Hey all,
We're moving away from a really old CFC (textCrypt) from PerthWeb that we have been using for years to generate RSA public/private key pairs and do encryption/decryption. The CFX doesn't play well with CF9 64 Bit and I wanted to use the native Java encryption abilities. I've been able to adapt some existing code (with some help from this list - thanks Leigh) and create a CFC that does RSA key generation / encryption / decryption and supports saving the keys as base64 encoded strings so they can be written to a DB or file and read back in to re-generate the Key Instances in Java (http://rsacrypt.riaforge.org/). That all works great. The Problem ----------------------------------------------- The public and private keys generated with textCrypt will not work when I try to instantiate the Java object from the string, I get the error 'Unknown Key Spec'. My public key I am trying to use to encrypt data is (generated with textCrypt): ++11JE:cXmyDK+yhiFV5Ut0qKitOMvVhtmbVB1Rzmq5VtK5xQYvZgnyO487kNwWMwwyfwNLGkLps 4Vrd-lkD+T9jxwsmE An example of a key generated by the native JAVA class, that DOES work is: MFowDQYJKoZIhvcNAQEBBQADSQAwRgJBANeY3mvJcEBaOgl0G4iYnPuDa+tiGRyVsmRVQ6Yh897h 7fq+4JSvaxgPsHk863N5cT/QASoZGCxvrUTyJUCrsY0CAQM= The attached CFM has a test case that shows how we are attempting to decode the public key string and create the Java instance with out success. The code is also below. ============================================================================ ==================================================== <!--- File : EncryptionTest.cfm This is an example of the code we're using to do encryption. The key issue is that we can not get the existing pub/private keys that we have generated with textCrypt to convert to JAVA instances. How are these strings encoded is the big questions. Included (commented out), is a public key generated with the org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator JAVA library. These keys can be saved as base64 encoded strings (via getEncoded()) and then work fine when passed back in to decode and create the Java instance. The public key from textCrypt will not decode without an error. NOTE: All testing is done with 512 bit keys... ---> <!--- the string to encrypt ---> <cfset encryptMe = 'I desperately want to be encrypted!'> <!--- this is a public key generated via org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator. NOTE, it is already base64 encoded,so you need to comment out the toBase64 bit below when using this key <cfset publicKey = 'MFowDQYJKoZIhvcNAQEBBQADSQAwRgJBANeY3mvJcEBaOgl0G4iYnPuDa+tiGRyVsmRVQ6Yh897 h7fq+4JSvaxgPsHk863N5cT/QASoZGCxvrUTyJUCrsY0CAQM='> ---> <!--- public key from textCrypt CFX ---> <cfset publickey = '++11Ik:k3cQZL0W7zGx8HpqXxZXjtz5ipl+7ekUcaibsJ562QcGZ-T+4arpqum4xap0vxhyzgcW IfsIVgz4WfuoS9Lb3E'> <!--- the key from textCrypt needs to be base64 encoded ---> <cfset publicKey = toBase64(publickey)> <!--- convert to binary ---> <cfset keyBinary = toBinary(publickey)> <!--- Create a Java Cipher object and get a mode ---> <cfset cipher = createObject('java', 'javax.crypto.Cipher').getInstance("RSA") /> <!--- The mode tells the Cipher whether is will be encrypting or decrypting ---> <cfset encMode = cipher.ENCRYPT_MODE /> <!--- create the public Key Instance ---> <cfset pubKeySpec = createObject("java", "java.security.spec.X509EncodedKeySpec").init(keyBinary) /> <cfset factory = createObject("java", "java.security.KeyFactory").getInstance("RSA") /> <cfset keyInstance = factory.generatePublic(pubKeySpec) /> <!--- Initialize the Cipher with the mode and the key and encrypt the string ---> <cfset cipher.init(encMode, keyInstance) /> <cfset stringBytes = encryptMe.getBytes("UTF8") /> <cfset encryptedValue = cipher.doFinal(stringBytes, 0, len(encryptMe)) /> <!--- dump encoded result ---> <cfdump var="#encryptedValue#" label="Encrypted Value"> ====================================================================== Anybody have any ideas? Brook P.S I have spoken with PerthWeb, the original author is no longer there (Dave are you out there??), they took a look and did not have any luck getting the existing key to work. The wrote: "As suspected, it uses colons to separate the key parts, and the binary keys themselves are base64 encoded. There may be some other jiggery pokery going on however, as when I base64 decrypt the keys you sent I get slightly less than 512 bits, so I would imagine that you may have to pad the start or end with null characters to get the full 512 bits. Also complicating matters is that most libraries use a different method of storing keys in files so it's difficult to import a raw 512 bit key into the libraries that I tested ..." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343001 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm