Did you check the getInstance(xxx) returns the same implementation in tomee and standalone?
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber <http://www.tomitribe.com> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2016-10-03 7:01 GMT+02:00 MMA_EDFX <[email protected]>: > Exception: > > javax.crypto.BadPaddingException: data hash wrong > > org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal( > Unknown > Source) > javax.crypto.Cipher.doFinal(Cipher.java:2165) > > com.mycompany.web.restfulws.EncryptionUtil.rsaDecryptWithRawPrivateKey( > EncryptionUtil.java:207) > > > My Public Key is > > MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIs7W0XmYFjH415JDrOwui > STnQOJXzKGOCDN2tbfqmDx+CD9VOs+0xSLKwg8towxmtmYTxF8vZy9Rk3jt3 > DarRQBlzjaT3dHsbaPZ72BNhfKnbk3WbIU8Eh7Ur1BrRCOxK8b4B7Q+iOCIf4CRF/ > JbYyebav1CfbbWLSZ1cl8ZUxQIDAQAB > > My Private Key > > MIICoTAbBgoqhkiG9w0BDAEDMA0ECDoNAO+O/RGtAgEUBIICgBZLXWRz+ > qpTxbOfxKBtSwvY3i/vcc39rvdgbmI+uFx5uUBrXlPgt0NB8bM7rtqm6OoFLc > myCSdwpmWS7qs9JxDZ5JQf0zsXT2UTsDN6tzeazuJPdrQWbk7VMUeWaI8E8c > SFFtPF5R0Ab2bTo0wm/OOboKKtXlGAKL5CHC3KT87z8GpSfikVEfpMXfd/ > 3zG5Q8FvsmcLjL9nnxCVb5CV2/9ghlZrvPknb6kKgUta/ > 1y8ha6h7E9w23fIscjpHLD3TSP2JtigpfFPPv6MjeMaZMkHiuBQdJH7NVuOUM0OBRUsL+ > K5hsWReoqXqtPGRfAG4GUk6DP2yTwPSjv4dXWin+L5iYBxzgV8A0L+hJssrjUAo/ > gznMflKFw8xkcQ3UK0moMxSVzHeq/SRIowYfx9by1IJr8yRc1KqEHK+ > 2lPApIMQBXn12Pnz/4ik+NkfOC7/Mk4QT718+SSzQmnJAq4sckh/ > k3lecxn3fW5T15LwjKiZFrxdXWclnuc0nMUlbQL8xL4Fwkz3bELTCwylECrugYvoHIhkaQx7/ > nLWO8To6zImWRTN9O6ietHiH3q5BnjDc4M59N8BeCZWIbYU+ > cJH8UDI596BZRfKo16WJXjguMDz3rJDOqEW/RjxYH90QdHTrxZlktVH5hKpTqKnNAX > aUiB6I1+P6E2h7z3gGIgcXG6+rmpxzIpTxXF3I87MBz/wZpZQarBpGeMSXuOGvkVUvaxPiT9q7 > OxFWDv4Y79lYAlxKbsrgRlQDxJ8VhHmaX7E28EKk+c1h9lPREq2w2/bBQ/ > N5XrwLnf4K6yWAPLuyvQZYDJH4DunEyP+JKVZwUjxsu4MkvnwucdsM/1hX4Ttgc= > > My message is pretty big (Specifically I need to decrypt Big JSON message > in > my project). So I will use AES encryption for the message. > > private static int iterations = 65536; > private static int keySize = 128; > > private final static String TRANSFORMATION = > "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"; > private final static String ENCODING = "UTF-8"; > > private final static String RSA_ALGORITHM = "RSA"; > > Step1: AES encypt the message. > > public static String aesEncryptMessage(String toBeEncrypted) throws > Exception{ > char[] plaintext = toBeEncrypted.toCharArray(); > byte[] saltBytes = getSalt().getBytes(); > SecretKeyFactory skf = SecretKeyFactory.getInstance(" > PBKDF2WithHmacSHA1"); > PBEKeySpec spec = new PBEKeySpec(plaintext, > saltBytes,iterations,keySize); > SecretKey secretKey = skf.generateSecret(spec); > // Encode the secret > base64EncodedSecretKey = > BaseEncoding.base64().encode(secretKey.getEncoded()); > SecretKeySpec secretSpec = new SecretKeySpec(secretKey. > getEncoded(),"AES"); > Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); > cipher.init(Cipher.ENCRYPT_MODE,secretSpec); > AlgorithmParameters params = cipher.getParameters(); > byte[] ivBytes = params.getParameterSpec( > IvParameterSpec.class).getIV(); > base64EncodedIVBytes = BaseEncoding.base64().encode(ivBytes); > byte[] encryptedTextBytes = > cipher.doFinal(String.valueOf(plaintext).getBytes("UTF-8")); > return DatatypeConverter.printBase64Binary(encryptedTextBytes); > } > > Step2: RES encryption of the base64EncodedSecretKey > > public static String rsaEncryptWithRawPublicKey(String rawText,String > publicKey) throws IOException,GeneralSecurityException{ > byte[] publicKeyBase64Encoded = publicKey.getBytes(ENCODING); > byte[] base64DecodedPublicKeyBytes = BaseEncoding.base64().decode( > new > String(publicKeyBase64Encoded).trim()); > X509EncodedKeySpec x509EncodedKeySpec = new > X509EncodedKeySpec(base64DecodedPublicKeyBytes); > Cipher cipher = Cipher.getInstance(TRANSFORMATION); > > cipher.init(Cipher.ENCRYPT_MODE,KeyFactory.getInstance( > RSA_ALGORITHM).generatePublic(x509EncodedKeySpec)); > return > org.apache.commons.codec.binary.Base64.encodeBase64String(cipher. > doFinal(rawText.getBytes(ENCODING))); > } > > Step3: The sender will exchange AES encrypted message + RES encrypted > password and the IVByets to the receiver > > Step4: From the receiver end, Since the receiver has private key he will > decrypt the RES encrypted password > > public static String rsaDecryptWithRawPrivateKey(String cipherText,String > privateKey) throws GeneralSecurityException, UnsupportedEncodingException{ > byte[] privateKeyBase64Encoded = privateKey.getBytes(ENCODING); > byte[] base64DecodedPrivateKeyBytes = BaseEncoding.base64().decode( > new > String(privateKeyBase64Encoded).trim()); > > PKCS8Key pkcs8 = new > PKCS8Key(base64DecodedPrivateKeyBytes,"pleaseChangeit!".toCharArray()); > > byte[] decrypted = pkcs8.getDecryptedBytes(); > PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decrypted); > > // A Java PrivateKey object is born. > PrivateKey pk = null; > if (pkcs8.isDSA()) { > pk = KeyFactory.getInstance("DSA").generatePrivate(spec); > } > else if (pkcs8.isRSA()) { > pk = KeyFactory.getInstance("RSA").generatePrivate(spec); > } > > // For lazier types: > pk = pkcs8.getPrivateKey(); > > PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new > PKCS8EncodedKeySpec(pk.getEncoded()); > Cipher cipher = Cipher.getInstance(TRANSFORMATION); > > cipher.init(Cipher.DECRYPT_MODE,KeyFactory.getInstance(RSA_ALGORITHM). > generatePrivate(pkcs8EncodedKeySpec)); > try { > return new > String(cipher.doFinal(org.apache.commons.codec.binary.Base64.decodeBase64( > cipherText)),ENCODING); > } > catch (BadPaddingException bpe) { > throw new ServiceFatalException("Bad Padding Exception. > Here was the text > to be decrypted ' "+cipherText+" '",bpe); > } > } > > Step5: After getting the RES encoded password, receiver will decrypt the > AES > encrypted message > > public static String aesDecryptMessage(String encryptedMessage,String > base64EncodedEncryptedSecretKey,String base64EncodedEncryptedIVBytes){ > byte[] decryptedTextBytes = null; > try { > byte[] encryptedTextBytes = DatatypeConverter. > parseBase64Binary(new > String(encryptedMessage)); > byte[] base64DecodedEncryptedSecretKey = > Base64.getDecoder().decode(base64EncodedEncryptedSecretKey); > SecretKeySpec