Encrypting with an RSA Public Key

Hi everyone. I'm trying to encrypt some characters with an already generated RSA public key. Can anybody help with a SUN provider sample script?
Thanx

First of all RSA cipher is not suitable for encription of data more then one block (about 80 bytes for the OAEP mode), so it is paractically only good for the secret key wrapping (like Blowfish or DES) and second thing is that SUN JCE provider doesn't include RSA cipher implementation.

Similar Messages

Encrypting a vote with a servers public key...HELP!

Hey, I really need some help( online voting application)....what I want to do it allow a voter to be able to submit a ballot(vote) via servlets, they encrypt the ballot with the servers public key and then the ballot is stored in a database, where at another time the administrator may decrypt the ballot(s) using the servers private key. I have already sorted the voters authentication(MD5), and at the moment the servlet submits the ballot in an unencrypted form....so I just need a little help from here. I enclose my code and I would be truly grateful of someone could give me a hand.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.* ;
public class CastVote extends HttpServlet{
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException{
try {
String jmulligan= request.getParameter("jmulligan");
String pkelly=request.getParameter("pkelly");
String mjones=request.getParameter("mjones");
response.setContentType("text/html");
PrintWriter out=response.getWriter();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection ("jdbc:odbc:evoting");
Statement stmt = con.createStatement();
stmt.executeUpdate(
"INSERT INTO Ballot (JMulligan, PKelly, MJones)"
+ "VALUES ('"+jmulligan+"','"+pkelly+"','"+mjones+"') ");
stmt.close();
out.println("<HTML>\n"+
"<HEAD><TITLE>EVoting</TITLE></HEAD>\n"+
"<BODY BGCOLOR=\"127734\">\n"+
"<H1>Your Ballot has been entered as follows</H1>\n"+
"<H1>J Mulligan got "+ jmulligan +"</H1>\n"+
"<H1> M Jones got "+ mjones +"</H1>\n"+
"<H1> P Kelly got "+ pkelly +"</H1>\n"+
"</BODY></HTML>");
catch( Exception e ) {
System.out.println(e.getMessage());
e.printStackTrace();
thanks
Jacinta
PS I have ssl configured, with a self signed cert.

Hey!
I am also in the middle of doing an en=voting application as part of my thesis! Its interesting to see the way other people do the voting. Well, my experience so far is that I cannot get public/private key encryption to work. I have posted many topics on this forum regarding it and the reason it wont work is that the ballot that I am trying to enctypt is too large for the ballot object . I used the RSA algoithm and it wasn't able to handle my large object. So instead I have just used a symmetric algorithm and that works fine. I think its the DES algorithm. The only problem with this is that you are using the same key to encrypt and decrypt the ballot. I dont think this is secure. It has been reccomended to me that I use this symmetric algorithm as it is, but that I then use public/private key to encrypt the symmetric key! I still have a problem with this because if the key is still encrypted with public key, the user must have acces to the private key to decrypt the symmetric key to decryt the ballot. See where I'm going?
I would love to know of an asymmetric algorithm that can encrypt large objects. That would solve the whole security issue. I will post a replyhere if I find out the answer.
By the way, how is your project going?
All the best,
Chris Moltisanti

Can't read load RSA public key with JDK 1.4.2_08?

We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.
This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.
This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?
The code that is failing on the client side is:
try {
   encKey = new byte[this.publicKeyInputStream.available()];
   this.publicKeyInputStream.read(encKey);
   spec = new X509EncodedKeySpec(encKey);
   keyFactory = KeyFactory.getInstance("RSA", "org.bouncycastle.jce.provide.BouncyCastleProvider");
   myPublicKey = keyFactory.generatePublic(spec);
   return myPublicKey;
catch (Exception e) {
   e.printStackTrace();
}The stack trace that I'm getting includes ...
java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
   at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
   at java.security.KeyFactory.generatePublic(Unknown Source)
   at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
   at org.opencoral.util.Encryption.<init>(SourceFile:119)
   at org.opencoral.main.Coral.<init>(SourceFile:338)
   at org.opencoral.main.Coral.main(SourceFile:1919)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
   at java.lang.reflect.Method.invoke(Unknown Source)
   at com.sun.javaws.Launcher.executeApplication(Unknown Source)
   at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
   at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
   at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
   at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
   at com.sun.javaws.Launcher.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.
Any thoughts or insights?
Thanks,
John Shott

I'm facing the same Exception here,
With JDK 1.5 (SUNJce) i'm getting --
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.secu
rity.InvalidKeyException: Invalid RSA public key
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(Unknown Source)
With BouncyCastle i'm getting --
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.lang
.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(
JDKKeyFactory.java:345)
Any Solution?

