• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

How to encrypt a symmetric key with generated public key

 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So I have generated a public key and placed it in a certificate. I then generated a symmetric key in Java and encrypted a String with it and placed encrypted text in a file. The next step is to encrypt the symmetric key in Java using the generated public key and I am stuck on this. I am not sure how to continue. Any help is appreciated. Thanks!
 
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:The next step is to encrypt the symmetric key in Java using the generated public key and I am stuck on this.



I am not sure of the purpose for this... Anyone who gets your encrypted payload wouldn't be able to decrypt it, as they would need the symmetric key. And the only way to get the symmetric key would be to decrypt that with your private key.... and of course, you should *never* give away your private key...

Henry
 
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Before we go on, you should first explain why you want to do this. What is your application supposed to do?

I say this, because often people try to create their own broken cryptographic algorithm to do something that already has a tailor made well established solution.
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's basically symmetric cryptology. I was supposed to generate the key pair, then store it in the keystore. After I was supposed to extract the public key and put it in a certificate. Then I was supposed to write code to read a file and then the next task was to create a symmetric key and to encrypt data using that key. I should be able to then encrypt the key with the public key and then decrypt using the private key.
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, you can, but I can only think of a few reasons why you would want to do this. Is this an exercise?
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:I was supposed to write code to read a file and then the next task was to create a symmetric key and to encrypt data using that key. I should be able to then encrypt the key with the public key and then decrypt using the private key.



And what would be the purpose of this extra step? Can't you just encrypt / decrypt the payload with the symmetric key?

You can't give the payload away, because you can't/shouldn't be exposing the private key? And even if you want to, you will run into the same issue as with the symmetric key; meaning, how will you deliver it without it being exposed?  ... except, in the case of the symmetric key, there are key exchange algorithms.

Henry
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The main reason I can think of why anyone would want to do this, is if they have huge amounts of ciphertext that would be expensive to decrypt using an asymmetric key. Step one, decrypt the symmetric key with the asymmetric key. Step two, decrypt the ciphertext with the symmetric key.
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Correct. Asymmetric encryption is slow, so why use it at all, when you are already using symmetric encryption. Just use something like the Diffie-Hellman Key exchange to negotiate the symmetric keys.  

The only advantage here is ... If there is a PKI in place, that can be used to authenticate. And can be used to operate asynchronously (such as email, or FTP) .... but that is not what the OP is doing here. After all, shouldn't the encrypt side be using the destination side's public key instead?

Henry  



 
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
... and back to the original question...

Jerry Girgich wrote: I should be able to then encrypt the key with the public key and then decrypt using the private key.


The code to encrypt and decrypt the symmetric key, is similar to the code that used the symmetric key to encrypt and decrypt the payload. Except, of course, the configuration setup is different, as it is a different encryption/decryption algorithm.

What issue are you running into?

Henry
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Yes, you can, but I can only think of a few reasons why you would want to do this. Is this an exercise?




Yes this is for my internship, my boss gave me this assignment with this exact order of tasks which is why I am trying to encrypt the symmetric key with the public key.
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Henry Wong wrote:... and back to the original question...

Jerry Girgich wrote: I should be able to then encrypt the key with the public key and then decrypt using the private key.


The code to encrypt and decrypt the symmetric key, is similar to the code that used the symmetric key to encrypt and decrypt the payload. Except, of course, the configuration setup is different, as it is a different encryption/decryption algorithm.

What issue are you running into?

Henry



Basically I can't figure out how to extract the public key from the certificate to use. I figured how to encrypt but I can't figure out the best way to use that public key.
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:
Basically I can't figure out how to extract the public key from the certificate to use. I figured how to encrypt but I can't figure out the best way to use that public key.



The Certificate class has a getPublicKey() method. So, once you get access to the certificate instance, you can get the public key.  

Henry
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And also, please for the love of all that's good, don't hardcode your IV. I've seen this done wrong so many times.

For algorithms that require an IV or salt (they're basically the same thing), you should extract the IV from the cipher when you're encrypting, and append it to your ciphertext. When you're decrypting, strip the IV from the ciphertext and use it to initialize your cipher.
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

The Certificate class has a getPublicKey() method. So, once you get access to the certificate instance, you can get the public key.  

Henry



I did some more research on the getPublicKey() method and the all deal with RSA public keys. The public key I generated was AES. How would I go about using this method for AES?




I did this not realizing that this would be for RSA.
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can't generate a public key for AES, because AES is a symmetric encryption algorithm, which requires a secret key, not a public/private key pair.
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:You can't generate a public key for AES, because AES is a symmetric encryption algorithm, which requires a secret key, not a public/private key pair.



Never mind, I meant that I generated the symmetric key using the AES algorithm
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can I still encrypt the symmetric key with the extracted public key that I get from the above code that I used?
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:
Never mind, I meant that I generated the symmetric key using the AES algorithm



Okay, but we are back to not understanding what is your issue with the generation / loading of asymmetric keys. What issue are you having with the public key?

