All geek questions in one place

Java / JCE: decryption of a "long" message encrypted using RSA

I have a message contained in byte [] encrypted with "RSA / ECB / PKCS1Padding". To decrypt it, I create Cipher c and initiate it with

c = Cipher.getInstance("RSA/ECB/PKCS1Padding");

So far, I only have decrypted small messages using the doFinal () method, returning byte [] with decrypted bytes.

 c.init(Cipher.DECRYPT_MODE, privateKey); byte[] decryptetBytes = c.doFinal(encryptedBytes);

But in this case, the data is larger (about 500 bytes), and the doFinal () method throws an exception (javax.crypto.IllegalBlockSizeException: the data should not be longer than 128 bytes). I think I need to use the update () method, but I cannot figure out how to make it work correctly. How it's done?

+2
source share
3 answers

I think using RSA encryption for anything other than key transport is an abuse.

Generate a new key for symmetric encryption and encrypt its voluminous data. Then encrypt the key using RSA. Send symmetrically encrypted encrypted text along with an encryption key with asymmetric encrypted content for your recipient.

+3
source

With RSA, you can only encrypt / decrypt a block up to your key length minus the padding length. If you have data longer than your key, it may just be combined into one array, so you should break it into pieces with the size of your key (128 bytes contain 1024 keys without filling, I'm not sure if this is possible). Using update () is wrong here.

You just need to know how this array was created.

Generally speaking, RSA should not be used to encrypt a large amount of data because it is time consuming. Must be used to encrypt a key for a symmetric cipher, such as AES.

Take a look here: https://www.owasp.org/index.php/Digital_Signature_Implementation_in_Java

0
source

As Erickson said,

The steps you must follow are:

  • Create an RSA key pair (or get the public key from the keystore)
  • Create Symmetric Key (AES)
  • Encrypt data with AES key
  • Encrypt AES Key with RSA Public Key
  • Save (or send to a person with a private key) AES encrypted key and AES encrypted data

To decrypt:

  • Get the private key associated with this key pair used for encryption
  • Decrypt AES key using private key
  • Decrypt data using AES key
  • Use data
0
source

Source: https://habr.com/ru/post/1307151/

More articles:


All Articles