How encrypt msg with Public Key ?

I want to encrypt my Session Key with the public key of the recipient but how can I do ?
I know how to encrypt with the Secret Key but not with the Public Key.
Thanks for response
Nicolas

It depends on the cryptosystem of which the public key you are having.
If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it.

Similar Messages

Encrypt data with public key?

I am trying to find a class that support encryption with PublicKey.
In the class Signature there is a method "initSign" that takes a PrivateKey as argument, but that is used for signing certificates.
What I am looking for is to make A encrypt some data with B' public key that B can decrypt with its private key...is there any class for this scenario?

You might want to check out these, if you haven't already:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/interfaces/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/package-summary.html

How to renewal SSO public key certificate ??

hiiiiii
How to renewal SSO public key certificate....

Hello,
You should replace the existing certificate before it expires as per the link provided below.
http://help.sap.com/saphelp_nw04s/helpdata/en/5c/b7d53ae8ab9248e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/59/6b653a0c52425fe10000000a114084/frameset.htm
Thanks,
Siva Kumar

How to send Encrypted message using public key in Business Service

Hi,
I have one public key (abc.cer) which is given by provider. I have to send encrypted message to Provider using public key. How to achieve it in OSB??
Thanx
Edited by: Vinit Ahuja on Jun 16, 2011 3:17 AM

These are the steps needed to accomplish this:
1. Import the public certificate in the TrustStore of the OSB Weblogic Server.
2. Export the public certificate in PEM format. (This will be needed to embed in the custom ws policy)
3. Create a custom WS policy, with the necessary encryption configuration information. I have placed a sample WS - Policy that I have used @ http://dl.dropbox.com/u/19901533/Sample_Custom_WSPolicy_Encryption.doc for your reference.
Use a unique value for the wsu:Id in the policy.
4. Apply this custom policy on the business service in the Request section (assuming you only need to encrypt the request fields)
5. Activate the changes and then test the business service. You can enable tracing on the BS to validate the encrypted content in the logs.
Hope this helps.
Thanks,
Patrick

Signing code with Public Key

Hi guys,
I'm working on my thesis,and my prof. told me that I have to sign a
java object with a public key.
Looks to be impossible, but I asked him again and he confirmed what he
said.
How do I create a digital signature of a java object using a Publik
Key??
Thanks a Lot guys!!!
Bye!

How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
However, you can very well have a look of the specified links below to recheck on things.
http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
http://www.developer.com/java/other/article.php/630851
http://mindprod.com/jgloss/digitalsignatures.html
Hope these might be of some help...
REGARDS,
RaHuL

Allow privilleged users to enter into EXEC mode on login not working with public keys

Hi,
I have recently updated one of my Cisco ASA to v9.2(1) and noticed a function to get the perform authorization for exec shell access can do a auto-enable when logging in from ssh.
The problem is that if I use a private/public key authentication with a user it won't do the auto-enable feature. If I login without keys and using my password, it jumps into privilleged exec mode as it should.
Anyone else had this issue?
Config:
aaa authentication ssh console LOCAL
aaa authorization exec LOCAL auto-enable
username user password xxxxxx encrypted privilege 15
username user attributes
ssh authentication publickey 22:af:xxxxxx hashed
Any answer will be highly appreciated.
P.S I'm totally new in this forum.

Would you be able to open a TAC SR and once you do , Email me the SR no and i will look into this issue.
[email protected]
Thanks and Regards,
Vibhor Amrodia

