Encryption and decryption with private key in Java

Asked 23/5, 2014 at 13:57 Answered 30/7, 2018 at 4:31

java cryptography encryption-symmetric encryption-asymmetric

After I have read articles about Cryptography(Symmetric and Asymmetric) methods.Many articles are telling that Private key is used to encrypt and decrypt data.Public key is used to encrypt data.But When I try to start implementing in Java I can't able to use private key to encrypt and decrypt data(I am using RSA Algorithm)? If it is possible please provide me a link .If it doesn't support, please answer why it doesn't support?

//Encrypt

Cipher encrypt=Cipher.getInstance("RSA");
encrypt.init(Cipher.ENCRYPT_MODE, privatekey);
byte[] encryptedMessage=encrypt.doFinal(msg.getBytes());

//Decrypt

Cipher decrypt=Cipher.getInstance("RSA");
decrypt.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedMessage=decrypt.doFinal(encryptedMessage);

Averett answered 23/5, 2014 at 13:57 Comment(0)

To perform RSA encryption you need to encrypt with the public key and decrypt with the private key. Furthermore, you should use a well defined padding method, such as PKCS#1 v1.5 compatible padding or - if available - OAEP padding.

Encryption with an RSA private key makes no sense, as anybody with the public key can decrypt. There is something called "raw RSA" which is basically modular exponentiation, but that should only be used with another padding scheme to generate signatures. In that case you want everybody with a public key to "decrypt" to verify the signature.

More information here and here.

So encryption is:

// specify mode and padding instead of relying on defaults (use OAEP if available!)
Cipher encrypt=Cipher.getInstance("RSA/ECB/PKCS1Padding");
// init with the *public key*!
encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
// encrypt with known character encoding, you should probably use hybrid cryptography instead 
byte[] encryptedMessage = encrypt.doFinal(msg.getBytes(StandardCharsets.UTF_8));

and decryption is:

Cipher decrypt=Cipher.getInstance("RSA/ECB/PKCS1Padding");
decrypt.init(Cipher.DECRYPT_MODE, privateKey);
String decryptedMessage = new String(decrypt.doFinal(encryptedMessage), StandardCharsets.UTF_8);

Ply answered 26/5, 2014 at 17:59 Comment(5)

Isn't cryptographic signing encryption with a private key? – Unbar 26/5, 2014 at 18:13

@PeterBecker It's better not to think of it that way. Check RFC 3447 part 5.2: "... The main mathematical operation in each primitive is exponentiation, as in the encryption and decryption primitives of Section 5.1. RSASP1 and RSAVP1 are the same as RSADP and RSAEP except for the names of their input and output arguments; they are distinguished as they are intended for different purposes. ". This is only true for "textbook" or "raw" RSA, which is not fit for normal cryptographic purposes. Padding is integral part of the scheme and differs. – Ply 26/5, 2014 at 18:18

Point taken. I actually found a broken crypto scheme once where pure RSA was used (problem one) and the two keys were used the wrong way around. Bouncy Castle let's you do that and then quietly changes the padding, which in this case meant no randomization on encryption. – Unbar 26/5, 2014 at 18:22

What is the type of object of privateKey here. Is it String, Bytes or any built in objects? – Officialese 18/2 at 23:51

Build-in objects that implement PrivateKey (see at the bottom of the interface documentation, providers may define other types which may also reflect keys in e.g. hardware devices). For RSA keys in software you'd expect RSAPrivateKey or the extended RSAPrivateCrtKey. – Ply 19/2 at 2:12

How Public Private Key Encryption is working:

IF you encrypt something with your private key anyone with your public key can decrypt it.
IF you encrypt something with your public key only your private key can decrypt it.

You have to generate public private key pair. Private key is just for you and public key can be given to people you trust.

How to generate key pairs?

$ openssl genrsa -out private_key.pem 1024
$ openssl rsa -pubout -in private_key.pem -out public_key.pem

Or go here in do it in java -> JAVA RSA When you do that come back and ask more questions

Jedediah answered 23/5, 2014 at 14:0 Comment(0)

When you encrypt with private key it is called certificate. And your public keys are distributed to the clients so that they can open it and verify the issuer of the certificate. The same way client can create its own signature by encrypting with public key. The same way the server/issuer can verify it by decrypting it with private key.

S: Private Key P: Public Key

S + Data = Certificate => Client (opens/verifies it with public key) P + Data = Signature => Server / Issuer (opens/verifies it with private key)

Contestant answered 30/7, 2018 at 4:31 Comment(0)

Recommended topics

Hot tags