Heavy use of public key

I need to encrypt a lot of (maybe mllions) pieces of data (each 32 byte long, random looking) using a PublicKey. Each piece must be encrypted separately (since I need the possibility to decrypt it alone).
This way it is possible to obtain many plaintext-ciphertext pairs using my program. Is it too risky? Of course, cracking the program would reveal the PublicKey anyway, so maybe my whole problem is just stupid.....
I found out different ways, e.g., encrypting this way just a couple of random SecretKeys, which will be used to encrypt the pieces of data mentioned above. The storage overhead would be small, the computation could be even faster (using symmetrical cipher instead of RSA), but it's more complicated to maintain.... and loosing somehow the encrypted random SecretKeys would be a disaster.
null

I tried to figure out, how it works....
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.security.spec.*;
import sun.misc.*;
public class PBEEncryptDataString
    static public class EncryptionException extends Exception
        private EncryptionException(String text, Exception chain)
            super(text, chain);
    private static final String PROVIDER = "BC";
    private static final String ALGORITHM = "PBEWITHSHA-1AND192BITAES-CBC-BC";
    public PBEEncryptDataString(String passphrase, byte[] salt, int iterationCount, String characterEncoding) throws EncryptionException
        assert(passphrase != null);
        assert(passphrase.length() >= 6);
        assert(salt != null);
        assert((iterationCount > 6) && (iterationCount < 20));
        assert(characterEncoding != null);
        try
            PBEParameterSpec params = new PBEParameterSpec(salt, iterationCount);
            KeySpec keySpec = new PBEKeySpec(passphrase.toCharArray());
            SecretKey key = SecretKeyFactory.getInstance(ALGORITHM, PROVIDER).generateSecret(keySpec);
            this.characterEncoding = characterEncoding;
            this.encryptCipher = Cipher.getInstance(ALGORITHM, PROVIDER);
            this.encryptCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key, params);
            this.decryptCipher = Cipher.getInstance(ALGORITHM, PROVIDER);
            this.decryptCipher.init(javax.crypto.Cipher.DECRYPT_MODE, key, params);
        catch (Exception e)
            throw new EncryptionException("Problem constucting " + this.getClass().getName(), e);
    synchronized public byte[] encrypt(String dataString) throws EncryptionException
        assert dataString != null;
        try
            byte[] dataStringBytes = dataString.getBytes(characterEncoding);
            byte[] encryptedDataStringBytes = this.encryptCipher.doFinal(dataStringBytes);
            return encryptedDataStringBytes;
        catch (Exception e)
            throw new EncryptionException("Problem encrypting string", e);
    synchronized public String decrypt(byte[] encryptedDataStringBytes) throws EncryptionException
        assert encryptedDataStringBytes != null;
        try
            byte[] dataStringBytes = this.decryptCipher.doFinal(encryptedDataStringBytes);
            String recoveredDataString = new String(dataStringBytes, characterEncoding);
            return recoveredDataString;
        catch (Exception e)
            throw new EncryptionException("Problem decrypting string", e);
    public static void main(String[] args)
        try
            Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
            final byte[] salt =
            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, };
            PBEEncryptDataString dataStringEncryptAgent = new PBEEncryptDataString("The Password - make if fairly long so that there is lots and lots of entropy", salt, 1000, "UTF-8");
            // Get the dataString to encrypt from the command line
            String dataString = (args.length == 0)? "The quick brown fox jumps over the lazy dog." : args[0];
            System.out.println("Data string ....................[" + dataString + "]");
            // Encrypt the data
            byte[] encryptedDataStringBytes = dataStringEncryptAgent.encrypt(dataString);
            BASE64Encoder base64Encoder = new BASE64Encoder();
            System.out.println("Encoded encrypted data string ..[" + base64Encoder.encode(encryptedDataStringBytes) + "]");
            // Decrypt the data
            String recoveredDataString = dataStringEncryptAgent.decrypt(encryptedDataStringBytes);
            System.out.println("Recovered data string ..........[" + recoveredDataString + "]");
        catch (Exception e)
            e.printStackTrace(System.out);
    private String characterEncoding;
    private Cipher encryptCipher;
    private Cipher decryptCipher;
}Here, to show the basic approch, I have used a fixed IV but one can use a random IV and write it as a prefix to the output so that it can be used in the decryption process. Schneier has shown that this in no way compromises the security of the approach BUT, of course, it does increase the effective length of the encrypted data.

Similar Messages

  • Using Public key

    Hi,
    I really apologize for posting this thread which does not belong to this forum but I know someone must have use this in their shell scripting.
    I have to use PUBLIC KEY in my shell script for connecting one server. How do I accomplish this.
    Thanks for great help.