Problem with public key ssh login

Weird problem just appeared. Home computer has two accounts (A and B). I allow ssh login to both accounts via public key login (ssh-keygen). Two remote computers with accounts A' and B' on one, and A" and B" on the other.
I can ssh into the home computer account B from account B' on one computer. I can log into the home computer account B from account B" on the other computer. I cannot ssh into the home computer account A from either A' or A", but I could last week.
Here is what the .ssh directories look like:
Home computer, account A:
total 8
drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
-rw-r--r-- 1 userA groupA 1216 Jan 10 13:20:20 2006 authorized_keys2
-rw-r--r-- 1 userA groupA 447 Sep 25 15:28:42 2006 known_hosts
Home computer, account B:
total 16
drwx------ 5 userB groupB 170 Oct 2 09:52:02 2006 .
drwxr-xr-x 23 userB groupB 782 Nov 9 08:26:03 2006 ..
-rw------- 1 userB groupB 6148 May 19 17:54:58 2006 .DS_Store
-rw-r--r-- 1 userB groupB 1228 Jan 10 13:24:15 2006 authorized_keys2
-rw-r--r-- 1 userB groupB 242 Oct 2 09:52:02 2006 known_hosts
Remote computer 1, account A':
total 16
drwx------ 6 userA' groupA' 204 Nov 9 09:55:12 2006 .
drwxr-xr-x 29 userA' groupA' 986 Nov 9 09:41:21 2006 ..
-rw-r--r-- 1 userA' groupA' 41 Mar 13 12:13:17 2006 config
-rw------- 1 userA' groupA' 736 Nov 20 13:38:54 2005 id_dsa
-rw-r--r-- 1 userA' groupA' 607 Nov 20 13:38:54 2005 id_dsa.pub
-rw-r--r-- 1 userA' groupA' 246 Jan 10 09:41:27 2006 known_hosts
Remote computer 1, account B':
total 16
drwx------ 5 userB' groupB' 170 Nov 9 08:23:04 2006 .
drwxr-xr-x 18 userB' groupB' 612 Nov 9 09:52:11 2006 ..
-rw------- 1 userB' groupB' 6148 Nov 9 08:23:04 2006 .DS_Store
-rw------- 1 userB' groupB' 668 May 25 08:51:51 2006 id_dsa
-rw-r--r-- 1 userB' groupB' 2481 Oct 30 09:00:57 2006 known_hosts
Remote computer 2, account A":
total 12
drwx------ 5 userA" groupA" 170 Jan 25 10:59:54 2006 .
drwxr-xr-x 20 userA" groupA" 680 Nov 9 08:19:30 2006 ..
-rw------- 1 userA" groupA" 736 Jan 10 13:14:16 2006 id_dsa
-rw-r--r-- 1 userA" groupA" 609 Jan 10 13:14:16 2006 id_dsa.pub
-rw-r--r-- 1 userA" groupA" 3376 Oct 31 19:48:25 2006 known_hosts
Remote computer 2, account B":
total 12
drwx------ 5 userB" groupB" 170 Jan 25 11:41:48 2006 .
drwx------ 22 userB" groupB" 748 Nov 9 10:33:00 2006 ..
-rw------- 1 userB" groupB" 736 Jan 10 13:11:50 2006 id_dsa
-rw-r--r-- 1 userB" groupB" 615 Jan 10 13:11:50 2006 id_dsa.pub
-rw-r--r-- 1 userB" groupB" 2947 Nov 7 10:18:27 2006 known_hosts
I had copied the A' id_dsa.pub from remote computer 1 to the home computer account A authorized_keys2, then I copied the A" id_dsa.pub from remote computer 2 and had appended it to the home computer account A authorized_keys2. I had done a similar thing with accounts B', B", and B on their respective computers.
All worked great for many months, until today, when ssh connections from A' or A" into A give me the dreaded
Permission denied,gssapi-keyex,gssapi-with-mic) error message. Pretty certain that it was as recent as earlier this week I made the A'-->A ssh connection and all was well. Meanwhile, ssh connections from B' or B" into B still work fine.
As near as I can tell, file ownerships and permissions look okay. While ssh'ed into B from B' I even did a
cat /Users/userA/.ssh/authorized_keys2
and then in another Terminal window, local to the remote computer, I did a
cat /Users/userA/.ssh/id_dsa.pub
In the terminal windows, each key wraps over about five-and-a-half lines, and I spotchecked like the last half-dozen characters, on each Terminal window line, of remote computer 1, account A' id_dsa.pub and the first pub key entry in authorized_keys2 in home computer account A. They all match.
I even keep a clone backup of my hard drive, and the date/timestamp of /etc/sshd_config hasn't changed (although, I'm a bit mystified why it is dated as recently as it is -- Sep 29 2006 -- don't remember doing anything to it)
So, I'm really confused, and not sure what to try or where to look next.
2001 Quicksilver G4 (M8360LL/A) Mac OS X (10.4.8)

Hi j.v.,
Home computer, account A:
total 8
drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
The parent directory ".." of the directory ".ssh", i.e. home directory of account A, is group-writeble. SSH considers this as "insecure". You should make it writable only by the owner.
A@Home$ cd (cd to the home directory)
A@Home$ chmod g-w .
HTH
PowerMac G4 Mac OS X (10.4.7)