Invalid Key Exception: Unsupported key type: Sun RSA public key, 1024 bits

I am trying to retrieve certificates from Microsoft Keystore and extract its keys using SunMSCAPI in jdk 1.6. It gives me an invalid key exception, when I am trying to wrap the Symmetric key (which was previously used to perform AES encryption on data), using RSA algorithm.
Code snippet:
           // RSA 1024 bits Asymmetric encryption of Symmetric AES key
            // List the certificates from Microsoft KeyStore using SunMSCAPI.
                  System.out.println("List of certificates found in Microsoft Personal Keystore:");
                   KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
                   ks.load(null, null) ;
                   Enumeration en = ks.aliases() ;
                   PublicKey RSAPubKey = null;
                   Key RSAPrivKey = null;
                   int i = 0;
                   while (en.hasMoreElements()) {
                        String aliasKey = (String)en.nextElement() ;
                        X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey) ;
                        String sss = ks.getCertificateAlias(c);
                        if(sss.equals("C5151997"))
                        System.out.println("---> alias : " + sss) ;
                        i= i + 1;
                        String str = c.toString();
                        System.out.println(" Certificate details : " + str ) ;
                      RSAPubKey = c.getPublicKey();
                        RSAPrivKey = ks.getKey(aliasKey, null); //"mypassword".toCharArray()
                        Certificate[] chain = ks.getCertificateChain(aliasKey);
                   System.out.println("No of certificates found from Personal MS Keystore: " + i);
            // Encrypt the generated Symmetric AES Key using RSA cipher
                    Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName());
                   rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey);
                   byte[] encryptedSymmKey = rsaCipher.wrap(aeskey);
                   System.out.println("Encrypted Symmetric Key :" + new String(encryptedSymmKey));
                   System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length);
                   // RSA Decryption of Encrypted Symmetric AES key
                   rsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey);
                   Key decryptedKey = rsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);Output:
List of certificates found in Microsoft Personal Keystore:
---> alias : C5151997
Certificate details : [
Version: V3
Subject: CN=C5151997, O=SAP-AG, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
public exponent: 65537
Validity: [From: Mon Jan 24 18:17:49 IST 2011,
               To: Wed Jan 23 18:17:49 IST 2013]
Issuer: CN=SSO_CA, O=SAP-AG, C=DE
SerialNumber: [    4d12c509 00000005 eb85]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 E5 83 A1 B2 B7 DF 6B 4B 67 9C 1D 42 C9 0D F4 .......kKg..B...
0010: 35 76 D3 F7 5v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E4 C4 2C 93 20 AF DA 4C F2 53 68 4A C0 E7 EC 30 ..,. ..L.ShJ...0
0010: 8C 0C 3B 9A ..;.
[3]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 82 .00..&+.....7...
0010: D1 E1 73 84 E4 FE 0B 84 FD 8B 15 83 E5 90 1B 83 ..s.............
0020: E6 A1 43 81 62 84 B1 DA 50 9E D3 14 02 01 64 02 ..C.b...P.....d.
0030: 01 1B ..
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: [email protected]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: B3 C5 92 66 8D D7 ED 6D 51 12 63 CC F4 52 18 B9 ...f...mQ.c..R..
0010: B8 A6 78 F7 ED 7D 78 18 DA 71 09 C9 AE C8 49 23 ..x...x..q....I#
0020: F5 32 2F 0F D1 C0 4C 08 2B 6D 3C 11 B9 5F 5B B5 .2/...L.+m<.._[.
0030: 05 D9 CA E6 F9 0A 94 14 E7 C6 7A DB 63 FE E5 EC ..........z.c...
0040: 48 94 8C 0D 77 92 59 DE 34 6E 77 1A 24 FE E3 C1 H...w.Y.4nw.$...
0050: D8 0B 52 6A 7E 22 13 71 D7 F8 AF D1 17 C8 64 4F ..Rj.".q......dO
0060: 83 EA 2D 6A CA 7F C3 84 37 15 FE 99 73 1D 7C D1 ..-j....7...s...
0070: 6D B4 99 09 62 B9 0F 18 33 4C C6 66 7A 9F C0 DB m...b...3L.fz...
No of certificates found from Personal MS Keystore: 1
Exception in thread "main" java.security.InvalidKeyException: Unsupported key type: Sun RSA public key, 1024 bits
modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
public exponent: 65537
     at sun.security.mscapi.RSACipher.init(RSACipher.java:176)
     at sun.security.mscapi.RSACipher.engineInit(RSACipher.java:129)
     at javax.crypto.Cipher.init(DashoA13*..)
     at javax.crypto.Cipher.init(DashoA13*..)
     at com.sap.srm.crpto.client.applet.CryptoClass.main(CryptoClass.java:102)
Edited by: sabre150 on 18-Jul-2011 03:47
Added [ code] tags to make code readable.

A bit of research indicates that the classes of the keys obtained by
                      RSAPubKey = c.getPublicKey();
                           RSAPrivKey = ks.getKey(aliasKey, null); //"mypassword".toCharArray()are sun.security.rsa.RSAPublicKeyImpl and sun.security.*mscapi*.RSAPrivateKey . It seems that for Cipher objects from the SunMSCAPI provider cannot accept RSA public keys of class sun.security.rsa.RSAPublicKeyImpl and that the SunMSCAPI will only accept RSA private keys of class sun.security.mscapi.RSAPrivateKey.
This came up under different guise a couple of years ago. It makes sense since encrypting/wrapping with a public key does not represent a security problem (there is nothing secret in any of the encryption operations) when done outside of MSCAPI so one can use any provider that has the capability BUT the decryption/unwrapping must be done with the SunMSCAPI provider which delegates it to the MSCAPI.
My working test code based on your code implementing this approach is :
        // RSA 1024 bits Asymmetric encryption of Symmetric AES key
        // List the certificates from Microsoft KeyStore using SunMSCAPI.
        System.out.println("List of certificates found in Microsoft Personal Keystore:");
        KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
        ks.load(null, null);
        Enumeration en = ks.aliases();
        PublicKey RSAPubKey = null;
        Key RSAPrivKey = null;
        int i = 0;
        while (en.hasMoreElements())
            String aliasKey = (String) en.nextElement();
            X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey);
            String sss = ks.getCertificateAlias(c);
            if (sss.equals("rsa_key")) // The alias for my key - make sure you change it back to your alias
                System.out.println("---> alias : " + sss);
                i = i + 1;
                String str = c.toString();
                System.out.println(" Certificate details : " + str);
                RSAPubKey = c.getPublicKey();
         System.out.println(RSAPubKey.getClass().getName());
               RSAPrivKey = ks.getKey(aliasKey, null); //"mypassword".toCharArray()
        System.out.println(RSAPrivKey.getClass().getName());
                Certificate[] chain = ks.getCertificateChain(aliasKey);
        System.out.println(ks.getProvider().getName());
        System.out.println("No of certificates found from Personal MS Keystore: " + i);
        Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");//, ks.getProvider().getName());       !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
            rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey);
        byte[] keyBytes =
            1, 2, 3, 4, 5, 6, 7, 8, 2, 3, 4, 5, 6, 7, 8, 9
        SecretKey aeskey = new SecretKeySpec(keyBytes, "AES");
        byte[] encryptedSymmKey = rsaCipher.wrap(aeskey);
        System.out.println("Encrypted Symmetric Key :" + Arrays.toString(encryptedSymmKey));
        System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length);
        // RSA Decryption of Encrypted Symmetric AES key
        Cipher unwrapRsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName());       //!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        unwrapRsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey);
        Key decryptedKey = unwrapRsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);
        System.out.println("Decrypted Symmetric Key :" + Arrays.toString(decryptedKey.getEncoded())); // Matches the 'keyBytes' above