secretSpec = new > SecretKeySpec(base64DecodedEncryptedSecretKey,"AES"); > Cipher cipher = Cipher.getInstance("AES/CBC/ > PKCS5Padding"); > byte[] base64EncodedEncIVBytes = > Base64.getDecoder().decode(base64EncodedEncryptedIVBytes); > cipher.init(Cipher.DECRYPT_MODE,secretSpec,new > IvParameterSpec(base64EncodedEncIVBytes)); > decryptedTextBytes = cipher.doFinal(encryptedTextBytes); > } > catch (Exception ex) { > > } > return new String(decryptedTextBytes); > } > > Overall > > Sender will do : > > String toBeEncrypted = "Hi!. How are you?"; > String encrypted = aesEncryptMessage(toBeEncrypted); > System.out.println("XXX: "+encrypted); > > String rsaEncryptedBase64EncodedSecretKey1 = > rsaEncryptWithRawPublicKey(getBase64EncodedSecretKey()," > MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIs7W0XmYFjH415JDrOwui > STnQOJXzKGOCDN2tbfqmDx+CD9VOs+0xSLKwg8towxmtmYTxF8vZy9Rk3jt3 > DarRQBlzjaT3dHsbaPZ72BNhfKnbk3WbIU8Eh7Ur1BrRCOxK8b4B7Q+iOCIf4CRF/ > JbYyebav1CfbbWLSZ1cl8ZUxQIDAQAB"); > System.out.println(rsaEncryptedBase64EncodedSecretKey1); > System.out.println(getBase64EncodedIVBytes()); > > From the receiver end > > String encryptedMessage = "nlcJhSDU4c3CaeBrNVfsey6LDz1dT+GZT9hy25cmDOE="; > String base64EncodedSecretKey = > "DQJN55vKs1dj43NtvD/MgVqiuDdHEL+y2f56sxWhYcdskVvGZd1sq3PHL1HTA > zjvWWLzA/QJGXFfdSH9K/LPGY/DqkOw2dxsTvNVV/EQoPCAGF6O7O5K4IVrez1DH0IxKIF3 > EcEldWcSIgpT2omJtAS4OKxdqY7MIG1Jd1Ph0P0="; > String base64EncodedIVBytes ="hzdwT6o8zgsqYnVAiP9Yhg=="; > String > rsaDecryptedBase64EncodedSecretKey1=rsaDecryptWithRawPrivateKey( > base64EncodedSecretKey,"MIICoTAbBgoqhkiG9w0BDAEDMA0ECD > oNAO+O/RGtAgEUBIICgBZLXWRz+qpTxbOfxKBtSwvY3i/vcc39rvdgbmI+ > uFx5uUBrXlPgt0NB8bM7rtqm6OoFLcmyCSdwpmWS7qs9JxDZ5JQf0zsXT2UT > sDN6tzeazuJPdrQWbk7VMUeWaI8E8cSFFtPF5R0Ab2bTo0wm/ > OOboKKtXlGAKL5CHC3KT87z8GpSfikVEfpMXfd/3zG5Q8FvsmcLjL9nnxCVb5CV2/ > 9ghlZrvPknb6kKgUta/1y8ha6h7E9w23fIscjpHLD3TSP2Jti > gpfFPPv6MjeMaZMkHiuBQdJH7NVuOUM0OBRUsL+K5hsWReoqXqtPGRfAG4GUk6DP2yTwP > Sjv4dXWin+L5iYBxzgV8A0L+hJssrjUAo/gznMflKFw8xkcQ3UK0moMxSVzHeq/ > SRIowYfx9by1IJr8yRc1KqEHK+2lPApIMQBXn12Pnz/4ik+NkfOC7/ > Mk4QT718+SSzQmnJAq4sckh/k3lecxn3fW5T15LwjKiZFrxdXWclnu > c0nMUlbQL8xL4Fwkz3bELTCwylECrugYvoHIhkaQx7/nLWO8To6zImWRTN9O6ietHiH3q5Bnj > Dc4M59N8BeCZWIbYU+cJH8UDI596BZRfKo16WJXjguMDz3rJDOqEW/ > RjxYH90QdHTrxZlktVH5hKpTqKnNAXaUiB6I1+P6E2h7z3gGIgcXG6+rmpxzIpTxXF3I87MBz/ > wZpZQarBpGeMSXuOGvkVUvaxPiT9q7OxFWDv4Y79lYAlxKbsrgRlQDxJ8VhH > maX7E28EKk+c1h9lPREq2w2/bBQ/N5XrwLnf4K6yWAPLuyvQZYDJH4DunE > yP+JKVZwUjxsu4MkvnwucdsM/1hX4Ttgc="); > String decrypted = > aesDecryptMessage(encryptedMessage,rsaDecryptedBase64EncodedSecre > tKey1,base64EncodedIVBytes); > System.out.println("Decrypted: "+decrypted); > > This works well if I run it as Java program. But fails to work when I call > the rest webservice in TomEE. I checked by verifying the message,secretkey > and iv bytes. Everything looks ok. > > > > > > -- > View this message in context: http://tomee-openejb.979440. > n4.nabble.com/RSA-encryption-does-not-looks-to-be-working-tp4680268.html > Sent from the TomEE Users mailing list archive at Nabble.com. >
