0

I'm trying to implement a solution for encryption between Java and JavaScript.

on the Java end I have the following static block:

public class Manager {

  public static KeyPairGenerator keyPairGenerator;
  public static KeyPair keyPair;

  static{       
      try {
        keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        keyPair = keyPairGenerator.genKeyPair();
      } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      }
  }
  ...
}

This basically generates a fresh KeyPair once my server is up and running...

then I give the public key in a JSON format:

<%
JSONObject json = new JSONObject();
json.put("publicKey", "-----BEGIN PUBLIC KEY-----" + Base64.encodeBase64URLSafeString(Manager.keyPair.getPublic().getEncoded()) + "-----END PUBLIC KEY-----");
%>

and I want to use that key (be it 1024 or 2048 bit) to encode information coming from client's forms... anyone knows how can I encode the information using an RSA 1024 bit, base64 encoded public key?

I tried jCryption and severel other libraries to no avail...

Improve this question
2
  • One key pair shared between all request/responses for the lifetime of the server? Any reason your not using SSL which does this transparently? Related stackoverflow.com/questions/610048/… Commented Jun 26, 2012 at 11:33
  • We're also doing SSL... it's an extra layer... we're crazy like that... :) Commented Jun 26, 2012 at 11:38

1 Answer 1

Reset to default
0

If you don't send your public key as a certificate, you are better off just sending the modulus and the public exponent separately (e.g. base 64 encoded in separate fields). The default encoding will result in a X509 SubjectPublicKeyInfo ASN.1 structure, which you would need to parse in your JavaScript libraries.

Note that you are protecting only against eavesdroppers; man-in-the-middle attacks are still viable as they can replace your public key with their own. RSA 1024 is of course outdated by now. Fortunately you still have TLS/SSL to protect you.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.