• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key

 
Parag Rathod
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I Want to Encrypt in Javascript Using Public Key & Decrypt in Java Using Private Key .
I Have Generated Private Key & Public Key Using Open SSL

1) openssl genrsa -out rsa.pem 1024
2) openssl rsa -in rsa.pem -pubout

I am Using pidCrypt for Encrypt in JavaScript RSA .
At Java Using Instance as RSA( Cipher.getInstance("RSA") ) .
But Output is Diffrent

JavaScript Encrypt : K2N58n/ejCzlJaZc1fQlU6+9b4ctAnc6vLIfw5TbvDbVmSLhJ7V2kE50d2+ZF9kK
199D/BFSpHorngu6xYrczUmcYB95gVGIw8xre/TuWIHvvoRu2FKQDU/bs57hVpKa
y3WEdTAe+LFq5aRGNQ2exRvSB45m18ggOAutH/5OUt0=

On Decryption I am getting Error :
javax.crypto.BadPaddingException: Message is larger than modulus
at sun.security.rsa.RSACore.parseMsg(Unknown Source)


How Does Bank Implement Secure UserName & Password.
Is Encryption In Javascript is good Idea.
Can Anyone Suggest Other Good way for Password Encrytion.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch. Don't do that, cryptography in JavaScript is not a good idea. Assuming that this JavaScript runs in a web page, use HTTPS to send the data to the server.
 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Parag Rathod wrote:5OUt0=

On Decryption I am getting Error :
javax.crypto.BadPaddingException: Message is larger than modulus
at sun.security.rsa.RSACore.parseMsg(Unknown Source)



The default Sun/Oracle RSA encryption/decryption assumes PKCS1 padding (which has a random component) and the exception suggest that your JavaScript RSA is not performing the required PKCS1 padding. This padding requirement can be turned off but failure to use the padding makes it very very easy to decrypt/crack the average password either by brute force or by 'dictionary' attack. As already suggested you should be using HTTPS then you do not need to do any explicit encryption.

[edit] It has just occurred to me that another possible cause is that you are not Base64 decoding in your Java the obviously Base64 encoded cipher text. Of course I can't see any of your code so I am just guessing.
 
Parag Rathod
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank You Sir.....Problem got resolved i was because of Base 64 Decode.
 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Parag Rathod wrote:Thank You Sir.....Problem got resolved i was because of Base 64 Decode.


I'm pleased to have helped BUT as has already been pointed out twice before you should probably be using HTTPS and not doing the encryption yourself.
 
Paul Clapham
Sheriff
Posts: 21322
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Parag Rathod wrote:How Does Bank Implement Secure UserName & Password.


They use HTTPS.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic