Encrypting a vote with a servers public key...HELP!

Hey, I really need some help( online voting application)....what I want to do it allow a voter to be able to submit a ballot(vote) via servlets, they encrypt the ballot with the servers public key and then the ballot is stored in a database, where at another time the administrator may decrypt the ballot(s) using the servers private key. I have already sorted the voters authentication(MD5), and at the moment the servlet submits the ballot in an unencrypted form....so I just need a little help from here. I enclose my code and I would be truly grateful of someone could give me a hand.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.* ;
public class CastVote extends HttpServlet{
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException{
try {
String jmulligan= request.getParameter("jmulligan");
String pkelly=request.getParameter("pkelly");
String mjones=request.getParameter("mjones");
response.setContentType("text/html");
PrintWriter out=response.getWriter();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection ("jdbc:odbc:evoting");
Statement stmt = con.createStatement();
stmt.executeUpdate(
"INSERT INTO Ballot (JMulligan, PKelly, MJones)"
+ "VALUES ('"+jmulligan+"','"+pkelly+"','"+mjones+"') ");
stmt.close();
out.println("<HTML>\n"+
"<HEAD><TITLE>EVoting</TITLE></HEAD>\n"+
"<BODY BGCOLOR=\"127734\">\n"+
"<H1>Your Ballot has been entered as follows</H1>\n"+
"<H1>J Mulligan got "+ jmulligan +"</H1>\n"+
"<H1> M Jones got "+ mjones +"</H1>\n"+
"<H1> P Kelly got "+ pkelly +"</H1>\n"+
"</BODY></HTML>");
catch( Exception e ) {
System.out.println(e.getMessage());
e.printStackTrace();
thanks
Jacinta
PS I have ssl configured, with a self signed cert.

Hey!
I am also in the middle of doing an en=voting application as part of my thesis! Its interesting to see the way other people do the voting. Well, my experience so far is that I cannot get public/private key encryption to work. I have posted many topics on this forum regarding it and the reason it wont work is that the ballot that I am trying to enctypt is too large for the ballot object . I used the RSA algoithm and it wasn't able to handle my large object. So instead I have just used a symmetric algorithm and that works fine. I think its the DES algorithm. The only problem with this is that you are using the same key to encrypt and decrypt the ballot. I dont think this is secure. It has been reccomended to me that I use this symmetric algorithm as it is, but that I then use public/private key to encrypt the symmetric key! I still have a problem with this because if the key is still encrypted with public key, the user must have acces to the private key to decrypt the symmetric key to decryt the ballot. See where I'm going?
I would love to know of an asymmetric algorithm that can encrypt large objects. That would solve the whole security issue. I will post a replyhere if I find out the answer.
By the way, how is your project going?
All the best,
Chris Moltisanti

Similar Messages

  • In my Iphone 5, Nothing on my App Store is working its displaying blank (Except for Genius section). I've tried to uninstall and install itunes and all its component but still it doen't fix. Not sure if its problem with apple servers. Someone help please!

    In my Iphone 5, Nothing on my App Store is working,  its displaying blank (Except for Genius section). I've tried to uninstall and install itunes and all its component in my desktop but still it doesn't fix the app store issue. Not sure if its problem with apple servers. Someone help please!

    settigns>itunes and app store to make sure you are signed in.. If  you are, you will see your account name..... anyhow, click your account name, sign out and sign back in
    also go to to settings>general>reset and reset network settings... if that doesnt work settings>general>reset and reset all settings!
    one of those shall work. The last step would be to restore your device (apple.com/support) HT1414

  • Encrypting with an RSA Public Key

    Hi everyone. I'm trying to encrypt some characters with an already generated RSA public key. Can anybody help with a SUN provider sample script?
    Thanx

    First of all RSA cipher is not suitable for encription of data more then one block (about 80 bytes for the OAEP mode), so it is paractically only good for the secret key wrapping (like Blowfish or DES) and second thing is that SUN JCE provider doesn't include RSA cipher implementation.

  • Can I encrypt a string with RSA encryption using DBMS_CRYPTO?