    Is there any source code??
    I can gererate public\private key but i want to decrypt the plain text using a public key .
    Is there any way to generate a secret key "AES" from the public key??
    Regards

  • Public Key Encryption

    Hi guys,
    I have to sign some data (a byte array) using a Public Key.
    How can I do that?
    (I know it's a bit strange..but I have to do this....)
    Thanks a lot...bye!!

    What you're really asking for is to do something with the data that only the owner of the Private Key can use. What you should be looking at is encryption with the Public Key and not Signing with the Public Key. You will find many examples on this forum, in the JCE web-pages at Sun and in David Hook's Book "Beginning Cryptography in Java".

  • Signing code with Public Key

    Hi guys,
    I'm working on my thesis,and my prof. told me that I have to sign a
    java object with a public key.
    Looks to be impossible, but I asked him again and he confirmed what he
    said.
    How do I create a digital signature of a java object using a Publik
    Key??
    Thanks a Lot guys!!!
    Bye!

    How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
    If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
    However, you can very well have a look of the specified links below to recheck on things.
    http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
    http://www.developer.com/java/other/article.php/630851
    http://mindprod.com/jgloss/digitalsignatures.html
    Hope these might be of some help...
    REGARDS,
    RaHuL

  • ArchiveLink security: sending public key certificate by SCMS_HTTP_PUT_CERT

    Hello!
    I have a question which I asked on ESA and Security forums and didn't get answer.
    I am trying to do a test program to check ArchiveLink security features. Namely, I am calling the function SCMS_HTTP_PUT_CERT which is supposed to send a public key certificate via HTTP. However, when I catch this call and want to import the certificate by using the function SSFC_PUT_CERTIFICATE, I get error message <i>SSF kernel error: invalid parameter</i>.
    Does anyone have experience with this?
    For more detailed description of my attempt, please see ArchiveLink security: sending public key certificate.
    Thanks and regards,
    Igor

    Hi
    SCMS_HTTP_PUT_CERT is used to send sap public key to Content server application. The  content server application makes use of this key to verify the incoming request ie the Content Server uses the public key to check URIs and signatures.
    SAP uses the Public/Private key security concept while communicating with Content server. Basically when SAP communicates with Content server it will be sending GET, PUT, POST requests. The URL from SAP will have field called secKey which contains the security key. secKey ensures that a URL cannot be changed after it has been generated by the SAP system. The private key is used by SAP to generate the secKey.
    The content server application will use the public key provided via SCMS_HTTP_PUT_CERT to check the URL and will be able to detect if the URL has been tampered.
    Refer SAP Content Server HTTP 4.5 Interface documentation  section Security for more details.
    http://help.sap.com/saphelp_nw04/helpdata/en/9b/e8c186eaf811d195580000e82deb58/frameset.htm
    Hope this helps
    Cheers,
    Samanjay
    Message was edited by:
            Samanjay Shenoy

  • Error.  Cannot install public key for specified user

    I'm getting "Error. Cannot install public key for specified user" when trying to add a public ssh key for a service processor user on a V20z. I've tried it for different users and still get the error. The same operation works fine on a V40z. Any help would be appreciated.

    That would be great if the resolution was that simple.  I am using a public key I generated using the putty key generator.  Below is the key I would use if I got that far.  However I get an error on the "ssh authentication publickey" attribute so I never get the chance to enter a public key.  What code version and hardware version are you running that this worked on?
    AAAAB3NzaC1yc2EAAAABJQAAAIEA2h00RCKBbpbrTWSe/3TYAvRpkJz7tLwQDCf9
    4fDJUWUGrmxXHeomuBhNGZh7tyfFjRL2CKY6nWmFyKN/eDm0PF4IWhhCArzOPVDu
    q7Nu2y/pD8wWH8dH4a3zRpkLSekNJtH6lzuqmY0zqz9TnZlpS6g4LI1a+lOGSmhU
    /HySw9s=
    ciscoasa(config)#username test nopassword privilege 15
    ciscoasa(config)#username test attributes
    ciscoasa(config-username)#ssh ?
    configure mode commands/options:
      Hostname or A.B.C.D  The IP address of the host and/or network authorized to
                           login to the system
      X:X:X:X::X/<0-128>   IPv6 address/prefix authorized to login to the system
      scopy                Secure Copy mode
      timeout              Configure ssh idle timeout
      version              Specify protocol version to be supported
    exec mode commands/options:
      disconnect  Specify SSH session id to be disconnected after this keyword
    ciscoasa(config-username)# ssh
    ciscoasa(config-username)# sh ver | in Ver
    Cisco Adaptive Security Appliance Software Version 9.1(1)
    Device Manager Version 7.1(1)52
    ciscoasa(config-username)#

  • Sending public key to not java application

    Hi,
    I'm trying to send through a socket connection a public key encoded on X.509 standard, but the key.getEncoded() method returns a array of bytes,How can I convert this array of bytes to a sequence of characters that can be readable by any not java application???Is possible to make this public key readable for any not java application??How can I do that??
    How can I send the public key to a not java application??
    Thanks.