Java Card RSA public key problem

Hello,
     I have a problem when I try to set the modulus part of a RSA public Key. There is always an error 6F 00.
The code is very simple :
private void saisie_modulus(APDU apdu)
          byte apduBuffer[] = apdu.getBuffer();
          if (!pin.isValidated ())
               ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
          byte byteRead = (byte)(apdu.setIncomingAndReceive());
          rsa_PublicKey2.setModulus(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
          return;
What is really strange is that when I replace
rsa_PublicKey2.setModulus(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
with rsa_PublicKey.setModulus(rsaPublicKey, (short)6, (short)128); that works. (rsaPublicKey is an array containing the key and it's taken from the sample CryptoTest that comes with Axalto software)
I tried to enter on the apdu the exact same modulus value of the public key of the sample CryptoTestand it doesn't work
I tried another examples that I tested elseware and it doesn't work either
the rest setKey composents work (same functions but with
rsa_PublicKey2.setExponent(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
rsa_PublicKey2.setP(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
rsa_PublicKey2.setQ(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
rsa_PublicKey2.setPQ(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
rsa_PublicKey2.setDP1(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
rsa_PublicKey2.setDQ1(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead);
in the place of
rsa_PublicKey2.setModulus(apduBuffer, (short)ISO7816.OFFSET_CDATA, (short)byteRead); )
Do you have any ideas? Is this possible to have a bug in the card? I use a Cyberflex 64k V2
Thank you in advance

Yes, I did enter the key by hand (as I did with the Exponent, P, Q , PQ, DP1 et DQ1 and it worked).
And I did enter by hand the EXACT same key (128 bytes) of the array rsaPublicKey to test.
I repeat that when I type
rsa_PublicKey.setModulus(rsaPublicKey, (short)6, (short)128);
that works
but when I enter manually (by hand) the EXACT same key (128 bytes beginning from byte 6) it doesn't work
I even generated a key in the card and I exported its modulus (128 bytes). I entered by hand the exact same modulus (copy - paste to be precise) that was exported and the card did not accept it.
This problem only happen with the modulus I repeat
Any ideas?
I begin to suspect a technical problem. I don't

Can I put RSA Public Key into the ISD in the JCOP?

Dear All,
Can I put RSA Public Key into the ISD in the JCOP? the command I put into the card as follows:
cm> /terminal "winscard:4|FT SCR2000 0"
--Opening terminal
/atrresetCard with timeout: 0 (ms)
--Waiting for card...
ATR=3B 69 00 FF 4A 43 4F 50 34 31 56 32 32 ;i..JCOP41V22
ATR: T=0, N=-1, Hist="JCOP41V22"
/card -a a000000003000000 -c com.ibm.jc.CardManagerresetCard with timeout: 0 (ms)
--Waiting for card...
ATR=3B 69 00 FF 4A 43 4F 50 34 31 56 32 32 ;i..JCOP41V22
ATR: T=0, N=-1, Hist="JCOP41V22"
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
(86244 usec)
<= 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 o..............e
01 FF 90 00 ....
Status: No Error
cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm> init-update 255
=> 80 50 00 00 08 51 39 AE 8E 0C 8B D9 50 00 .P...Q9.....P.
(132953 usec)
<= 00 00 63 06 00 26 29 91 06 75 FF 02 00 84 FC 69 ..c..&)..u.....i
60 80 B4 9C 9C 03 DB 99 9E F8 F4 67 90 00 `..........g..
Status: No Error
cm> ext-auth plain
=> 84 82 00 00 10 E6 A4 12 36 FD 7E 57 D0 2B 9D 5F ........6.~W.+._
65 30 D8 1B 00 e0...
(89378 usec)
<= 90 00 ..
Status: No Error
cm> put-key --mode add 115/1/RSA-PUB/0301000180ad97a22fe7cb29accc3a0b68844f0cb11d057ed8c80c5a4db856138030c419d0a27556902a939152ce79376b1cd0955ce4303bf7560c95230714c583ff8a8f12f1cf23d867e469773d15f0e708332651110cb615c8d373e86d57b5ffe7ff44bcc7690a4d68cbe07743b19879ac5beaeef6e1af133a1fd37b86a5339960b36e53
=> 80 D8 00 01 88 73 A1 80 AD 97 A2 2F E7 CB 29 AC .....s...../..).
CC 3A 0B 68 84 4F 0C B1 1D 05 7E D8 C8 0C 5A 4D .:.h.O....~...ZM
B8 56 13 80 30 C4 19 D0 A2 75 56 90 2A 93 91 52 .V..0....uV.*..R
CE 79 37 6B 1C D0 95 5C E4 30 3B F7 56 0C 95 23 .y7k...\.0;.V..#
07 14 C5 83 FF 8A 8F 12 F1 CF 23 D8 67 E4 69 77 ..........#.g.iw
3D 15 F0 E7 08 33 26 51 11 0C B6 15 C8 D3 73 E8 =....3&Q......s.
6D 57 B5 FF E7 FF 44 BC C7 69 0A 4D 68 CB E0 77 mW....D..i.Mh..w
43 B1 98 79 AC 5B EA EE F6 E1 AF 13 3A 1F D3 7B C..y.[......:..{
86 A5 33 99 60 B3 6E 53 A0 03 01 00 01 00 ..3.`.nS......
(281664 usec)
<= 6A 86 j.
Status: Incorrect parameters (P1,P2)
jcshell: Error code: 6a86 (Incorrect parameters (P1,P2))
jcshell: Wrong response APDU: 6A86
Why the card return error code ? I think the P1 P2 is correct, according to the GP2.1.1?
Thank you!