How to setup an ikev2 VPN with public key authentication with your BB10 device

This setup will allow you to run a VPN between your BB10.2 (and probably BB10.1) device and a debian linux computer (I am running the testing stream). You will need to tweak this config (and possibly install strongswan server on your LAN's gateway) to get access to network resources, or access the internet via the VPN. I have created this setup with the intention of accessing files/services on the debian computer only.
1. Install strongswan on your debian machine(I have v4.6.4 installed, I think the current testing version is v5.1. If you install v5+, some lines in the config may be obsolete), and install any other extra packages you are prompted to install:
apt-get install strongswan strongswan-ikev1 strongswan-ikev2 strongswan-starter openssl ipsec-tools
2. Generate certificates on your debian server in any, starting with a certificate authority. Edit the C= O= CN= fields to whatever you want:
ipsec pki --gen --outform pem > caKey.pem
ipsec pki --self --in caKey.pem --dn "C=CA, O=none, CN=Certificate-Auth" --san="Certificate-Auth" --ca --outform pem > caCert.pem
Generate a server keypair (again, editing the same fields as I indicated above. The CN= field should be lan ip address of your strongswan server. I would also put this as the address in --san=, or you can specify your hostname(if you have one, i.e. mydomainname.com):
ipsec pki --gen --outform pem > serverKey.pem
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=192.168.1.100" --san="192.168.1.100" --flag serverAuth --outform pem > serverCert.pem
Generate a keypair for your BB10 device (choose a CN=, and use it in the --san field @your server lan ip or hostname:
ipsec pki --gen --outform pem > userKey.pem
ipsec pki --pub --in userKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=bb10" --san "[email protected]" --flag serverAuth --outform pem > userCert.pem
3. After generating your keys, package the client keys for your BB10 device(you will be asked to create a password): openssl pkcs12 -export -in userCert.pem -inkey userKey.pem -out bb10.pfx
Copy the bb10.pfx file, and serverCert.pem to your BB10 device and import the certificates into the certificate store(Open Settings --> Security and Privacy --> Certificates --> Import)
4. Move the certificates into the appropriate folders on your debian server:
mv caKey.pem /etc/ipsec.d/private
mv caCert.pem /etc/ipsec.d/cacerts
mv serverKey.pem /etc/ipsec.d/private
mv serverCert.pem /etc/ipsec.d/certs
5. Enable ip forwarding on your debian machine:
edit /etc/sysctl.conf - change the following value as follows:
net.ipv4.ip_forward=1
Close the file and save changes. To enable changes, type: sysctl -p /etc/sysctl.conf
6. Edit config files:
          ipsec.secrets:
: RSA serverKey.pem
        ipsec.conf:
config setup
        strictcrlpolicy=no
        uniqueids=yes
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        leftfirewall=yes
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
conn bb10
        mobike=yes
        ike=aes256-sha1-sha1-modp1024!
        esp=aes256-sha1!
        left=%defaultroute
        leftid="C=CA, O=none, CN=192.168.1.100"
        leftcert=serverCert.pem
        right=%any
        rightsourceip=10.10.0.1
        rightid="C=CA, O=none, CN=bb10"
        rightauth=pubkey
        leftauth=pubkey
        pfs=yes
        auto=add
7. Start the ipsec service on your debian machine: service ipsec stop; service ipsec start
8. Set up the VPN connection on your blackberry: Settings -->Network Connections --> VPN --> Add.
a) Profile Name: Give your VPN a name
b) Server Address: Enter your server's address
c) Gateway Type: Generic IKEv2 VPN Server
d) Authentication Type: PKI
e) Authentication ID Type: Identity Certificate Distinguished Name
f) Client Certificate: The client certificate you imported should show up in the dropdown
g) Gateway Auth Type: PKI
h) Gateway Auth ID Type: Identity Certificate Distinguished Name
i) Gateway CA Certificate: Find the certificate authority you imported. If you used the same name as I did above when creating the certificate, if will be called "Certificate-Auth".
j) Perfect forward secrecy : ON
k) Change IKE Lifetime to 3600
l) Change IPSEC lifetime to 1200
You can leave everything else on default settings. Save your VPN profile.
9. Connect to your VPN. You should now be able to ping both ways between your blackberry and debian host. Using the above configuration, your blackberry device will have the ip address of 10.10.0.1.

There have been numerous bb10 updates (now 10.2.1.2977) since I first posted this mini how-to-I am not sure if it was the bb10 updates, or updates to strongswan (now v5.2.0) or my linux kernel (v3.15.3), though I am now able to use stronger hash and elliptic curve key exchange. I am using sha384 in my example, though have also got it working with sha512. Give it a try:
Simply use the same process I detailed before, though change the following lines in ipsec.conf:
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
to
ike=aes256-sha384-ecp521
esp=aes256-sha384-ecp521
Be sure to restart strongswan after you change these lines in the config.
After this is done, change 'Automatically determine algorithm' to off in the VPN profile settings of your VPN connection profile on your blackberry. I'm not sure why it doesn't work automatically. State the following in this section:
IKE DH Group: 21
IKE CIpher: AES (256-bit key)
IKE Hash: SHA384
IKE PRF: HMAC-SHA384
IPSec DH Group: 21
IPSec Cipher: AES (256-bit key)
IPSec Hash: SHA384

How Encrypt a File Using Key?

