Encrypt 5-10MB file with private key and decrypt with public key

2
votes

I am trying to encrypt a file using a private key via RSA and then decrypt it using the public key in Java. I know very well that this is the reverse use case of how RSA is normally used with private/public key pairs.

My objective is to take a file, encrypt it on one system using a private key, and then decrypt it on a different system using the public key. I plan to distribute the public key so that anyone can read the file. What I am trying to prevent is from anyone being able to create the file.

I have found these C header functions and them implemented in PHP so i know what I am trying to do is possible

 int RSA_public_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
 int RSA_public_decrypt(int flen, unsigned char *from, 
    unsigned char *to, RSA *rsa,int padding);

How can I achieve the same behavior in Java? I keep googling and searching for things but maybe I am just not using the right words. Everything keeps coming up showing me how to encrypt with public and decrypt with private when I am trying to do the opposite.

The file i want to encrypt ranges from 5-10MB in size.

Thanks!

1
javaencryptioncryptography
please show the code you have so far.Timothy Truckle
I have none yet, im trying to get some help in where the API's i need are. All i have is a public and private key that i generated using opensslIrishThrowa
You are looking for a digital signature. Usually this is computed over a secure hash of the plaintext, not the plaintext itself.user207421
1. RSA is better used for small pieces of data. It is slow and clumsy for big data like your file. 2. The usual method is to use RSA to transfer a small key to the recipient, and to encrypt the big data with AES (or some other symmetric cipher) and let the recipient decrypt it with the key sent separately.rossum
If you really want to provide confidentiality you cannot encrypt with a private key. Note that encryption with a private key is not identical to signature generation. You may want to learn cryptography before trying to program it in Java.Maarten Bodewes

1 Answers

0
votes

If you want identify the person who owns the private key, and therefore owns the file, I guess the process you are looking for is "digital signature" (and not encryption), as comments @EJP

  1. Digest the file with a hashing algorithm like SHA-256. Creates a summary of a few bytes "hash"

  2. Sign the hash using the RSA private key. This is called the "signature"

  3. Send the file and the signature to a third party. They can verify the signature using the public key. If signature match then you can ensure the identity of the sender of the message and that has not been altered

In this case case file is not encrypted, is hashed and signed.

If you need to encrypt to hide the content, then you can't use RSA, because message size is limited by the length of the key. So 10mb is too big. In this case I suggest to use en encryption algorithm like AES to encrypt the content.

The third party will need the AES decryption key. Generate it before this or encrypt the AES key with a RSA public key of the third party using RSASA-OAEP padding (according link provided by @Maarten Bodewes)

Generating a digital signature

Signature sig = Signature.getInstance("SHA256withRSA"); 
sig.initSign(privateKey);
sig.update (data)
byte[] signature = sig.sign();

Verifiying the signature

Signature sig = Signature.getInstance("SHA256withRSA"); 
sig.initVerify(publicKey);
sig.update(data);  
boolean verifies = sig.verify(signature);