It also can't input the RSA Public Key to the card, as follows:
cm> /terminal "winscard:4|FT SCR2000 0"
--Opening terminal
/atrresetCard with timeout: 0 (ms)
--Waiting for card...
ATR=3B E9 00 00 81 31 FE 45 4A 43 4F 50 34 31 56 32 ;....1.EJCOP41V2
32 A7 2.
ATR: T=1, N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP41V22"
/card -a a000000003000000 -c com.ibm.jc.CardManagerresetCard with timeout: 0 (ms)
--Waiting for card...
ATR=3B E9 00 00 81 31 FE 45 4A 43 4F 50 34 31 56 32 ;....1.EJCOP41V2
32 A7 2.
ATR: T=1, N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP41V22"
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
(86180 usec)
<= 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 o..............e
01 FF 90 00 ....
Status: No Error
cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm> init-update 255
=> 80 50 00 00 08 80 29 78 6F 21 1B 34 89 00 .P....)xo!.4..
(129908 usec)
<= 00 00 63 06 00 26 29 91 06 75 FF 02 00 00 93 73 ..c..&)..u.....s
3A B8 2C 0F D2 4C 06 E2 50 66 7F D8 90 00 :.,..L..Pf....
Status: No Error
cm> ext-auth plain
=> 84 82 00 00 10 3E 88 4D 33 FD 7D A5 56 B6 90 84 .....>.M3.}.V...
78 94 BD B3 7A x...z
(97237 usec)
<= 90 00 ..
Status: No Error
cm> card-info
=> 80 F2 80 00 02 4F 00 00 .....O..
(60917 usec)
<= 08 A0 00 00 00 03 00 00 00 01 9E 90 00 .............
Status: No Error
=> 80 F2 40 00 02 4F 00 00 [email protected]..
(41315 usec)
<= 6A 88 j.
Status: Reference data not found
=> 80 F2 10 00 02 4F 00 00 .....O..
(73177 usec)
<= 07 A0 00 00 00 03 53 50 01 00 01 08 A0 00 00 00 ......SP........
03 53 50 41 90 00 .SPA..
Status: No Error
Card Manager AID : A000000003000000
Card Manager state : OP_READY
Load File : LOADED (--------) A0000000035350 (Security Domain)
Module : A000000003535041
cm> install -b -s -i A000000003535041 A0000000035350 A000000003535041
=> 80 E6 0C 00 20 07 A0 00 00 00 03 53 50 08 A0 00 .... ......SP...
00 00 03 53 50 41 08 A0 00 00 00 03 53 50 41 01 ...SPA......SPA.
C0 02 C9 00 00 00 ......
(227436 usec)
<= 90 00 ..
Status: No Error
cm> ls
=> 80 F2 80 00 02 4F 00 00 .....O..
(61204 usec)
<= 08 A0 00 00 00 03 00 00 00 01 9E 90 00 .............
Status: No Error
=> 80 F2 40 00 02 4F 00 00 [email protected]..
(66302 usec)
<= 08 A0 00 00 00 03 53 50 41 07 C0 90 00 ......SPA....
Status: No Error
=> 80 F2 10 00 02 4F 00 00 .....O..
(72365 usec)
<= 07 A0 00 00 00 03 53 50 01 00 01 08 A0 00 00 00 ......SP........
03 53 50 41 90 00 .SPA..
Status: No Error
Card Manager AID : A000000003000000
Card Manager state : OP_READY
Sec. Domain: SELECTABLE (SV------) A000000003535041
Load File : LOADED (--------) A0000000035350 (Security Domain)
Module : A000000003535041
cm> select A000000003535041
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
(84625 usec)
<= 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 o..............e
01 FF 90 00 ....
Status: No Error
cm> /card -a a000000003000000 -c com.ibm.jc.CardManager
resetCard with timeout: 0 (ms)
--Waiting for card...
ATR=3B E9 00 00 81 31 FE 45 4A 43 4F 50 34 31 56 32 ;....1.EJCOP41V2
32 A7 2.
ATR: T=1, N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP41V22"
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
(83836 usec)
<= 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 o..............e
01 FF 90 00 ....
Status: No Error
cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm> init-update 255
=> 80 50 00 00 08 FA 3B 98 E7 B4 60 A8 CC 00 .P....;...`...
(128562 usec)
<= 00 00 63 06 00 26 29 91 06 75 FF 02 00 01 26 F7 ..c..&)..u....&.
25 4D B0 B9 D2 1D 18 99 F1 1F E8 25 90 00 %M.........%..
Status: No Error
cm> ext-auth plain
=> 84 82 00 00 10 C9 5D 27 4B C4 54 AC E5 D3 3C 8B ......]'K.T...<.
5F 2D B5 6B 87 _-.k.
(97825 usec)
<= 90 00 ..
Status: No Error
cm> set-key 1/1/DES-ECB/505152535455565758595a5b5c5d5e5f 1/2/DES-ECB/505152535455565758595a5b5c5d5e5f 1/3/DES-ECB/505152535455565758595a5b5c5d5e5f
cm> put-keyset 1
=> 80 D8 00 81 43 01 80 10 B3 6A 9E 82 2D 9E 8E 06 ....C....j..-...
8F B9 52 EA CA 63 FA 6B 03 A4 B7 D6 80 10 B3 6A ..R..c.k.......j
9E 82 2D 9E 8E 06 8F B9 52 EA CA 63 FA 6B 03 A4 ..-.....R..c.k..
B7 D6 80 10 B3 6A 9E 82 2D 9E 8E 06 8F B9 52 EA .....j..-.....R.
CA 63 FA 6B 03 A4 B7 D6 00 .c.k.....
(263198 usec)
<= 01 A4 B7 D6 A4 B7 D6 A4 B7 D6 90 00 ............
Status: No Error
cm> put-key 115/1/RSA-PUB/0301000180ad97a22fe7cb29accc3a0b68844f0cb11d057ed8c80c5a4db856138030c419d0a27556902a939152ce79376b1cd0955ce4303bf7560c95230714c583ff8a8f12f1cf23d867e469773d15f0e708332651110cb615c8d373e86d57b5ffe7ff44bcc7690a4d68cbe07743b19879ac5beaeef6e1af133a1fd37b86a5339960b36e53
=> 80 D8 00 01 88 73 A1 80 AD 97 A2 2F E7 CB 29 AC .....s...../..).
CC 3A 0B 68 84 4F 0C B1 1D 05 7E D8 C8 0C 5A 4D .:.h.O....~...ZM
B8 56 13 80 30 C4 19 D0 A2 75 56 90 2A 93 91 52 .V..0....uV.*..R
CE 79 37 6B 1C D0 95 5C E4 30 3B F7 56 0C 95 23 .y7k...\.0;.V..#
07 14 C5 83 FF 8A 8F 12 F1 CF 23 D8 67 E4 69 77 ..........#.g.iw
3D 15 F0 E7 08 33 26 51 11 0C B6 15 C8 D3 73 E8 =....3&Q......s.
6D 57 B5 FF E7 FF 44 BC C7 69 0A 4D 68 CB E0 77 mW....D..i.Mh..w
43 B1 98 79 AC 5B EA EE F6 E1 AF 13 3A 1F D3 7B C..y.[......:..{
86 A5 33 99 60 B3 6E 53 A0 03 01 00 01 00 ..3.`.nS......
(251210 usec)
<= 6A 80 j.
Status: Wrong data
Add new key set didn't work, try modify ...
jcshell: Error code: -3 (Invalid API parameter)
jcshell: Command failed: Invalid RSA public key
Is it something wrong ?