Hi Guys,
Here is my problem. I have to create a bank's document encrypted to send to a legacy system. ( Using a KEY to validate the roll process)
I'm thinking to use two scenarios:
1 - Generate the file via ABAP and sent it to a folder in a server to be consuming - SAP ERP.
2 - Generate the file via ABAP, sent it to PI encrypt it via Java Mapping and sent it to a server.
ABAP
First question.
There is a way to generate this file using SHA1 using a Key as parameter?
(CALCULATE_HASH_FOR_CHAR)
Second one.
How can I decrypt this file to test?
Third.
There is others ways to encrypt a file via SAP ERP? UTF-8 and BASE32 are not encrypt codes. They are encoding code.
PI
First
There is a library or other way to encrypt a file without implement a Java Mapping?
Tnks.

> There is a way to generate this file using SHA1 using a Key as parameter?
Why don't you simple search the forum with "SHA1" term, you'd get the answer in an instant
> How can I decrypt this file to test?
> There is others ways to encrypt a file via SAP ERP? UTF-8 and BASE32 are not encrypt codes. They are encoding code.
What encryption do you need?
> But I would like to know if are these methods algorithms as DES, AES, RSA... or others ?
Couldn't you say it at the beginning!
By simply looking at CL_HARD_WIRED_ENCRYPTOR methods, we see that the encryption mechanism is very simple (I'm not expert so I can't tell what it is), I wouldn't rely on it...
I recommend you to read [Note 662340 - SSF Encryption Using the SAPCryptolib|http://service.sap.com/sap/support/notes/662340]. There are also some documentation, security guides on sap library and sap marketplace.
Edited by: Sandra Rossi on Jul 13, 2010 6:51 PM

How Can i use the key file Generated by RSACryptoServiceProvider to encrypt with php?

I need to be able to encrypt data in PHP using a public key generate by .NET(RSACryptoServiceProvider). I will then decrypt the data later in C# using the private key.
Code Snippet
<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent><P>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==</P><Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>
As you see this code snippet is a xml format private key. at .net platform,which can use encrypt or dencrypt.
i have try the Extension Crypt RSA ( http://pear.php.net/reference/Crypt_RSA-1.0.0/elementindex_Crypt_RSA.html ) to help me encrypt data by php.but it haven't return a currect result. the data encrypted by php cann't dencrypt by c#.
does the RSA algorithm provider by Crypt_RSA can give a stand result as c#?
BTW :i just use the xmlkeystring like this.
Code Snippet
<?php
require_once("Crypt/RSA.php");
require_once("includes/Utils.class.php");
    $public_key_string = simplexml_load_string("<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent><P>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==</P><Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>");
    $key =new Crypt_RSA_Key(base64_decode($public_key_string->Modulus),base64_decode($public_key_string->Exponent),"public");
    echo "<pre>";
    print_r($key);
    echo "</pre>";
    $rsa_obj = new Crypt_RSA();
    //try encrypt data
    echo "encrypted result is:<br/>".$rsa_obj->encrypt("this is a smple text.",$key)
    ?>
but the encrypted data cann't decrypt by c#?where is the problem?what should i do with php codes?