    Thanks for helping, but if I use Base64 encoding does the client have to use a base64 decoder before having to use the public key??
    The major problem is that my client is a perl application that uses openSSL, I think it will not understand the key if I send it in Base64(the perl application uses a openSSL API to make the received public key in X.509 back to public key)...

  • Public key

    Hi
    I have a digital ID and I´d like to create a public key and send to my partners to allow them viewing my encripted documents
    How to create a public id?
    Thanks a lot

    Hi Steve
    Let me see if I´ve understood. I create a self-sign. After I export it to a FDF file and send to my partners. When encripting documents, they use that public key. I´m the only person who will be able to open that PDF.
    If I want to send someone an encrypted pdf, then I take its FDF and encrypt the document. My parner will be able to open.
    Am I right? ----->> According to this issue...Have you listened about any way to decrypt Pdfs without IDs...or up this time encrypt document with certification is 100% secure?
    Last question
    Is there any way to send PDfs over the web..the person is able to open (without using IDs) but not ever print or edit? I´ve experienced placing signature, certifying and password protection, but there is always a illegal program able to modify and edit or create a new pdf over that one.
    Is it possible? How could I do it?
    Thanks so much Steve
    Thanks a lot

  • ASA 8.4+ RSA Public Key for SSH user authentication

      I have seen in the configuration guide and a separate post in the support community that RSA Public Key authentication is support for SSH sessions in 8.4 and after.  I have tried implementing this on both an 8.4 ASA and a 9.1 ASA and I get the same error on both.  I have tried specifying SSH version 2 to see if that is the issue but I still get the error.  Is there a step I am missing?
    Here is the output of the configuration commands:
    ciscoasa(config)#username test nopassword privilege 15
    ciscoasa(config)#username test attributes
    ciscoasa(config-username)# ssh authentication publickey
                                 ^
    ERROR: % Invalid Hostname
    The links referenced above:
    https://supportforums.cisco.com/thread/2150480
    http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_aaa.html#wp1053558
    http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/aaa_servers.html#wp1176050
    Thanks!

    That would be great if the resolution was that simple.  I am using a public key I generated using the putty key generator.  Below is the key I would use if I got that far.  However I get an error on the "ssh authentication publickey" attribute so I never get the chance to enter a public key.  What code version and hardware version are you running that this worked on?
    AAAAB3NzaC1yc2EAAAABJQAAAIEA2h00RCKBbpbrTWSe/3TYAvRpkJz7tLwQDCf9
    4fDJUWUGrmxXHeomuBhNGZh7tyfFjRL2CKY6nWmFyKN/eDm0PF4IWhhCArzOPVDu
    q7Nu2y/pD8wWH8dH4a3zRpkLSekNJtH6lzuqmY0zqz9TnZlpS6g4LI1a+lOGSmhU
    /HySw9s=
    ciscoasa(config)#username test nopassword privilege 15
    ciscoasa(config)#username test attributes
    ciscoasa(config-username)#ssh ?
    configure mode commands/options:
      Hostname or A.B.C.D  The IP address of the host and/or network authorized to
                           login to the system
      X:X:X:X::X/<0-128>   IPv6 address/prefix authorized to login to the system
      scopy                Secure Copy mode
      timeout              Configure ssh idle timeout
      version              Specify protocol version to be supported
    exec mode commands/options:
      disconnect  Specify SSH session id to be disconnected after this keyword
    ciscoasa(config-username)# ssh
    ciscoasa(config-username)# sh ver | in Ver
    Cisco Adaptive Security Appliance Software Version 9.1(1)
    Device Manager Version 7.1(1)52
    ciscoasa(config-username)#

  • Remote login via ssh and public keys

    I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
    1) How do I disable logins via user/password?
    2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?

    1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
    Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
    by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
    ssh [email protected]
    whereas john can be anyname or your choosing.
    Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
    If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
    2) According to that MacOS X Hints article:
    "Leopard has now a built-in support for SSH authentication with public keys.
    OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
    Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
    I have not used this functionality as I don't use any passwords for ssh logins.
    They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
    I am sure this is the case.

  • Encrypt/Decrypt data, multiple public keys using Bouncy castle api?

    Hi all.
    I need to implement encrypt/decrypt functionality of some data with many public keys using bouncy castle api and EnvelopedData class in java 1.4 SE.
    Could someone give me examples how to do it. I searched whole the internet and i could not find simple example.