ASA 8.4+ RSA Public Key for SSH user authentication

I have seen in the configuration guide and a separate post in the support community that RSA Public Key authentication is support for SSH sessions in 8.4 and after. I have tried implementing this on both an 8.4 ASA and a 9.1 ASA and I get the same error on both. I have tried specifying SSH version 2 to see if that is the issue but I still get the error. Is there a step I am missing?
Here is the output of the configuration commands:
ciscoasa(config)#username test nopassword privilege 15
ciscoasa(config)#username test attributes
ciscoasa(config-username)# ssh authentication publickey
                             ^
ERROR: % Invalid Hostname
The links referenced above:
https://supportforums.cisco.com/thread/2150480
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_aaa.html#wp1053558
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/aaa_servers.html#wp1176050
Thanks!

That would be great if the resolution was that simple. I am using a public key I generated using the putty key generator. Below is the key I would use if I got that far. However I get an error on the "ssh authentication publickey" attribute so I never get the chance to enter a public key. What code version and hardware version are you running that this worked on?
AAAAB3NzaC1yc2EAAAABJQAAAIEA2h00RCKBbpbrTWSe/3TYAvRpkJz7tLwQDCf9
4fDJUWUGrmxXHeomuBhNGZh7tyfFjRL2CKY6nWmFyKN/eDm0PF4IWhhCArzOPVDu
q7Nu2y/pD8wWH8dH4a3zRpkLSekNJtH6lzuqmY0zqz9TnZlpS6g4LI1a+lOGSmhU
/HySw9s=
ciscoasa(config)#username test nopassword privilege 15
ciscoasa(config)#username test attributes
ciscoasa(config-username)#ssh ?
configure mode commands/options:
Hostname or A.B.C.D The IP address of the host and/or network authorized to
                       login to the system
X:X:X:X::X/<0-128>   IPv6 address/prefix authorized to login to the system
scopy                Secure Copy mode
timeout              Configure ssh idle timeout
version              Specify protocol version to be supported
exec mode commands/options:
disconnect Specify SSH session id to be disconnected after this keyword
ciscoasa(config-username)# ssh
ciscoasa(config-username)# sh ver | in Ver
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(1)52
ciscoasa(config-username)#

Encrypt/Decrypt data, multiple public keys using Bouncy castle api?

Hi all.
I need to implement encrypt/decrypt functionality of some data with many public keys using bouncy castle api and EnvelopedData class in java 1.4 SE.
Could someone give me examples how to do it. I searched whole the internet and i could not find simple example.

Hi thanks very much.
I had a quick look at the examples. I will see if they could help me.
Here is more specific what i want:
Encrypt data with multiple public keys that are kept in .pkcs12 file.
And decrypt the data using coresponding private key after that.
I must use bouncy castle api for java 1.4 se.
Best regards
Edited by: menchev on Nov 13, 2008 8:26 AM

Self- Signed Certificate - Change RSA Public Key & Signature Algorithim

Hi
My 1801 router (IOS 15x) is using the original self signed certificate (1024) with an signature algorithm MD5. I would like to change the cert to a 2048 key length , with a hash of SHA1 or better but I'm unsure how to do this.
Should I just generate new keys or would I be better creating a new self-signed cert? What is the procedure & explicit commands (CLI) to do this?
Many thanks in advance.
Regards
Bob

Sure, the secure-server is the quickest and easiest method but you can create the new key, define the trustpoint manually and enroll the certificate that way.
Below are the commands. (You can of course call the key, trustpoint, O and CN values whatever locally significant names make sense for you.)
router(config)#crypto key generate rsa label router-rsa modulus 2048
The name for the keys will be: router-rsa
% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 10 seconds)
router(config)#
router(config)#crypto pki trustpoint router-ca
router(ca-trustpoint)#enrollment selfsigned
router(ca-trustpoint)#subject-name O=Test,CN=www.router.com
router(ca-trustpoint)#rsakeypair router-rsa
router(config)#crypto pki enroll router-ca
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully created
router(config)#

RSA public key & transient

It is possible to initialize the session DES key as transient object:
sessionKey = (DESKey)KeyBuilder.buildKey(
KeyBuilder.TYPE_DES_TRANSIENT_DESELECT,
KeyBuilder.LENGTH_DES3_2KEY,
false);I need to initialize the RSApublic key as transient object as well. Let's assume that we are having enough space in RAM.
Sincerely,
Žagar Jelena

I did not understand you completely. I am having this code fragement.
Applet class variable:
public RandomData randomData;
public RSAPublicKey key;
Applet constructor:
randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
cipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
key = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC,
CIAKey.RSA_KEY_LENGTH_2048, false);
Applet method:
public void method() {
// DH class contains Diffie-Helman parameters: p, q and g.
short exponentLength = (short) (dh.q.length - 2);
randomData.generateData(buffer, (byte) 0, exponentLength);
buffer[exponentLength - 1] |= 0x01; // Exponent must be odd - set LSB
((RSAPublicKey) key).setExponent(buffer, (short) 0, exponentLength);
((RSAPublicKey) key).setModulus(dh.p, (short) 0, (short) dh.p.length);
cipher.init((RSAPublicKey) key, Cipher.MODE_ENCRYPT);
}The code lines that bothers me are the next lines:
((RSAPublicKey) key).setExponent(buffer, (short) 0, exponentLength);
((RSAPublicKey) key).setModulus(dh.p, (short) 0, (short)Key is the applet instance variable that is located inside the EEPROM. These two methods setExponent and setModulus updates key object and therefore they are updating the ROM. I am in feer that I will stress the EEPROM.

Does Adobe Reader for iOS and Android Support Encryption with PKI Solution?

