encryption, and security

Hi there�
I am totally new to security and encryption, I do not want to make this call for help too long, but I am in a deep trouble. I am developing a very simple SET Handler. Now there are two problems hunting me:

1.Dealing with Keys and Certificates:

I managed to create a pair of keys using keytool, in addition, I "self-certified" my self using the same tool and stored the certificate in the same store where the keys are. I wonder, what is the content of the store, does saving the certificate in the same store overwrites the keys? And how can I extract the private key from store dynamically? Can I enforce that the algorithm used all-over the activities depends on RSA?

2.After failing, of course, to answer all the questions above, I tried experimenting a little with the KeyPairGenerator, the result was awesome. I succeeded in encrypting and decrypting a simple phrase. Furthermore, I created two simple separate programs, a writer (encrypter) and a reader (decrypter). I connected the two programs via a socket connection, I also allocated the same and exact KeyPair to both programs. Now when I encrypt the data and tries to send the resultant byte array through a DataOutputStream, or as an object, the received array or data is never the same, as if the format of the data has changed during transmission. In other words, what is the ideal way for sending encrypted data through a socket connection without using a cipherInputStream nor a cipherOutputStream.

Thank you very much in advance
Hatim

A DataOutputStream is for writing Java primitives. What happens if you write the byte array directly to the OutputStream obtained from the socket?

Hi...

Well, the encrypt() and decrypt() methods in the Cipher class return an array of bytes (byte[]). Thus, using any output stream, it may seem possible, to transport the array to the other end of the connection. However, it is not the case!?

However, it is not the case!?

What does that mean - have you tried what I suggested, or is that based on using DataOutputStream? Just any OutputStream is not like just any other - some do something to the data passed through them that needs to be undone on the receiving end.

byte arrays should not change their value across a socket. How are you displaying their values? Are you constructing a new String object out of the bytes and then printing it out? If so, are you using the same encoding on both?

With regards to encryption and decryption - are you POSITIVE you're using the correct keys?

Jeremy

Hi...

You made a very interesting point. I know that the DataOutputStream produces a byte representation of the streamed data, but I thought that this is applicable only when one of the writeXXX() methods are invoked. Well, it worth a try, otherwise, the default implementation is borrowed from the parent class.
By the way, I am certain that the keys are identical. Thank you guys very much, I will try it and the n update you. Good Day.

Hi
What am I missing here:

//client side String phrase = "Hello World"; OutputStream out = aSocket.getOutputStream(); byte[] data = cipher.doFinal(Cipher.ENCRYPT, myPrivateKey); out.write(data, 0 , data.length); out.flush(); //server side Socket aSocket = server.accept(); InputStream in = aSocket.getInputStream(); int limit = in.available(); byte[] data = new byte[limit]; for (int ctr = 0; ctr < limit; ctr++) data[ctr] = (byte) in.read(); byte[] data2 = cipher.doFinal(Cipher.DECRYPT, hisPublicKey);

Now I made sure that the byte[] transimitted over the socket connection changes at the other point, meaning, data at client side (after encryption) is never data at server side (before decryption). Any clues or suggestions.

Thanks,

int limit = in.available();

The available() method does not return you the total amount of data. It returns you the total amount of data currently available.

To get everything, you have to change your loop to keep reading until you reach the end of stream. See the Javadoc for more details.

Henry