> From: owner-openssl-us...@openssl.org On Behalf Of mycompuser
> Sent: Wednesday, 21 August, 2013 01:35
> Thanks for the reply.
> I do have access to the server code but cannot change it's
> implementation to
> suite my requirement as the server is serving other clients in other
> platforms as well.
>
> Below is the java code to encrypt an AES symmetric key with
> the public key
> it recieves from the client. After encryption, the size of
> the data is about
> 176 characters.
>
(Pure) RSA encryption for a 1024-bit key is 128 bytes,
which in base64 becomes 172 chars plus linebreaks.
Canonical CRLF breaks are 6, but Unix-style are 3,
and an encoder that doesn't do internal breaks
might be 1 or 2 at the end or nothing at all.
> public static String encryptAESKey(byte[] aesKeyBytes, String
> publicKeyStr)
> {
> String cipherStr = null;
>
> try {
> PublicKey pkey = getPublicKey(publicKeyStr);
>
> final Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
> cipher.init(Cipher.ENCRYPT_MODE, pkey);
>
> byte[] cipherBytes = cipher.doFinal(aesKeyBytes);
>
> cipherStr = Base64.encodeBase64String(cipherBytes);
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> return cipherStr;
> }
>
> private static PublicKey getPublicKey(String publicKey) throws
> InvalidKeySpecException, NoSuchAlgorithmException {
>
> KeyFactory rsaKeyFac = KeyFactory.getInstance(RSA_ALGORITHM);
> byte[] keyBytes = Base64.decodeBase64(publicKey.getBytes());
>
> X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
> RSAPublicKey rsaPubKey =
> (RSAPublicKey)rsaKeyFac.generatePublic(keySpec);
> return rsaPubKey;
> }
>
X509EncodedKeySpec (and Base64), that's the important thing.
As I said, Java's X509EncodedKeySpec is the same format
OpenSSL calls PUBKEY, and here you want it in base64.
You can do this when generating the key by:
- write the key using PEM_write_[bio]_PUBKEY (from an EVP_PKEY*)
or _RSA_PUBKEY (from an RSA*) then remove the header/footer lines.
- write the key using i2d_[RSA_]PUBKEY_[bio,fp] similarly
then convert to base64 (can do with EVP_ or commandline)
For an existing key file, recent (1.0.0+) commandline utilities
can do this for you. Given the file you showed earlier,
PEM "RSA PUBLIC KEY" which means pkcs1 format:
openssl rsa <pkcs1pem -RSAPublicKey_in | sed -e 1d -e '$d' >pubkeyb64
or
openssl rsa <pkcs1pem -RSAPublicKey_in -outform der | openssl base64
>pubkeyb64
# you said Mac which means pipe should work, but on Windows
# pipes don't always work right for der=binary, in that case:
openssl rsa <pkcs1pem -RSAPublicKey_in -outform der -out pubkeyder
openssl base64 -in pubkeyder >pubkeyb64
Note: OpenSSL puts linebreaks in base64 data as per RFCs,
and base64 decoders are supposed to ignore embedded whitespace
including linebreaks. If the one used in your server doesn't,
strip them out yourself.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