Hello there,
I have been searching for an answer whether or not Adobe Reader for iOS and Android can read encrypted PDF files by public key infrastructure solution (encrypted by a public key, to be decrypted by its private key pair), but to date I have not found the answer. From the Adobe web site, I understand that Adobe Reader for Android supports to read encrypted document by AES256 but it does not mention about PKI. I had to guess that it does not support encryption with PKI but I would just like to get a formal answer, and would like to know whether Adobe Reader Mobile will support it.
Thanks!
Masaya

Hi there,
Now we have Acrobat DC Mobile but I am still wondering if encryption/description using PKI solution (digital certificates) is supported. Could anyone let me know? Thank you.
Masaya

How to find modulus(n) and public key exponent(e)Sor

I did the following code:
import java.security.*;
class keypair
public static void main(String args[])
try {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        keyGen.initialize(1024);
        KeyPair keypair = keyGen.genKeyPair();
        PrivateKey privateKey = keypair.getPrivate();
        PublicKey publicKey = keypair.getPublic();
        System.out.println(publicKey);
catch (java.security.NoSuchAlgorithmException e) {
}It produced the following output:
E:\java>java keypair
Sun RSA public key, 1024 bits
modulus: 104598424699919432698042124865237006532583108525971624656815039032375
*68185931249899603942873174007833898125332457427834491991685017307342129730049040*
*85039266578793603162921901877391682504673766949037045217194339504369288262569809*
*64618725280325930282787918761626276736975012559809247463223114702205350103039131*
public exponent: 65537
How to parse modulus(n) and public exponent(e) from this output?
Similarly when i print private key, it produces the following output:
E:\java>java keypair
Sun RSA private CRT key, 1024 bits
modulus:          124578817060208658480856678950235831207402457067036419284514
*60119309486714863949162442643168408523979997168613499493638925829235693238993015*
*36861462235708805467117179894466762970147852286192228334073408407380525883650965*
*26200137024900438305422984852314541271126647102071346646999343089444655087519613*
*147762713*
public exponent: 65537
private exponent: 938527844532658207604152892230342202756165450473898580852699
*91069268853864683730106242370135012901790500054313488639918623825755509450966957*
*25996151023641565209086629652161258725723528561744214714448113895688480371394495*
*69970533766968335232379493089928062691491508442909468663624841001227918721233934*
*90451285*
prime p:          128112715803862066344339615342766575233634768887073748611821
*70613165835421234259251719401979554816266892921739504796026180704477109334458578*
*924582228715587*
prime q:          972415706579323990162180646771186062588725555167352041581263
*11833654947284058644791019214876691698044764118648637510099163830088827138987158*
*06445271350899*
prime exponent p: 102053075991522697645186596252261651077210381075096084960080
*01572103324900452503753532555651687424478224695551102238145517644352533224205327*
*850477437666141*
prime exponent q: 668659136319899226645386130685620335239039277715133737489656
*56694442226518700929665796129185316864860876985624927131126216000167126890435269*
*81971346772483*
crt coefficient: 337801534982286124613379128447816812903646302193598735486466
*78634104811105616496519276355880320340688935923186965279527763125244878069735173*
*60542121091569*
E:\java>
From this output how to parse n and d, where d is the secret exponent or decryption exponent? Thanks in advance. Apologies, for posting in this forum instead of cryptography forum.
Edited by: sowndar on Nov 28, 2009 3:12 AM

sowndar wrote:
From this output how to parse n and d, where d is the secret exponent or decryption exponent? Why do you think you need to parse anything? Why do you need the modulus and exponents?
P.S. Extract the public and private keys from the key pair, cast them to RSAPublicKey and RSAPrivateKey as appropriate then look at the methods of classes RSAPublicKey and RSAPrivateKey to see how to get modulus and exponents.

How encrypt msg with Public Key ?

I want to encrypt my Session Key with the public key of the recipient but how can I do ?
I know how to encrypt with the Secret Key but not with the Public Key.
Thanks for response
Nicolas

It depends on the cryptosystem of which the public key you are having.
If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it.

Encrypt data with public key?

I am trying to find a class that support encryption with PublicKey.
In the class Signature there is a method "initSign" that takes a PrivateKey as argument, but that is used for signing certificates.
What I am looking for is to make A encrypt some data with B' public key that B can decrypt with its private key...is there any class for this scenario?

You might want to check out these, if you haven't already:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/interfaces/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/package-summary.html

How Can i use the key file Generated by RSACryptoServiceProvider to encrypt with php?

I need to be able to encrypt data in PHP using a public key generate by .NET(RSACryptoServiceProvider). I will then decrypt the data later in C# using the private key.
Code Snippet
<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent><P>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==</P><Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>
As you see this code snippet is a xml format private key. at .net platform,which can use encrypt or dencrypt.
i have try the Extension Crypt RSA ( http://pear.php.net/reference/Crypt_RSA-1.0.0/elementindex_Crypt_RSA.html ) to help me encrypt data by php.but it haven't return a currect result. the data encrypted by php cann't dencrypt by c#.
does the RSA algorithm provider by Crypt_RSA can give a stand result as c#?
BTW :i just use the xmlkeystring like this.
Code Snippet
<?php
require_once("Crypt/RSA.php");
require_once("includes/Utils.class.php");
    $public_key_string = simplexml_load_string("<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent><P>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==</P><Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>");
    $key =new Crypt_RSA_Key(base64_decode($public_key_string->Modulus),base64_decode($public_key_string->Exponent),"public");
    echo "<pre>";
    print_r($key);
    echo "</pre>";
    $rsa_obj = new Crypt_RSA();
    //try encrypt data
    echo "encrypted result is:<br/>".$rsa_obj->encrypt("this is a smple text.",$key)
    ?>
but the encrypted data cann't decrypt by c#?where is the problem?what should i do with php codes?