    Hi thanks very much.
    I had a quick look at the examples. I will see if they could help me.
    Here is more specific what i want:
    Encrypt data with multiple public keys that are kept in .pkcs12 file.
    And decrypt the data using coresponding private key after that.
    I must use bouncy castle api for java 1.4 se.
    Best regards
    Edited by: menchev on Nov 13, 2008 8:26 AM

  • How to get the private and public keys to use recaptcha?

    I have registered with google to get a recaptcha for my website. All I got was the site key and secret key! Though I need to get the public and private key for muse!

    Hello,
    Please use site Key as "Public Key"and Secret key as "Private Key".
    Regards
    Vivek

  • How to send Encrypted message using public key in Business Service

    Hi,
    I have one public key (abc.cer) which is given by provider. I have to send encrypted message to Provider using public key. How to achieve it in OSB??
    Thanx
    Edited by: Vinit Ahuja on Jun 16, 2011 3:17 AM

    These are the steps needed to accomplish this:
    1. Import the public certificate in the TrustStore of the OSB Weblogic Server.
    2. Export the public certificate in PEM format. (This will be needed to embed in the custom ws policy)
    3. Create a custom WS policy, with the necessary encryption configuration information. I have placed a sample WS - Policy that I have used @ http://dl.dropbox.com/u/19901533/Sample_Custom_WSPolicy_Encryption.doc for your reference.
    Use a unique value for the wsu:Id in the policy.
    4. Apply this custom policy on the business service in the Request section (assuming you only need to encrypt the request fields)
    5. Activate the changes and then test the business service. You can enable tracing on the BS to validate the encrypted content in the logs.
    Hope this helps.
    Thanks,
    Patrick

  • Renewing public key certificate used for Seeburger AS2

    My general question is when a public key certificate, used for Seeburger AS2 payload decryption and digital signatures, needs to be renewed, how carefully do the certificate renewal steps need to be coordinated for a seamless transition?  More specifically...
    1. Once we import the CSR response from the CA, will the public key currently used by our partner become invalid, or will it continue to work until its expiration date? 
    2. Will our partner be able to validate our signature after the new CSR has been imported, but prior to them applying the new public key certificate in their system? 
    3. Or can we renew the certificate, import the CSR request, provide our partner with the renewed certificate, and let them apply the certificate at their own volition, provided they do it prior to the original certificate expiration?

    Hi Kurt
    In my experience, the renewal/replacement of AS2 certificates for encryption/decryption & signing/authentication requires coordinated effort on both sides.
    This is because AS2 uses asymmetrical encryption, so both parties need to use the same pair of certificates at the same time, i.e. you encrypt on your private key, and partner decrypt on the public key matching your private key. If the keys used do not belong to the same pair, then decryption will not work.
    I'm not sure what AS2 software your partner uses and if it has the feature of automatic rollover of certificate, but PI/Seeburger does not. The approach in PI/Seeburger can either be one of the following:-
    i) import new cert replacing original cert of the same name
    ii) import new cert into new name, manually update sender/receiver agreements
    Due to the manual nature of the tasks, normally it requires coordinated effort during a cutover window.
    Rgds
    Eng Swee

  • When trying to attach my key, the 'Attach My Public Key' option is blanked out so I can't use it.

    This is referring to 'Digitally Signing and Encrypting Messages'. When trying to send my key by email, the 'Attach My Public Key' option is blanked out so I can't use it. I have a work around but it is a bit of a nuisance.
    Any ideas?
    Many thanks
    Kevin

    Hello christ1,
    Thanks for getting in touch.
    PNG screenshot attached.
    Kevin

Maybe you are looking for

  • IPad 4 iOS 6.0.1 cannot connect to Facebook

    Hi all, I have a strange problem that I'm trying to solve. I have an iPad 2 (iOS 5.1.1), iPhone 4S (iOS 5.1.1) and now an iPad 4 (iOS 6.0.1) Using the WiFi network at work the new iPad cannot connect to Facebook properly. The two older devices, on iO

  • Is it possible to use both inputs of my AudioBox at the same time?

    I was having issues last night, and I wanted to poll the community before I declared my device deffective. I have an AudioBox- USB and managed to hook it up to GB.  I tried both guitar and a microphone in Input 1 and they both worked.  I decided to t

  • Report mismatch in BEx.

    I am runnning 2 queries in BEx. Both of them are made on the same multiprovider. Apart from reporting other keyfigures , they also report 'FY07 Budget'; which should ideally be the same in both of them.But, theres a mismatch and one of them returns w

  • Change WCS login HTTPS certificate

    Hi Anyone know how to make a cert request for the WCS login page - and thereafter install a new certificate? Any documentations or guides that you can refer to? I'm running version 7.0.220.0 on a Windows 2003 R2 svr. Best Regards, Steffen. 

  • Lost-All bookmarks and bookmark folders

    All my bookmarks and bookmark folders have disappeared. How do I recover them? I am using safari 1.3.2 Can anyone help with this?