thank you for your reply, i also found this article by google.but this does not meet scene, thank you all the same.
i have already solved the problem now,i'd like to post the Solution .infact it's so easy to use rsakey file generated by .net .
-------------rsa.class.php-------------------
Code Snippet
<?php
* Some constants
define("BCCOMP_LARGER", 1);
class RSA
* PHP implementation of the RSA algorithm
* (C) Copyright 2004 Edsko de Vries, Ireland
* Licensed under the GNU Public License (GPL)
* This implementation has been verified against [3]
* (tested Java/PHP interoperability).
* References:
* [1] "Applied Cryptography", Bruce Schneier, John Wiley & Sons, 1996
* [2] "Prime Number Hide-and-Seek", Brian Raiter, Muppetlabs (online)
* [3] "The Bouncy Castle Crypto Package", Legion of the Bouncy Castle,
*      (open source cryptography library for Java, online)
* [4] "PKCS #1: RSA Encryption Standard", RSA Laboratories Technical Note,
*      version 1.5, revised November 1, 1993
* Functions that are meant to be used by the user of this PHP module.
* Notes:
* - $key and $modulus should be numbers in (decimal) string format
* - $message is expected to be binary data
* - $keylength should be a multiple of 8, and should be in bits
* - For rsa_encrypt/rsa_sign, the length of $message should not exceed
*   ($keylength / 8) - 11 (as mandated by [4]).
* - rsa_encrypt and rsa_sign will automatically add padding to the message.
*   For rsa_encrypt, this padding will consist of random values; for rsa_sign,
*   padding will consist of the appropriate number of 0xFF values (see [4])
* - rsa_decrypt and rsa_verify will automatically remove message padding.
* - Blocks for decoding (rsa_decrypt, rsa_verify) should be exactly
*   ($keylength / 8) bytes long.
* - rsa_encrypt and rsa_verify expect a public key; rsa_decrypt and rsa_sign
*   expect a private key.
* rsa encrypt data
* @param binary string $message
* @param unknown_type $public_key
* @param numbers $modulus
* @param numbers $keylength
* @return binary data
function rsa_encrypt($message, $public_key, $modulus, $keylength)
  $padded = RSA::add_PKCS1_padding($message, true, $keylength / 8);
  $number = RSA::binary_to_number($padded);
  $encrypted = RSA::pow_mod($number, $public_key, $modulus);
  $result = RSA::number_to_binary($encrypted, $keylength / 8);
  return $result;
function rsa_decrypt($message, $private_key, $modulus, $keylength)
  $number = RSA::binary_to_number($message);
  $decrypted = RSA::pow_mod($number, $private_key, $modulus);
  $result = RSA::number_to_binary($decrypted, $keylength / 8);
  return RSA::remove_PKCS1_padding($result, $keylength / 8);
function rsa_sign($message, $private_key, $modulus, $keylength)
  $padded = RSA::add_PKCS1_padding($message, false, $keylength / 8);
  $number = RSA::binary_to_number($padded);
  $signed = RSA::pow_mod($number, $private_key, $modulus);
  $result = RSA::number_to_binary($signed, $keylength / 8);
  return $result;
function rsa_verify($message, $public_key, $modulus, $keylength)
  return RSA::rsa_decrypt($message, $public_key, $modulus, $keylength);
function rsa_kyp_verify($message, $public_key, $modulus, $keylength)
  $number = RSA::binary_to_number($message);
  $decrypted = RSA::pow_mod($number, $public_key, $modulus);
  $result = RSA::number_to_binary($decrypted, $keylength / 8);
  return RSA::remove_KYP_padding($result, $keylength / 8);
* The actual implementation.
* Requires BCMath support in PHP (compile with --enable-bcmath)
// Calculate (p ^ q) mod r
// We need some trickery to [2]:
//   (a) Avoid calculating (p ^ q) before (p ^ q) mod r, because for typical RSA
//       applications, (p ^ q) is going to be _WAY_ too large.
//       (I mean, __WAY__ too large - won't fit in your computer's memory.)
//   (b) Still be reasonably efficient.
// We assume p, q and r are all positive, and that r is non-zero.
// Note that the more simple algorithm of multiplying $p by itself $q times, and
// applying "mod $r" at every step is also valid, but is O($q), whereas this
// algorithm is O(log $q). Big difference.
// As far as I can see, the algorithm I use is optimal; there is no redundancy
// in the calculation of the partial results.
function pow_mod($p, $q, $r)
  // Extract powers of 2 from $q
  $factors = array();
  $div = $q;
  $power_of_two = 0;
  while(bccomp($div, "0") == BCCOMP_LARGER)
   $rem = bcmod($div, 2);
   $div = bcdiv($div, 2);
   if($rem) array_push($factors, $power_of_two);
   $power_of_two++;
  // Calculate partial results for each factor, using each partial result as a
  // starting point for the next. This depends of the factors of two being
  // generated in increasing order.
  $partial_results = array();
  $part_res = $p;
  $idx = 0;
  foreach($factors as $factor)
   while($idx < $factor)
    $part_res = bcpow($part_res, "2");
    $part_res = bcmod($part_res, $r);
    $idx++;
   array_push($partial_results, $part_res);
  // Calculate final result
  $result = "1";
  foreach($partial_results as $part_res)
   $result = bcmul($result, $part_res);
   $result = bcmod($result, $r);
  return $result;
// Function to add padding to a decrypted string
// We need to know if this is a private or a public key operation [4]
function add_PKCS1_padding($data, $isPublicKey, $blocksize)
  $pad_length = $blocksize - 3 - strlen($data);
  if($isPublicKey)
   $block_type = "\x02";
   $padding = "";
   for($i = 0; $i < $pad_length; $i++)
