus. Unless you *really* know what you are doing.
GregS
Modulus length in bytes minus 11 is the maximal length for the message in PKCS #1.
Accipitridae
considering a variable data length, the best would be break the input into chunks...
Tom Brito
I've never worked with cryptography before. The correct way to do this is a loop around the cipher.doFinal()?
Tom Brito
Breaking the input into chunks is not a good solution. Usually one would encrypt the message with an symmetric cryptosystem and encrypt the key for the symmetric cryptosystem with RSA.
Accipitridae
@Accipitridae that's what I'll do after correctly use RSA. The RSA will encrypt a key.
Tom Brito
please, see my "about loop" update
Tom Brito