0

I am developing an OSGi plugin (bundle) which performs encryption on Strings. The Strings themselves are encrypted using AES. I am encrypting the AES key with RSA. All works perfectly in my unit tests.

When I deploy the plugin into Karaf (haven't tried any other OSGi containers at present), the result of the encrypted key is a bunch of zero bytes with a final 1-byte. There are no exceptions being thrown. Everything looks normal except that when I go in with the debugger, I discover that the RSA public key cipher is using a key-spec where the value of the public exponent is zero. This obviously makes no sense and it doesn't surprise me that the output is mainly zeroes.

Can anyone suggest why this might be happening?

Adding some code fragments:

public static Cipher createRsaCipher(final boolean keyTypePublic, final int mode, final KeySpec keySpec) throws GeneralSecurityException
{
    final KeyFactory kfpri = KeyFactory.getInstance(RSA);
    final Cipher result = Cipher.getInstance(RSA);
    result.init(mode, keyTypePublic ? kfpri.generatePublic(keySpec) : kfpri.generatePrivate(keySpec));
    return result;
}

private static Cipher createPublicKeyEncryptionCipher(final URL key) throws IOException, GeneralSecurityException {
    try (InputStream stream = key.openStream()) {
        final byte[] encodedKey = readPublicKeyBytes(stream);
        final X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encodedKey);
        return CipherFactory.createRsaCipher(true, Cipher.ENCRYPT_MODE, publicKeySpec);
    }
}

private static byte[] encrypt(final byte[] source, Cipher cipher) throws GeneralSecurityException {
    final int bytes = source.length;
    final int outputSize = cipher.getOutputSize(bytes);
    final byte[] buffer = new byte[outputSize];
    int resultLength = 0;
    final int n = cipher.doFinal(source, 0, bytes, buffer, 0);
    resultLength += n;
    final byte[] result = new byte[resultLength];
    System.arraycopy(buffer, 0, result, 0, resultLength);
    return result;
}

 openssl rsa -in private.pem -pubout -outform DER -out public.der

 more private.pem
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpQIBAAKCAQEA6LhJ1xCjo2mOMYO3Km5rk+1jpSUgeFLX296apNHgHVb7e9H/
 .....etc...........
 o6ZYdYg05ubEu+jRQkdudbA/7AXLwYOzGtzhla7ow5QhYcWtJEOwX4U=
 -----END RSA PRIVATE KEY-----
Phasmid
  • 923
  • 7
  • 19
  • 2
    We don't have access to your system, Phasmid, nor did you provide any code. How the heck are we supposed to answer this? – Maarten Bodewes Aug 24 '14 at 17:58
  • I could add code if you like but, as I say, it works fine in unit testing. What I was hoping for was that someone might recognize the problem from personal experience. If I do present code, how much of it do you need to see? – Phasmid Aug 25 '14 at 00:18
  • Anything that has to do with the RSA key generation and the encryption. – Maarten Bodewes Aug 25 '14 at 07:08
  • I've added the method which creates the Cipher from the public key, the method which encrypts the source with said cipher, the command I used to output the public key in DER format, and finally the private key itself (in edited form). Let me know if there's other stuff that would be helpful to post. Thank you. – Phasmid Aug 25 '14 at 18:40
  • `CipherFactory.createRsaCipher()` ? Where is that defined ? – Maarten Bodewes Aug 25 '14 at 18:47
  • Besides that, how do you trust the public key? – Maarten Bodewes Aug 25 '14 at 19:09
  • Oops, missed that one. I've added code for createRsaCipher at the top of the code fragments. I created the public key just for testing. I created the private key using PuTTYgen and then output the public key as shown. – Phasmid Aug 25 '14 at 21:05
  • `X509EncodedKeySpec` is rather specific on the values it can decode, are you sure your key is encoded correctly? Putty is normally using SSH keys, which are differently encoded from X509 which are used for X509 certificates... – Maarten Bodewes Aug 25 '14 at 22:12
  • No, I'm not sure at all. What gave me confidence was that it all worked fine in my unit tests. Can you recommend an alternative way to generate the public key from my putty key? Or should I only use openssh? Thanks for hanging in there with me. – Phasmid Aug 26 '14 at 02:56
  • @MaartenBodewes, do you have any further thoughts on this (see my comment from Aug 26 '14). I'm not actively working on this but am still interested in a complete solution. Thanks. – Phasmid Sep 10 '15 at 11:34

0 Answers0