    $rnd = mt_rand(1, 255);
    $padding .= chr($rnd);
  else
   $block_type = "\x01";
   $padding = str_repeat("\xFF", $pad_length);
  return "\x00" . $block_type . $padding . "\x00" . $data;
// Remove padding from a decrypted string
// See [4] for more details.
function remove_PKCS1_padding($data, $blocksize)
  assert(strlen($data) == $blocksize);
  $data = substr($data, 1);
  // We cannot deal with block type 0
  if($data{0} == '\0')
  die("Block type 0 not implemented.");
  // Then the block type must be 1 or 2
  assert(($data{0} == "\x01") || ($data{0} == "\x02"));
  // Remove the padding
  $offset = strpos($data, "\0", 1);
  return substr($data, $offset + 1);
// Remove "kyp" padding
// (Non standard)
function remove_KYP_padding($data, $blocksize)
  assert(strlen($data) == $blocksize);
  $offset = strpos($data, "\0");
  return substr($data, 0, $offset);
// Convert binary data to a decimal number
function binary_to_number($data)
  $base = "256";
  $radix = "1";
  $result = "0";
  for($i = strlen($data) - 1; $i >= 0; $i--)
   $digit = ord($data{$i});
   $part_res = bcmul($digit, $radix);
   $result = bcadd($result, $part_res);
   $radix = bcmul($radix, $base);
  return $result;
// Convert a number back into binary form
function number_to_binary($number, $blocksize)
  $base = "256";
  $result = "";
  $div = $number;
  while($div > 0)
   $mod = bcmod($div, $base);
   $div = bcdiv($div, $base);
   $result = chr($mod) . $result;
  return str_pad($result, $blocksize, "\x00", STR_PAD_LEFT);
?>
-------------RSAProcessor.class.php------------------------
Code Snippet
<?php
require_once("rsa.class.php");
class RSAProcessor
private $public_key = null;
private $private_key = null;
private $modulus = null;
private $key_length = "1024";
public function __construct($xmlRsakey=null,$type=null)
         $xmlObj = null;
   if($xmlRsakey==null)
          $xmlObj = simplexml_load_file("xmlfile/RSAKey.xml");
          elseif($type==RSAKeyType::XMLFile)
          $xmlObj = simplexml_load_file($xmlRsakey);
          else
          $xmlObj = simplexml_load_string($xmlRsakey);
         $this->modulus = RSA::binary_to_number(base64_decode($xmlObj->Modulus));
   $this->public_key = RSA::binary_to_number(base64_decode($xmlObj->Exponent));
   $this->key_length = strlen(base64_decode($xmlObj->Modulus))*8;
* get public key
* @return string public key
public function getPublicKey()
  //return base64_encode(RSA::number_to_binary($this->public_key,($this->key_length)/8));
  return $this->public_key;
public function getPrivateKey()
  //return base64_encode(RSA::number_to_binary($this->private_key,($this->key_length)/8));
  return $this->private_key;
public function getKeyLength()
  return $this->key_length;
public function getModulus()
  return $this->modulus;
* encrypt data
* @param string $data
* @return base64 encoded binary string
public function encrypt($data)
  return base64_encode(RSA::rsa_encrypt($data,$this->public_key,$this->modulus,$this->key_length));
public function dencrypt($data)
  return RSA::rsa_decrypt($data,$this->private_key,$this->modulus,$this->key_length);
public function sign($data)
  return RSA::rsa_sign($data,$this->private_key,$this->modulus,$this->key_length);
public function verify($data)
  return RSA::rsa_verify($data,$this->public_key,$this->modulus,$this->key_length);
class RSAKeyType
const XMLFile = 0;
const XMLString = 1;
?>
-------------- encrypt data with public key-----------------
Code Snippet
<?php
require_once("RSAProcessor.class.php");
$processor = new RSAProcessor
("<RSAKeyValue><Modulus>m6ljoeWhmnd0oRnsVEH5iNw3B8+vKVu7v7CVfMyf6bnKEzHa62TRmT/baJiSevoI/vgm2ph/s1JrQQTaGiErHicigwSC
Aw7+i05WFbnz7tOyiiJJVMfsdd+v7Xan9Hiud05FzxoMbM8vpiMHPEIDbGJ1MiXyupTVkz2WcMHyBoJ4S189opktZ43pviUhy0PeuWkyoU7zR54akPmK
Yg+z5Zr1r7K8lUZ1a3TThfJGxTQR/uZMtZz/q8QF0AANVQ/eyahTv9icBzBoDuncS0Y5l3vqogW1C/ltJvhJpvSn/OgjbRjuixCAptOUmRd13sDWU95/
x0bMq+Lg68lj2OjJ1Q==</Modulus><Exponent>AQAB</Exponent><P>zfvdBsMLlmo+4PAUYLgSV2xyyVa7ZqFjkJaAE4EbYuH24EoZjrzeiJR++D
FUT/GUhjfZ5eZ/5e29dXwk0sKUw6nHzBdBtOPp5fr4t5SKLEcWY+J+zLUSOlhG9NUkohFf6+Miy2Y7BLpXVrcl6UwXV0ak8KkTPB2l/aIMwYj5dgc=</
P><Q>wXV0sA3nDzoSDQA/4QSu/WIlBhkA3jZ7K7G9Z9rpP1A0vH+bZeyCIyo52u8ahGuYbubaizF1XMp+Xv3Mh2KmRbt7+UptwEwbFAUiiad2a312mqm
j7IJd7gRjGkyzKEm+6fpNeY3NFLNVNhccBqzhNkRoM22xnvQcImD10XVAakM=</Q><DP>wd1HdCLEWCfc0DYE59a2pINUMXyo2foRTDbpifHcRZ+ojAY
Rsc6+nsssCQnccXVMNVqBgSgEvfGYe+eAfMBX5SN5APPuioJrVGF2DsoFlZC+WPoGH0JYSoNlHO8yEDrMDaXzzH2GFHgQ1XOAged0nFbHzB1FFjJNVL5
cxRXWu6c=</DP><DQ>QDKuCk5SwubOXqoaiJ15RHRxPNjHRPZnYVSWOgSXKn9/QJ5H/0bA2NKGaHS4JAFgkEzjcRV0kNpRnUwztymxa6qPtWZRjWK0Ca
y6jVuZHIqB9UkeMLoCWZ3zFSMmwNPYGuUJGLFJwPjR6iU5E64C/nMs8QQR0WHIhFAQwvVZ7uk=</DQ><InverseQ>JckMSlJR10VZdnp83VPjrZ/Z+63
CGu3tWHm7f4DJ8IwjJWr8FlCpbSwiP6a4e9Upv6bUn/tOj2gY6MMq5G5yTKm2SCRvpUKRu4NCmWAt7vlFv0Z6pkXlTOpzvVjv3v16+dIZOA5Zn+v7+r1
xbdYdH20KRAbiBO3MfQP7s+VJJvM=</InverseQ><D>W1xrBr2hQOj1wgxWAgoK7IHbprEFrK+TnWmGA46SGPsbmHJ9fAVbY6fwHg7Wgmk4WHXLUCeLY
/Nu0eWIISfwh60Oe3ls2WC2k4qxyeSvQDBuLNb81U7WAUT9m9E1uK4QMCP3oxs1ybM80zTh7UMNgVK0WG+fbFUomVffcWTTqW+Fu12PEIO+UR/85oq+x
qVlTzYAEzt1OE9IhkYiRzi99ePXeH2gFltzJ/fb/7jLsDTkhM2eiYTGyOTZmBnen6c6a8b9LFTY4Bc0bGpk5ezHkub6F8p2ZgL/JgIOJMyRZICjDjs+9
k9PTmMTFsCF6xzHY15Fg25xIDYzIyx1rrRUjQ==</D></RSAKeyValue>",RSAKeyType::XMLString);
$rs = $processor->encrypt("Hello,It's Works.");
echo $rs;
?>
with the front codes.you can easy to encrypt data by public key generate by .net programe.