    We have an web application that does a redirect thru a database package to a 3rd party site. They would like us to encrypt the querystring that is passed using RSA encryption. The example that they've given us (below) uses the RSA cryptographic service available in .NET. Is it possible to do this using DBMS_CRYPTO or some other method in Oracle?
    Below are the steps outlined to use the key to generate the encrypted URL
    2.1 Initialize Service
    The RSA cryptographic service must be initialized with the provided public key. Below is sample code that can be used to initialize the service using the public key
    C#
    private void InitializeRSA( string keyFileName )
    CspParameters cspParams = new CspParameters( );
    cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
    m_sp = new RSACryptoServiceProvider( cspParams );
    //Load the public key from the supplied XML file
    StreamReader reader = new StreamReader( keyFileName );
    string data = reader.ReadToEnd( );
    //Initializes the public key
    m_sp.FromXmlString( data );
    2.2 Encryption method
    Create a method that will encrypt a string using the cryptographic service that was initialized in step 2.1. The encryption method should convert the encryption method to Base64 to avoid special characters from being passed in the URL. Below is sample code that uses the method created in step 2.1 that can be used to encrypt a string.
    C#
    private string RSAEncrypt( string plainText )
    ASCIIEncoding enc = new ASCIIEncoding( );
    int numOfChars = enc.GetByteCount( plainText );
    byte[ ] tempArray = enc.GetBytes( plainText );
    byte[ ] result = m_sp.Encrypt( tempArray, false );
    //Use Base64 encoding since the encrypted string will be used in an URL
    return Convert.ToBase64String( result );
    2.3 Generate URL
    The query string must contain the necessary data elements configured for you school in Step 1. This will always include the Client Number and the Student ID of the student clicking on the link.
    1.     Build the query string with Client Number and Student ID
    C#
    string queryString = “schoolId=1234&studentId=1234”;
    The StudentCenter website will validate that the query string was generated within 3 minutes of the request being received on our server. A time stamp in UTC universal time (to prevent time zone inconsistencies) will need to be attached to the query string.
    2.     Get the current UTC timestamp, and add the timestamp to the query string
    C#
    string dateTime = DateTime.UtcNow.ToString(“yyyy-MM-dd HH:mm:ss”);
    queryString += “&currentDT=” + dateTime;
    Now that the query string has all of the necessary parameters, use the RSAEncrypt (Step 2.2) method created early to encrypt the string. The encrypted string must also be url encoded to escape any special characters.
    3.     Encrypt and Url Encode the query string
    C#
    string rsa = RSAEncrypt(querystring);
    string eqs = Server.UrlEncode(rsa);
    The encrypted query string is now appended to the Url (https://studentcenter.uhcsr.com), and is now ready for navigation.
    4.     Build the URL
    C#
    string url = “https://studentcenter.uhcsr.com/custom.aspx?eqs=” + eqs

    The documentation lists all the encyrption types:
    http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_crypto.htm#ARPLS664

  • What is the probability to get the same public key twice?

    when I encrypt a message using somebody's public key, what are the chances other person has generated the same key independently? Is it safe to identify a user with its public key?

    The key pair (public, private key) is generated by choosing random probably prime numbers using a pseudo-random number generator.
    The quality of the pseudo-random number generator determines the probability of having two people with the same public-private key pair. Usually pseudo-random number generators (like the JCE SecureRandom) use some entropy sources, like the real-time clock, the time elapsed between keystrokes, bits of the screen, etc.)
    If you use true hardware random number generators (like the used in crypto hardware like RSA smartcards and HSM (Hardware Security Modules), or the hardware RNG available in some Intel chipsets for the Pentium !!! and 4), you will have a probability much closer to the minimum theoretical probability.
    Use hardware random number generators and crypto hardware if you really are concerned about the probability of having matching keypairs.

  • Encrypt data with public key?

    I am trying to find a class that support encryption with PublicKey.
    In the class Signature there is a method "initSign" that takes a PrivateKey as argument, but that is used for signing certificates.
    What I am looking for is to make A encrypt some data with B' public key that B can decrypt with its private key...is there any class for this scenario?

    You might want to check out these, if you haven't already:
    http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
    http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/package-summary.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/interfaces/package-summary.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/package-summary.html

  • How encrypt msg with Public Key ?

    I want to encrypt my Session Key with the public key of the recipient but how can I do ?
    I know how to encrypt with the Secret Key but not with the Public Key.
    Thanks for response
    Nicolas

    It depends on the cryptosystem of which the public key you are having.
    If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it.

  • Allow privilleged users to enter into EXEC mode on login not working with public keys

    Hi,
    I have recently updated one of my Cisco ASA to v9.2(1) and noticed a function to get the perform authorization for exec shell access can do a auto-enable when logging in from ssh.
    The problem is that if I use a private/public key authentication with a user it won't do the auto-enable feature. If I login without keys and using my password, it jumps into privilleged exec mode as it should.
    Anyone else had this issue?
    Config:
    aaa authentication ssh console LOCAL
    aaa authorization exec LOCAL auto-enable
    username user password xxxxxx encrypted privilege 15
    username user attributes
     ssh authentication publickey 22:af:xxxxxx hashed
    Any answer will be highly appreciated. 
    P.S I'm totally new in this forum.

    Would you be able to open a TAC SR and once you do , Email me the SR no and i will look into this issue.
    [email protected]
    Thanks and Regards,
    Vibhor Amrodia

  • I can�t decrypt a text encrypted (using RSA) with keys on smartcard.

    I use a Cyberflex Access e-gate smartcard and I can encrypt and decrypt any text on the card but if I encrypt a text outside using the exported public key, card is not able to decrypt the message.
    On the card side:

    RSAPrivateCrtKey privateKey;
    RSAPublicKey publicKey;
    Cipher cipherRSA;

    private MyIdentity (byte buffer[], short offset, byte length){
            // initialise PIN
            pin = new OwnerPIN(PinTryLimit, MaxPinSize);
            pin.resetAndUnblock();  
            // Key Pair
            KeyPair kp = new KeyPair(KeyPair.ALG_RSA_CRT, (short)1024);
            kp.genKeyPair();
            privateKey = (RSAPrivateCrtKey) kp.getPrivate();
            publicKey = (RSAPublicKey) kp.getPublic();  
            cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
            if (buffer[offset] == (byte)0) {
                register();
            } else {
                register(buffer, (short)(offset+1) ,(byte)(buffer[offset]));
        private void GetPublicKey (APDU apdu) {
            if (pin.isValidated()){
                byte apduBuffer[] = apdu.getBuffer();
                // short byteRead = (short)(apdu.setIncomingAndReceive());
                   short bytesMod = publicKey.getModulus(apduBuffer, (short) 0);
                   short bytesExp = publicKey.getExponent(apduBuffer,bytesMod);
                   short outbytes = (short) (bytesMod + bytesExp);
                    // Send results
                 apdu.setOutgoing();
                 // indicate the number of bytes in the data field
                 apdu.setOutgoingLength((short)outbytes);
                 // at offset 0 send 128 byte of data in the buffer
                 apdu.sendBytesLong(apduBuffer, (short)APDUDATA, (short)outbytes);
            } else {
                ISOException.throwIt (ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
         private void Decrypt (APDU apdu) {
            byte apduBuffer[] = apdu.getBuffer();
             short byteRead = (short)(apdu.setIncomingAndReceive());
            cipherRSA.init(privateKey, Cipher.MODE_DECRYPT);
              cipherRSA.doFinal(apduBuffer,(short)APDUDATA, byteRead, apduBuffer, (short)APDUDATA);
             // Send results
            apdu.setOutgoing();
            // indicate the number of bytes in the data field
            apdu.setOutgoingLength(byteRead);
            // at offset 0 send x byte of data in the buffer
            apdu.sendBytesLong(apduBuffer, (short)APDUDATA, byteRead);
         }Off the card, I have a java client:
    public void getPublicKey () {
            int CLA, INS, P1, P2;
            int iArray[] = new int[0];
            short sArray[] = new short[0];
            String ss = new String("");
            String s;
            byte [] sBytes = null;
            byte [] myModulus = new byte[128];
            byte [] myExponent = new byte[3];
            try     {
                CLA = 0x68;
                INS = 0x78;
                P1  = 0;
                P2  = 0;
                sArray = iopCard.SendCardAPDU(CLA,INS,P1,P2,iArray,0x83);
                int iErrorCode = iopCard.GetLastErrorCode();
                if (iErrorCode != 0x9000)     {
                    if (iErrorCode == 0x6300) {
                        System.out.println("Wrong PIN");
                    } else {
                        s = iopCard.GetErrorMessage();
                        System.out.println("SendCardAPDU: " + s);
                } else {
                    System.out.println("Getting Public Key...");
                    if (sArray != null)  {
                        sBytes = new byte[sArray.length];
                        for (int i = 0; i < sArray.length; i++)  {
                            sBytes[i] = (byte)sArray;
    ss = new String(sBytes);
    System.out.println ("------ BEGIN PUBLIC KEY -------------------");
    for (int i=0; i < sArray.length; i++){
    System.out.print(Integer.toHexString(ss.charAt(i)).toUpperCase());
    System.out.println ();
    System.out.println ("------ END PUBLIC KEY -------------------");
    } else {
    System.out.println("Nothing.");
    } catch (slbException b) {
    s = b.getMessage();
    System.out.println("Validate error: " + s);
    for (int i=0; i<128; i++){
    myModulus[i] = (byte) sArray[i];
    for (int i=0; i<3; i++){
    myExponent[i] = (byte) sArray[128+i];
    BigInteger modulus = new BigInteger (1,myModulus);
    BigInteger exponent = new BigInteger ("65537"); // there is a well-known bug in getExponent
    RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, exponent);
    KeyFactory keyFactory =null;
    try {
    keyFactory = KeyFactory.getInstance("RSA");
    publicKey = keyFactory.generatePublic(keySpec);
    } catch (NoSuchAlgorithmException e) {
    System.out.println(e.getMessage ());
    } catch (InvalidKeySpecException e) {
    System.out.println(e.getMessage ());
    System.out.println("------------------ BEGIN ------------------");
    ss = new String(publicKey.getEncoded());
    for (int i=0; i < publicKey.getEncoded().length; i++){
    System.out.print(Integer.toHexString(ss.charAt(i)).toUpperCase());
    System.out.println ();
    System.out.println("------------------ END ------------------");
    // to a file
    try {
    //Store in raw format
    FileWriter fw = new FileWriter("public_raw.txt");
    for (int i=0; i < publicKey.getEncoded().length; i++){
    fw.write(Integer.toHexString(ss.charAt(i)).toUpperCase());
    fw.close();
    //could also store it as a Public key
    System.out.println("Public key saved to file");
    } catch(Exception e) {
    System.out.println("Error opening and writing Public key to file : "+e.getMessage());
    public void encrypt () {
    byte cadena[] = {0x01,0x02,0x03,0x04};
    byte resultado[] = new byte[256];
    // Create Cipher
    try {
    cipherRSA.init(Cipher.ENCRYPT_MODE, publicKey);
    resultado = cipherRSA.doFinal (cadena);
    } catch (InvalidKeyException e) {
    System.out.println(e.getMessage());
    } catch (BadPaddingException e) {
    System.out.println(e.getMessage());
    } catch (IllegalBlockSizeException e) {
    System.out.println(e.getMessage());
    String ss = new String (resultado);
    System.out.println("------------------ BEGIN 4 ------------------");
    for (int i=0; i < resultado.length; i++){
    System.out.print(Integer.toHexString(ss.charAt(i)).toUpperCase());
    System.out.println ();
    System.out.println("------------------ END 4 ------------------");
    Another question is that I don�t understand why I get a constant length string when I encrypt a text on the card and variable length string when I encrypt off the card