Henry
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Okay, but we are back to not understanding what is your issue with the generation / loading of asymmetric keys. What issue are you having with the public key?

Henry



The public key that I created using keytool is placed in a certificate. I have to use that public key to encrypt the symmetric key that I created in java. I am trying to figure out how to extract that public key from the certificate so that I can use that for encryption.
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:Can I still encrypt the symmetric key with the extracted public key that I get from the above code that I used?


Sure. Why not? ... As mentioned in my previous posts, I don't see the value of doing this, but that doesn't mean that it won't work.

And here's a reminder from a previous post...

Henry Wong wrote:
The code to encrypt and decrypt the symmetric key, is similar to the code that used the symmetric key to encrypt and decrypt the payload. Except, of course, the configuration setup is different, as it is a different encryption/decryption algorithm.


Henry
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Exception in thread "main" java.security.InvalidKeyException: Invalid AES key length: 294 bytes
at com.sun.crypto.provider.AESCipher.engineGetKeySize(AESCipher.java:509)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1067)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1025)
at javax.crypto.Cipher.init(Cipher.java:1245)
at javax.crypto.Cipher.init(Cipher.java:1186)
at ReadFileExample.generatekey.encryptedKey(generatekey.java:156)
at ReadFileExample.generatekey.main(generatekey.java:121)



This is the error I am getting using .getPublicKey();
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If that's from the code you use to encrypt the symmetric key, it's logical that you get an exception because you're using AES to perform encryption. I thought you wanted to use asymmetric encryption of your symmetric key? Then you need to use an asymmetric algorithm like RSA.
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:Exception in thread "main" java.security.InvalidKeyException: Invalid AES key length: 294 bytes
at com.sun.crypto.provider.AESCipher.engineGetKeySize(AESCipher.java:509)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1067)



As already mentioned, AES takes a secret key. It is a symmetric key algorithm. Even if the public key was accidentally the same size as the secret key, it wouldn't be correct... as you wouldn't be able to use the private key to decrypt it.

Henry
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:If that's from the code you use to encrypt the symmetric key, it's logical that you get an exception because you're using AES to perform encryption. I thought you wanted to use asymmetric encryption of your symmetric key? Then you need to use an asymmetric algorithm like RSA.




No I want to use AES to perform encryption. Sorry if this is coming out confusing, this is all new to me and I am learning as a go along.
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also isn't the symmetric key the same thing as a secret key?
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:
No I want to use AES to perform encryption. Sorry if this is coming out confusing, this is all new to me and I am learning as a go along.



As already mentioned, you can't. AES is an symmetric algorithm. It takes a single secret key. It doesn't take an asymmetric public/private key pair.

Henry
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:Also isn't the symmetric key the same thing as a secret key?



Correct... but you are trying to use the public key, which is an asymmetric key, for encryption.

Henry
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator




This is what I have so far to generate symmetric key, encrypt a string with the symmetric key, and then trying extract public key and encrypt the symmetric key

I know its a bit messy.
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not quite understanding where I am going wrong.
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:I'm not quite understanding where I am going wrong.



Basically, you are trying to use a single Cipher in your program, which you configured for AES.... and this won't work.

You need two Ciphers. One configured for a Symmetric algorithm, and uses the symmetric key. And one configured for an Asymmetric algorithm, and uses one of the public/private keys.

Henry
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well yeah, you're using the same Cipher to encrypt your message and your symmetric key. So both times you're using AES. AES is a symmetric algorithm, so you can't use a public key with it.

Now, once and for all, what do you want to do with your symmetric key after you've used it to encrypt your message:

A) encrypt it asymmetrically with a public key, using an algorithm such as RSA, or
B) encrypt it symmetrically with a secret key, using an algorithm such as AES?
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Well yeah, you're using the same Cipher to encrypt your message and your symmetric key. So both times you're using AES. AES is a symmetric algorithm, so you can't use a public key with it.

Now, once and for all, what do you want to do with your symmetric key after you've used it to encrypt your message:

A) encrypt it asymmetrically with a public key, using an algorithm such as RSA, or
B) encrypt it symmetrically with a secret key, using an algorithm such as AES?



I want to encrypt it asymmetrically with a public key.
 
Henry Wong
author
Posts: 23907
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jerry Girgich wrote:
I want to encrypt it asymmetrically with a public key.



... then you will need a different Cipher. One that is configured to use an asymmetric algorithm.

Henry
 
Jerry Girgich
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you guys! I have finally figured it out and it works
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A few remarks:

  • You're using ECB mode for your AES cipher. NEVER DO THIS unless you can guarantee that your messages will be no more than one block in size.
  • If you're going to use a different mode to encrypt your message (which you should) you need to provide your cipher an IV.
  • You should use Cipher.wrap() to encrypt your symmetric key with your asymmetric key.
  •  
    You showed up just in time for the waffles! And this tiny ad:
    Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    reply
      Bookmark Topic Watch Topic
    • New Topic