Encrypting a vote with a servers public key...HELP!

Hey, I really need some help( online voting application)....what I want to do it allow a voter to be able to submit a ballot(vote) via servlets, they encrypt the ballot with the servers public key and then the ballot is stored in a database, where at another time the administrator may decrypt the ballot(s) using the servers private key. I have already sorted the voters authentication(MD5), and at the moment the servlet submits the ballot in an unencrypted form....so I just need a little help from here. I enclose my code and I would be truly grateful of someone could give me a hand.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.* ;
public class CastVote extends HttpServlet{
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException{
try {
String jmulligan= request.getParameter("jmulligan");
String pkelly=request.getParameter("pkelly");
String mjones=request.getParameter("mjones");
response.setContentType("text/html");
PrintWriter out=response.getWriter();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection ("jdbc:odbc:evoting");
Statement stmt = con.createStatement();
stmt.executeUpdate(
"INSERT INTO Ballot (JMulligan, PKelly, MJones)"
+ "VALUES ('"+jmulligan+"','"+pkelly+"','"+mjones+"') ");
stmt.close();
out.println("<HTML>\n"+
"<HEAD><TITLE>EVoting</TITLE></HEAD>\n"+
"<BODY BGCOLOR=\"127734\">\n"+
"<H1>Your Ballot has been entered as follows</H1>\n"+
"<H1>J Mulligan got "+ jmulligan +"</H1>\n"+
"<H1> M Jones got "+ mjones +"</H1>\n"+
"<H1> P Kelly got "+ pkelly +"</H1>\n"+
"</BODY></HTML>");
catch( Exception e ) {
System.out.println(e.getMessage());
e.printStackTrace();
thanks
Jacinta
PS I have ssl configured, with a self signed cert.