    I thought that exponent was 3 bytes long...
    On the card I have the following code:
        private void GetExponent (APDU apdu) {
            if (pin.isValidated()){
                byte apduBuffer[] = apdu.getBuffer();
            short bytesExp = publicKey.getExponent(apduBuffer, (short) 0);
               // Send results
                 apdu.setOutgoing();
                 // indicate the number of bytes in the data field
                 apdu.setOutgoingLength((short)bytesExp);
                 // at offset 0 send 128 byte of data in the buffer
                 apdu.sendBytesLong(apduBuffer, (short)APDUDATA, (short)bytesExp);
            } else {
                ISOException.throwIt (ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
        }And if I don't send an APDU with length expected, I get the exception 6C03 (Correct Expected Length (Le) = 0x6C00) so I send APDU with 03 length and I receive the exponent. The problem is that there is a well know bug in getExponent and it returns 00 00 00... so I set it up to 65537 outside the card.

  • Encrypt/Decrypt data, multiple public keys using Bouncy castle api?

    Hi all.
    I need to implement encrypt/decrypt functionality of some data with many public keys using bouncy castle api and EnvelopedData class in java 1.4 SE.
    Could someone give me examples how to do it. I searched whole the internet and i could not find simple example.

    Hi thanks very much.
    I had a quick look at the examples. I will see if they could help me.
    Here is more specific what i want:
    Encrypt data with multiple public keys that are kept in .pkcs12 file.
    And decrypt the data using coresponding private key after that.
    I must use bouncy castle api for java 1.4 se.
    Best regards
    Edited by: menchev on Nov 13, 2008 8:26 AM

  • Public Key Encryption

    Hi guys,
    I have to sign some data (a byte array) using a Public Key.
    How can I do that?
    (I know it's a bit strange..but I have to do this....)
    Thanks a lot...bye!!

    What you're really asking for is to do something with the data that only the owner of the Private Key can use. What you should be looking at is encryption with the Public Key and not Signing with the Public Key. You will find many examples on this forum, in the JCE web-pages at Sun and in David Hook's Book "Beginning Cryptography in Java".

