11

After I have read articles about Cryptography(Symmetric and Asymmetric) methods.Many articles are telling that Private key is used to encrypt and decrypt data.Public key is used to encrypt data.But When I try to start implementing in Java I can't able to use private key to encrypt and decrypt data(I am using RSA Algorithm)? If it is possible please provide me a link .If it doesn't support, please answer why it doesn't support?

//Encrypt

Cipher encrypt=Cipher.getInstance("RSA");
encrypt.init(Cipher.ENCRYPT_MODE, privatekey);
byte[] encryptedMessage=encrypt.doFinal(msg.getBytes());

//Decrypt

Cipher decrypt=Cipher.getInstance("RSA");
decrypt.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedMessage=decrypt.doFinal(encryptedMessage);
sunkuet02
  • 2,376
  • 1
  • 26
  • 33
Nadendla
  • 712
  • 2
  • 7
  • 17

3 Answers3

19

To perform RSA encryption you need to encrypt with the public key and decrypt with the private key. Furthermore, you should use a well defined padding method, such as PKCS#1 v1.5 compatible padding or - if available - OAEP padding.

Encryption with an RSA private key makes no sense, as anybody with the public key can decrypt. There is something called "raw RSA" which is basically modular exponentiation, but that should only be used with another padding scheme to generate signatures. In that case you want everybody with a public key to "decrypt" to verify the signature.

More information here and here.

So encryption is:

// specify mode and padding instead of relying on defaults (use OAEP if available!)
Cipher encrypt=Cipher.getInstance("RSA/ECB/PKCS1Padding");
// init with the *public key*!
encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
// encrypt with known character encoding, you should probably use hybrid cryptography instead 
byte[] encryptedMessage = encrypt.doFinal(msg.getBytes(StandardCharsets.UTF_8));

and decryption is:

Cipher decrypt=Cipher.getInstance("RSA/ECB/PKCS1Padding");
decrypt.init(Cipher.DECRYPT_MODE, privateKey);
String decryptedMessage = new String(decrypt.doFinal(encryptedMessage), StandardCharsets.UTF_8);
Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • 1
    Isn't cryptographic signing encryption with a private key? – Peter Becker May 26 '14 at 18:13
  • 3
    @PeterBecker It's better not to think of it that way. Check [RFC 3447 part 5.2](http://tools.ietf.org/html/rfc3447#page-12): "... The main mathematical operation in each primitive is exponentiation, as in the encryption and decryption primitives of Section 5.1. RSASP1 and RSAVP1 are the same as RSADP and RSAEP except for the names of their input and output arguments; they are distinguished as they are intended for different purposes. ". This is only true for "textbook" or "raw" RSA, which is not fit for normal cryptographic purposes. Padding is integral part of the scheme and differs. – Maarten Bodewes May 26 '14 at 18:18
  • Point taken. I actually found a broken crypto scheme once where pure RSA was used (problem one) and the two keys were used the wrong way around. Bouncy Castle let's you do that and then quietly changes the padding, which in this case meant no randomization on encryption. – Peter Becker May 26 '14 at 18:22
7

How Public Private Key Encryption is working:

  1. IF you encrypt something with your private key anyone with your public key can decrypt it.
  2. IF you encrypt something with your public key only your private key can decrypt it.

You have to generate public private key pair. Private key is just for you and public key can be given to people you trust.

How to generate key pairs?

$ openssl genrsa -out private_key.pem 1024
$ openssl rsa -pubout -in private_key.pem -out public_key.pem

Or go here in do it in java -> JAVA RSA When you do that come back and ask more questions

dharr
  • 328
  • 1
  • 11
1

When you encrypt with private key it is called certificate. And your public keys are distributed to the clients so that they can open it and verify the issuer of the certificate. The same way client can create its own signature by encrypting with public key. The same way the server/issuer can verify it by decrypting it with private key.

S: Private Key P: Public Key

S + Data = Certificate => Client (opens/verifies it with public key) P + Data = Signature => Server / Issuer (opens/verifies it with private key)

ship shuk - www.shipshuk.com
  • 57
  • 6