RSA Encryption in Java: Cross Platform Issues?

Asked 7/2, 2011 at 20:22 Answered 7/2, 2011 at 20:42

Solved java android cross-platform encryption-asymmetric public-key-encryption

The Situation

I'm working with RSA encryption in Java. I'm trying to encrypt data on an HTC Saphire (32B) developer phone equipped with Cyanogenmod's Android 2.2 and then decrypt said data on a 64 bit server running Mandriva Linux 2010. I am using the same public key, private key pair on both machines, can correctly encrypt/decrypt data on the Android phone, can correctly encrypt/decrypt data on the Linux server, but I am unable to encrypt data on the phone and then decrypt it on the server. I get bad padding exceptions. I have confirmed that the data is being sent correctly by the phone and is being parsed correctly by the server. As such, I cannot figure out why decryption fails. Can anyone help me with this? Perhaps the RSA algorithm in Java has some underlying assumption about word size?

Further information:

My encryption/decryption library is based on the guide found here.
My encryption key is 2048 bits in length, but I see similar behaviour with different key sizes.
I have packaged my RSA encryption/decryption code into a jar file. It was compiled through Eclipse on the server's machine.
The program using the encryption library on the Android phone uses the above library. It too was built using Eclipse.
The server program was built using Netbeans (as it was easier at the time to do so).

Other Questions

Are there other free public-key encryption algorithms / libraries available for Java? Do they work cross-platform? What performance would one expect from them? Etc., etc. I've looked into this and haven't found much; perhaps I'm looking with the wrong keywords.

Phew! I think that's it. Thanks for your help in advance!

Chopine answered 7/2, 2011 at 20:22 Comment(6)

any algorithm must work cross platform, the problem is in you code (or config) most likely – Pollinize 7/2, 2011 at 20:25

Config, eh? What is configurable about RSA? How would I do this in Java? Could you provide a link to a tutorial? I don't want to take your time, but having an expert (or experienced individual) such as yourself point me in the right direction will really make my life easier. – Chopine 7/2, 2011 at 20:33

(sry ran away for dinner) I mean config as public/private key, bad padding is mostly caused by badly exchanged key pair. If you are sure and for some reason android doesn't support the same padding as sun's impl. you might try bouncycastle.org btw, how do you encrypt/decrypt data on the same device/machine? – Pollinize 7/2, 2011 at 21:26

"How do you encrypt/decrypt data on the same device/machine?" What do you mean? by this? Also, I looked into bouncycastle but decided against it for some reason (I was new to cryptography at the time). Looking at it again, I see it has a public-key encryption algorithm (PKCS12). Maybe I should re-evaluate its potential use. I'd like to put a little effort into fixing my own library first, but nevertheless I'll investigate. Thanks! – Chopine 7/2, 2011 at 21:59

@kanov-baekonfat, How do you encrypt/decrypt data on the same device/machine?, i mean: do you keep the public/private key pair on the same machine? – Pollinize 7/2, 2011 at 22:31

Only for the tests that I did while investigating this issue. – Chopine 8/2, 2011 at 4:8

RSA encryption (or any encryption algorithm) should work regardless of environment. However, it is possible that certain systems make different assumptions about default padding and the mode of operation. Make sure that when you are performing encryption and decryption that you fully specify not only the algorithm, but also the mode of operation (CBC, etc) and the padding. If that doesn't work, I suggest posting your code from both the device and the server so we can examine it more closely.

Edit To address your question, in Java, when you get a cipher from the crypto package, you usually do so with the following code:

Cipher cipher;
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

The string provided to getInstance instructs the runtime to get a cipher instance that will use the AES algorithm, the cipher block chaining mode of operation and the PKCS5 Padding. There are a number of supported algorithms and paddings. I would check out this document from Oracle for more information about encryption in Java.

To be more specific, the string you use to request a cipher is in the format

<algorithm>/<mode of operation>/<padding>

To make matters worse, despite Java providing a number of algorithms, modes of operation and paddings, not all of them will work together. You will need to read the documentation to find a configuration string that will work.

Brentonbrentt answered 7/2, 2011 at 20:42 Comment(3)

How would one specify the mode of operation and the padding? I'm not actually aware of all of the options I can toggle when using RSA. Have any good links that I can start with, or some general advice? – Chopine 7/2, 2011 at 20:43

Your link and advice look extremely promising. I can't try it now, but as of Wednesday I might get the chance; I'll try to report back ASAP when I do. Just to ensure that I understand you, every time I create the cipher, I specify the algorithm, mode, and padding, and this could potentially clear up any platform-dependent assumptions being made, right? – Chopine 7/2, 2011 at 21:1

This worked well; there must have been some assumption being made that I previously had no control over. Thanks for your help! – Chopine 10/2, 2011 at 19:58

Perhaps you should do a checksum of the data and make sure it is exactly what you want to be passed into the encryption/decryption APIs.

Enolaenormity answered 7/2, 2011 at 20:37 Comment(1)

Ah, I'm already performing checksums. As I said, the data appears to be arriving just fine (and can be decrypted on the system that created it), but data encrypted on the phone cannot be decrypted on the device. Nevertheless, thanks for the advice! – Chopine 7/2, 2011 at 20:46

Recommended topics

Hot tags