  • Public key encrypt/decrypt app

    Hi all,
    Does anyone know of a public key encrypt/decrypt ipad app (IOS5).  I use gpgtools on the imac (lion 7.2) and put spreadsheets, docs, and the like into dropbox.  I have the dropbox app on the ipad.  It opens non-encrypted files just fine; however, if they are encrypted - no soap. I need something that works with dropbox, or provides a dropbox-like repository.
    Searching the store gives me a couple of email encrypters but nothing for files. 
    Many thanks for any help,
    Best,

    By how much is the file size increasing? Depending on how you do the actual encryption, it can easily grow a bit due to varying headers and some padding, but it shouldn't be a significant part of the file size if the file is reasonably big.
    If, however, the file size grows by some significant factor (say your output is 2 time the size of the input), then there is some problem that you should look into.

  • Public key encryption algorithm for files

    Is there a public key algorithm
    good for encrypting files (large ones)
    or should I stick to secret
    keys for that?
    Thanks.

    There is no good way to encrypt larga data amounts using public key.
    The way to do this is to generate a random key for a symetric algorithm (like DES), encrypt the file with tis file, cipher the symetric key with the asymetric key and append the result to the ciphered file.
    Good luck

  • Signing code with Public Key

    Hi guys,
    I'm working on my thesis,and my prof. told me that I have to sign a
    java object with a public key.
    Looks to be impossible, but I asked him again and he confirmed what he
    said.
    How do I create a digital signature of a java object using a Publik
    Key??
    Thanks a Lot guys!!!
    Bye!

    How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
    If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
    However, you can very well have a look of the specified links below to recheck on things.
    http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
    http://www.developer.com/java/other/article.php/630851
    http://mindprod.com/jgloss/digitalsignatures.html
    Hope these might be of some help...
    REGARDS,
    RaHuL

  • How to send Encrypted message using public key in Business Service

    Hi,
    I have one public key (abc.cer) which is given by provider. I have to send encrypted message to Provider using public key. How to achieve it in OSB??
    Thanx
    Edited by: Vinit Ahuja on Jun 16, 2011 3:17 AM

    These are the steps needed to accomplish this:
    1. Import the public certificate in the TrustStore of the OSB Weblogic Server.
    2. Export the public certificate in PEM format. (This will be needed to embed in the custom ws policy)
    3. Create a custom WS policy, with the necessary encryption configuration information. I have placed a sample WS - Policy that I have used @ http://dl.dropbox.com/u/19901533/Sample_Custom_WSPolicy_Encryption.doc for your reference.
    Use a unique value for the wsu:Id in the policy.
    4. Apply this custom policy on the business service in the Request section (assuming you only need to encrypt the request fields)
    5. Activate the changes and then test the business service. You can enable tracing on the BS to validate the encrypted content in the logs.
    Hope this helps.
    Thanks,
    Patrick

Maybe you are looking for

  • Hierarchy Viewer - Social Network Spillover feature

    It seems that the hierarchy viewer shows a cool spillover control with an arrow for the Vertical, Top Down view, but it is not present for the redial or circle view. Is this a bug? Is there any plan to have this functionally for all views? Thanks, Di

  • VAT GL is not picking from J_1IT030K_V table for the business place in FB60

    Hi, We have defined the VAT GL based on business place, while posting FB60 (Vendor invoice), system picks the VAT GL from OB40 instead of J_1IT030K_V table.... (While posting MIRO it is correctly picking from J_1IT030K_V table). Please advsie. Thanks

  • Table cell with invisible border?

    Hi, I am trying to get table-cells with e.g. the right border missing (invisible). I am using the following XSL-FO to get this: <fo:table-cell border="solid black 1px" border-right-width="0px" border-collapse="collapse" number-columns-spanned="1"> Th

  • Cannot print pdf using Mac OSX 10.9.3 and Reader XI 11.0.07

    Please advise how to get Apple Mac OSX 10.9.3 withAdobe Reader XI 11.0.07 to print pdf. Able to open the pdf but on selecting print simply comes up with an Adobe red box saying "Cannot print pdf". I believe this is a common problem so expect Adobe ha

  • Bufferoverflow loading table RSBKCMD

    Hi, System: NW2004s OS: Windows 2003 64bit Instance: SAP BI 7.0 DB: Oracle: 10g I am getting warning message in SM21: "Bufferoverflow loading table RSBKCMD" More details The free space in the table buffer is not sufficient to load the table. The tabl