Hey!
I am also in the middle of doing an en=voting application as part of my thesis! Its interesting to see the way other people do the voting. Well, my experience so far is that I cannot get public/private key encryption to work. I have posted many topics on this forum regarding it and the reason it wont work is that the ballot that I am trying to enctypt is too large for the ballot object . I used the RSA algoithm and it wasn't able to handle my large object. So instead I have just used a symmetric algorithm and that works fine. I think its the DES algorithm. The only problem with this is that you are using the same key to encrypt and decrypt the ballot. I dont think this is secure. It has been reccomended to me that I use this symmetric algorithm as it is, but that I then use public/private key to encrypt the symmetric key! I still have a problem with this because if the key is still encrypted with public key, the user must have acces to the private key to decrypt the symmetric key to decryt the ballot. See where I'm going?
I would love to know of an asymmetric algorithm that can encrypt large objects. That would solve the whole security issue. I will post a replyhere if I find out the answer.
By the way, how is your project going?
All the best,
Chris Moltisanti

How to use Control Key with other key as Ctrl+C

I am using this code to access Shift key + C
addKeyListener(new KeyAdapter()
public void keyPressed(KeyEvent KEv)
if(KEv.isShiftDown() && (KEv.getKeyCode() == KEv.VK_C))
//Shift + C key down
Please tell me how to do with Control Key?
Vishwajeet

addKeyListener(new KeyAdapter()
public void keyPressed(KeyEvent KEv)
if(KEv.isControlDown && (KEv.getKeyCode() == KEv.VK_C))
//Cntrl + C key down
//if u want to create a key stroke for keys with contrl combination use CTRL_MASK.

How to change RSAPublicKeySpec to Key for encrypt?

I have RSAPublicKeySpec and I want to encrypt message with this key.
How to change RSAPublicKeySpec to Key for encrypt message?

I try to do this
try {
kf = KeyFactory.getInstance("RSA");
pk = kf.generatePublic(pubCard);
catch (NoSuchAlgorithmException ex4) { System.out.println("1");
catch (InvalidKeySpecException ex4) { System.out.println("2");
try {
Cipher cipher = Cipher.getInstance("RSA");
try {
cipher.init(Cipher.ENCRYPT_MODE, pk);
catch (InvalidKeyException ex2) { System.out.println("a");
try {
ticket = cipher.doFinal(mes.getBytes());
catch (IllegalStateException ex3) {System.out.println("b");
catch (IllegalBlockSizeException ex3) {System.out.println("c");
catch (BadPaddingException ex3) {System.out.println("e");
catch (NoSuchAlgorithmException ex1) {System.out.println("f");
catch (NoSuchPaddingException ex1) {System.out.println("g");
It cougth exception that "NoSuchAlgorithmException"
What wrong with line
Cipher cipher = Cipher.getInstance("RSA");
please tell me

Identifying Public keys??

How to identify the public keys if there are many public keys at the client side???
plz do let me know how to find the wanted public keys...
asap
thnx in advnce
Subhash

No a person A (other than yourself) creates a key pair. Person A submits
his/her public key to get a certificate through a certificate request
protocol. Once that certificate is returned to person A he/she can
distribute his/her public key to anyone he/she wishes through whatever
mechanisms he/she wishes. (aka email, floppy, whatever..)
If you trust the CA who provided the certificate then it is likely you
will trust the public key associated with it as being from person A. If
so you can then encrypt messages to person A using his/her publickey/certificate.
You can use keytool to take an X509 encoded public key/certificate and add
it to your keystore locally. Once it is in your keystore you can access
it at will for whatever operations you chose to do including encryption
or signature verification.
This all assumes you start out with the public certificate of the CA for
which signed your friends public key (otherwise known as certifying) already
on your machine. Java comes with a set of CA certificates of the most common
CAs including verisign etc..
If you are the CA then keep a copy of the certificate in your keystore
and then send it to person A. Now you can get the cert from your local
keystore anytime you need to encrypt data to be sent to person A.
Person A should NEVER provide anyone access to his/her private key. That
defeats the whole process. In fact person A should encrypt his/her private
key so that should it somehow wind up exposed it is difficult for the key
itself to be retrieved. This is typically done with PBE...

Message Digest with symmetric key

Hi,
I am new to Java Cryptography.
My requirement is i want to digest a message using RSA generated 128 bit key and i am not able to find any functions to generate Symmetric key and also to digest a message with key. Can any one please tell me how to do. Any help would be appreciated. This is very urgent requirement.
Thanks in advance.
Cheers,
Sreedhar Gupta

RSA use a key pair :
you can sign with the private key
and you verify signature with public key.
for this use class : java.security.Signature
To have a "message digest" with a symmetric key
use the class : javax.crypto.MAC

How encrypt msg with Public Key ?

Similar Messages

Maybe you are looking for