thank you for your reply, i also found this article by google.but this does not meet scene, thank you all the same.
i have already solved the problem now,i'd like to post the Solution .infact it's so easy to use rsakey file generated by .net .
-------------rsa.class.php-------------------
Code Snippet
<?php
* Some constants
define("BCCOMP_LARGER", 1);
class RSA
* PHP implementation of the RSA algorithm
* (C) Copyright 2004 Edsko de Vries, Ireland
* Licensed under the GNU Public License (GPL)
* This implementation has been verified against [3]
* (tested Java/PHP interoperability).
* References:
* [1] "Applied Cryptography", Bruce Schneier, John Wiley & Sons, 1996
* [2] "Prime Number Hide-and-Seek", Brian Raiter, Muppetlabs (online)
* [3] "The Bouncy Castle Crypto Package", Legion of the Bouncy Castle,
*      (open source cryptography library for Java, online)
* [4] "PKCS #1: RSA Encryption Standard", RSA Laboratories Technical Note,
*      version 1.5, revised November 1, 1993
* Functions that are meant to be used by the user of this PHP module.
* Notes:
* - $key and $modulus should be numbers in (decimal) string format
* - $message is expected to be binary data
* - $keylength should be a multiple of 8, and should be in bits
* - For rsa_encrypt/rsa_sign, the length of $message should not exceed
*   ($keylength / 8) - 11 (as mandated by [4]).
* - rsa_encrypt and rsa_sign will automatically add padding to the message.
*   For rsa_encrypt, this padding will consist of random values; for rsa_sign,
*   padding will consist of the appropriate number of 0xFF values (see [4])
* - rsa_decrypt and rsa_verify will automatically remove message padding.
* - Blocks for decoding (rsa_decrypt, rsa_verify) should be exactly
*   ($keylength / 8) bytes long.
* - rsa_encrypt and rsa_verify expect a public key; rsa_decrypt and rsa_sign
*   expect a private key.
* rsa encrypt data
* @param binary string $message
* @param unknown_type $public_key
* @param numbers $modulus
* @param numbers $keylength
* @return binary data
function rsa_encrypt($message, $public_key, $modulus, $keylength)
  $padded = RSA::add_PKCS1_padding($message, true, $keylength / 8);
  $number = RSA::binary_to_number($padded);
  $encrypted = RSA::pow_mod($number, $public_key, $modulus);
  $result = RSA::number_to_binary($encrypted, $keylength / 8);
  return $result;
function rsa_decrypt($message, $private_key, $modulus, $keylength)
  $number = RSA::binary_to_number($message);
  $decrypted = RSA::pow_mod($number, $private_key, $modulus);
  $result = RSA::number_to_binary($decrypted, $keylength / 8);
  return RSA::remove_PKCS1_padding($result, $keylength / 8);
function rsa_sign($message, $private_key, $modulus, $keylength)
  $padded = RSA::add_PKCS1_padding($message, false, $keylength / 8);
  $number = RSA::binary_to_number($padded);
  $signed = RSA::pow_mod($number, $private_key, $modulus);
  $result = RSA::number_to_binary($signed, $keylength / 8);
  return $result;
function rsa_verify($message, $public_key, $modulus, $keylength)
  return RSA::rsa_decrypt($message, $public_key, $modulus, $keylength);
function rsa_kyp_verify($message, $public_key, $modulus, $keylength)
  $number = RSA::binary_to_number($message);
  $decrypted = RSA::pow_mod($number, $public_key, $modulus);
  $result = RSA::number_to_binary($decrypted, $keylength / 8);
  return RSA::remove_KYP_padding($result, $keylength / 8);
* The actual implementation.
* Requires BCMath support in PHP (compile with --enable-bcmath)
// Calculate (p ^ q) mod r
// We need some trickery to [2]:
//   (a) Avoid calculating (p ^ q) before (p ^ q) mod r, because for typical RSA
//       applications, (p ^ q) is going to be _WAY_ too large.
//       (I mean, __WAY__ too large - won't fit in your computer's memory.)
//   (b) Still be reasonably efficient.
// We assume p, q and r are all positive, and that r is non-zero.
// Note that the more simple algorithm of multiplying $p by itself $q times, and
// applying "mod $r" at every step is also valid, but is O($q), whereas this
// algorithm is O(log $q). Big difference.
// As far as I can see, the algorithm I use is optimal; there is no redundancy
// in the calculation of the partial results.
function pow_mod($p, $q, $r)
  // Extract powers of 2 from $q
  $factors = array();
  $div = $q;
  $power_of_two = 0;
  while(bccomp($div, "0") == BCCOMP_LARGER)
   $rem = bcmod($div, 2);
   $div = bcdiv($div, 2);
   if($rem) array_push($factors, $power_of_two);
   $power_of_two++;
  // Calculate partial results for each factor, using each partial result as a
  // starting point for the next. This depends of the factors of two being
  // generated in increasing order.
  $partial_results = array();
  $part_res = $p;
  $idx = 0;
  foreach($factors as $factor)
   while($idx < $factor)
    $part_res = bcpow($part_res, "2");
    $part_res = bcmod($part_res, $r);
    $idx++;
   array_push($partial_results, $part_res);
  // Calculate final result
  $result = "1";
  foreach($partial_results as $part_res)
   $result = bcmul($result, $part_res);
   $result = bcmod($result, $r);
  return $result;
// Function to add padding to a decrypted string
// We need to know if this is a private or a public key operation [4]
function add_PKCS1_padding($data, $isPublicKey, $blocksize)
  $pad_length = $blocksize - 3 - strlen($data);
  if($isPublicKey)
   $block_type = "\x02";
   $padding = "";
   for($i = 0; $i < $pad_length; $i++)
    $rnd = mt_rand(1, 255);
