File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key" Watch "Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key" New topic
Author

Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key

Parag Rathod
Greenhorn

Joined: Dec 19, 2013
Posts: 2
I Want to Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key .
I Have Generated Private Key & Public Key Using Open SSL

1) openssl genrsa -out rsa.pem 1024
2) openssl rsa -in rsa.pem -pubout

I am Using pidCrypt for Encrypt in JavaScript RSA .
At Java Using Instance as RSA( Cipher.getInstance("RSA") ) .
But Output is Diffrent

JavaScript Encrypt : K2N58n/ejCzlJaZc1fQlU6+9b4ctAnc6vLIfw5TbvDbVmSLhJ7V2kE50d2+ZF9kK
199D/BFSpHorngu6xYrczUmcYB95gVGIw8xre/TuWIHvvoRu2FKQDU/bs57hVpKa
y3WEdTAe+LFq5aRGNQ2exRvSB45m18ggOAutH/5OUt0=

On Decryption I am getting Error :
javax.crypto.BadPaddingException: Message is larger than modulus
at sun.security.rsa.RSACore.parseMsg(Unknown Source)


How Does Bank Implement Secure UserName & Password.
Is Encryption In Javascript is good Idea.
Can Anyone Suggest Other Good way for Password Encrytion.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42599
    
  65
Welcome to JavaRanch. Don't do that, cryptography in JavaScript is not a good idea. Assuming that this JavaScript runs in a web page, use HTTPS to send the data to the server.


Ping & DNS - my free Android networking tools app
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1083
    
  10

Parag Rathod wrote:5OUt0=

On Decryption I am getting Error :
javax.crypto.BadPaddingException: Message is larger than modulus
at sun.security.rsa.RSACore.parseMsg(Unknown Source)



The default Sun/Oracle RSA encryption/decryption assumes PKCS1 padding (which has a random component) and the exception suggest that your JavaScript RSA is not performing the required PKCS1 padding. This padding requirement can be turned off but failure to use the padding makes it very very easy to decrypt/crack the average password either by brute force or by 'dictionary' attack. As already suggested you should be using HTTPS then you do not need to do any explicit encryption.

[edit] It has just occurred to me that another possible cause is that you are not Base64 decoding in your Java the obviously Base64 encoded cipher text. Of course I can't see any of your code so I am just guessing.
Parag Rathod
Greenhorn

Joined: Dec 19, 2013
Posts: 2
Thank You Sir.....Problem got resolved i was because of Base 64 Decode.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1083
    
  10

Parag Rathod wrote:Thank You Sir.....Problem got resolved i was because of Base 64 Decode.


I'm pleased to have helped BUT as has already been pointed out twice before you should probably be using HTTPS and not doing the encryption yourself.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18886
    
    8

Parag Rathod wrote:How Does Bank Implement Secure UserName & Password.


They use HTTPS.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key