tags:

views:

621

answers:

2
Q: 

RSA code in both Javascript and Java

I want to find the RSA code in both Javascript and Java code. And they can return the same result in encrypt and decrypt.

My purpose is: I can encrypt a message in the user's browser using Javascript (with the public key). After I can decrypt that message in my server (with private key).

I found on internet but Javascript and Java return difference result: if I encrypt using Javascript, I cannot decrypt using Java.

+6  A: 

This is not a good idea.

RSA public key encryption is suitable for encrypting a session key, not the entire message. It's too slow and it's susceptible to a man-in-the-middle attack when used directly.

Just use SSL and be done with it.

Steven Sudit  2009-09-04 01:06:14
A: 

I am curious why the javascript and java had different results, as RSA isn't platform dependent, but, converting the key to a byte array can differ, so that could be your difficulty.

If you are encrypting a password then it may make sense to use RSA, as the number of bytes that can be encrypted/decrypted is related to the length of the key.

Where you found the source code for Java and Javascript would be useful to see, or at least to know how the keys were turned into byte arrays, and then the private or public keys were created from those.

James Black  2009-09-04 01:11:14
James, you might want to take a look at this person's track record.
Steven Sudit  2009-09-04 01:15:56
I dont know the reason. Maybe in JS and Java have the difference in the code. For example in java generating the public is only return one String result like: "MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD.....". But in javascript, the key need 3 parameters for key: m,e,d. Like the following example. m = 1d7777c38863aec21ba2d91ee0faf51e = 5abbd = 1146bd07f0b74c086df00b37c602a0b(Please see the example: http://ohdave.com/rsa/ )
haicnpmk44  2009-09-04 01:33:27
If you look at http://bouncycastle.org/docs/docs1.6/index.html, look at PublicKeyFactory and RSAPublicKeyStructure, and see that the encoding is ASN.1 encoded. The encoding is what is important, as that is how a key will be converted into something that can be sent over the Internet. In order to have the three things listed you can generate the public and private key, so javascript should never get it. You need to find a library using an encoded public key and then find a library that will use that encoding.
James Black  2009-09-04 01:44:32

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java