    $padding .= chr($rnd);
  else
   $block_type = "\x01";
   $padding = str_repeat("\xFF", $pad_length);
  return "\x00" . $block_type . $padding . "\x00" . $data;
// Remove padding from a decrypted string
// See [4] for more details.
function remove_PKCS1_padding($data, $blocksize)
  assert(strlen($data) == $blocksize);
  $data = substr($data, 1);
  // We cannot deal with block type 0
  if($data{0} == '\0')
  die("Block type 0 not implemented.");
  // Then the block type must be 1 or 2
  assert(($data{0} == "\x01") || ($data{0} == "\x02"));
  // Remove the padding
  $offset = strpos($data, "\0", 1);
  return substr($data, $offset + 1);
// Remove "kyp" padding
// (Non standard)
function remove_KYP_padding($data, $blocksize)
  assert(strlen($data) == $blocksize);
  $offset = strpos($data, "\0");
  return substr($data, 0, $offset);
// Convert binary data to a decimal number
function binary_to_number($data)
  $base = "256";
  $radix = "1";
  $result = "0";
  for($i = strlen($data) - 1; $i >= 0; $i--)
   $digit = ord($data{$i});
   $part_res = bcmul($digit, $radix);
   $result = bcadd($result, $part_res);
   $radix = bcmul($radix, $base);
  return $result;
// Convert a number back into binary form
function number_to_binary($number, $blocksize)
  $base = "256";
  $result = "";
  $div = $number;
  while($div > 0)
   $mod = bcmod($div, $base);
   $div = bcdiv($div, $base);
   $result = chr($mod) . $result;
  return str_pad($result, $blocksize, "\x00", STR_PAD_LEFT);
?>
-------------RSAProcessor.class.php------------------------
Code Snippet
<?php
require_once("rsa.class.php");
class RSAProcessor
private $public_key = null;
private $private_key = null;
private $modulus = null;
private $key_length = "1024";
public function __construct($xmlRsakey=null,$type=null)
         $xmlObj = null;
   if($xmlRsakey==null)
          $xmlObj = simplexml_load_file("xmlfile/RSAKey.xml");
          elseif($type==RSAKeyType::XMLFile)
          $xmlObj = simplexml_load_file($xmlRsakey);
          else
          $xmlObj = simplexml_load_string($xmlRsakey);
         $this->modulus = RSA::binary_to_number(base64_decode($xmlObj->Modulus));
   $this->public_key = RSA::binary_to_number(base64_decode($xmlObj->Exponent));
   $this->key_length = strlen(base64_decode($xmlObj->Modulus))*8;
* get public key
* @return string public key
public function getPublicKey()
  //return base64_encode(RSA::number_to_binary($this->public_key,($this->key_length)/8));
  return $this->public_key;
public function getPrivateKey()
  //return base64_encode(RSA::number_to_binary($this->private_key,($this->key_length)/8));
  return $this->private_key;
public function getKeyLength()
  return $this->key_length;
public function getModulus()
  return $this->modulus;
* encrypt data
* @param string $data
* @return base64 encoded binary string
public function encrypt($data)
  return base64_encode(RSA::rsa_encrypt($data,$this->public_key,$this->modulus,$this->key_length));
public function dencrypt($data)
  return RSA::rsa_decrypt($data,$this->private_key,$this->modulus,$this->key_length);
public function sign($data)
  return RSA::rsa_sign($data,$this->private_key,$this->modulus,$this->key_length);
public function verify($data)
  return RSA::rsa_verify($data,$this->public_key,$this->modulus,$this->key_length);
class RSAKeyType
const XMLFile = 0;
const XMLString = 1;
?>
-------------- encrypt data with public key-----------------
Code Snippet
<?php
require_once("RSAProcessor.class.php");
$processor = new RSAProcessor
("<RSAKeyValue><Modulus>m6ljoeWhmnd0oRnsVEH5iNw3B8+vKVu7v7CVfMyf6bnKEzHa62TRmT/baJiSevoI/vgm2ph/s1JrQQTaGiErHicigwSC
Aw7+i05WFbnz7tOyiiJJVMfsdd+v7Xan9Hiud05FzxoMbM8vpiMHPEIDbGJ1MiXyupTVkz2WcMHyBoJ4S189opktZ43pviUhy0PeuWkyoU7zR54akPmK
Yg+z5Zr1r7K8lUZ1a3TThfJGxTQR/uZMtZz/q8QF0AANVQ/eyahTv9icBzBoDuncS0Y5l3vqogW1C/ltJvhJpvSn/OgjbRjuixCAptOUmRd13sDWU95/
x0bMq+Lg68lj2OjJ1Q==</Modulus><Exponent>AQAB</Exponent><P>zfvdBsMLlmo+4PAUYLgSV2xyyVa7ZqFjkJaAE4EbYuH24EoZjrzeiJR++D
FUT/GUhjfZ5eZ/5e29dXwk0sKUw6nHzBdBtOPp5fr4t5SKLEcWY+J+zLUSOlhG9NUkohFf6+Miy2Y7BLpXVrcl6UwXV0ak8KkTPB2l/aIMwYj5dgc=</
P><Q>wXV0sA3nDzoSDQA/4QSu/WIlBhkA3jZ7K7G9Z9rpP1A0vH+bZeyCIyo52u8ahGuYbubaizF1XMp+Xv3Mh2KmRbt7+UptwEwbFAUiiad2a312mqm
j7IJd7gRjGkyzKEm+6fpNeY3NFLNVNhccBqzhNkRoM22xnvQcImD10XVAakM=</Q><DP>wd1HdCLEWCfc0DYE59a2pINUMXyo2foRTDbpifHcRZ+ojAY
Rsc6+nsssCQnccXVMNVqBgSgEvfGYe+eAfMBX5SN5APPuioJrVGF2DsoFlZC+WPoGH0JYSoNlHO8yEDrMDaXzzH2GFHgQ1XOAged0nFbHzB1FFjJNVL5
cxRXWu6c=</DP><DQ>QDKuCk5SwubOXqoaiJ15RHRxPNjHRPZnYVSWOgSXKn9/QJ5H/0bA2NKGaHS4JAFgkEzjcRV0kNpRnUwztymxa6qPtWZRjWK0Ca
y6jVuZHIqB9UkeMLoCWZ3zFSMmwNPYGuUJGLFJwPjR6iU5E64C/nMs8QQR0WHIhFAQwvVZ7uk=</DQ><InverseQ>JckMSlJR10VZdnp83VPjrZ/Z+63
CGu3tWHm7f4DJ8IwjJWr8FlCpbSwiP6a4e9Upv6bUn/tOj2gY6MMq5G5yTKm2SCRvpUKRu4NCmWAt7vlFv0Z6pkXlTOpzvVjv3v16+dIZOA5Zn+v7+r1
xbdYdH20KRAbiBO3MfQP7s+VJJvM=</InverseQ><D>W1xrBr2hQOj1wgxWAgoK7IHbprEFrK+TnWmGA46SGPsbmHJ9fAVbY6fwHg7Wgmk4WHXLUCeLY
/Nu0eWIISfwh60Oe3ls2WC2k4qxyeSvQDBuLNb81U7WAUT9m9E1uK4QMCP3oxs1ybM80zTh7UMNgVK0WG+fbFUomVffcWTTqW+Fu12PEIO+UR/85oq+x
qVlTzYAEzt1OE9IhkYiRzi99ePXeH2gFltzJ/fb/7jLsDTkhM2eiYTGyOTZmBnen6c6a8b9LFTY4Bc0bGpk5ezHkub6F8p2ZgL/JgIOJMyRZICjDjs+9
k9PTmMTFsCF6xzHY15Fg25xIDYzIyx1rrRUjQ==</D></RSAKeyValue>",RSAKeyType::XMLString);
$rs = $processor->encrypt("Hello,It's Works.");
echo $rs;
?>
with the front codes.you can easy to encrypt data by public key generate by .net programe.

Encrypting with an RSA Public Key

Similar Messages

Maybe you are looking for