RSA encrypt in php to RSA decrypt in JAva

1
votes

at the moment im trying to encrypt with rsa in php with a public key generated in an android app and then decrypt in android app again.

My code to generate the keys in android is:

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair kp = kpg.generateKeyPair();
PublicKey publicKey = kp.getPublic();
PrivateKey privateKey = kp.getPrivate();

With that keys i can en- and decrypt very well. The pub key looks like this: 

OpenSSLRSAPublicKey{modulus=9ee9f82dd8429d9fa7f091c1d375b9c289bcf2c39ec57e175a2998b4bdd083465ef0fe6c7955c821b7e883929d017a9164a60290f1622f664a72096f5d2ffda7c7825c3d657c2d13d177445fa6cdd5d68b96346006a96040f5b09baae56d0c3efeaa77d57602f69018f5cefd60cb5c71b6b6f8a4b0472e8740367266917d8c13,publicExponent=10001}

In php im taking the modulus and exponent, creating a encrypted string with phpseclib 1.0

$rsa = new Crypt_RSA();
            // $rsa->createKey();
            $m = "9ee9f82dd8429d9fa7f091c1d375b9c289bcf2c39ec57e175a2998b4bdd083465ef0fe6c7955c821b7e883929d017a9164a60290f1622f664a72096f5d2ffda7c7825c3d657c2d13d177445fa6cdd5d68b96346006a96040f5b09baae56d0c3efeaa77d57602f69018f5cefd60cb5c71b6b6f8a4b0472e8740367266917d8c13";
            $e = "10001";
            $data = "hallo";                
            $modulus = new Math_BigInteger($m, 16);
            $exponent = new Math_BigInteger($e, 16);
            $rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
            $messageEncrypt = $rsa->encrypt($data);

In Android again, im loading the key, and decrypting it like this:

Cipher cipher1 = Cipher.getInstance("RSA");
cipher1.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedBytes = cipher1.doFinal(encrypted.getBytes());
String decrypted = new String(decryptedBytes);

Im always getting a wrong decrypted plaintext or a " Caused by: java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block" error message from Android.

What i think: The problem is the encoded transfer. That php outputs a different encoded version as java uses. So I tried a lot of different ways. I tried to convert the output to String/bin/hex/byte. Then transfer it, with socket or with copy+paste directly in the Code. Convert it back from hex/bin... to a byte[] and try to decode it. Nothing works...

Anyone has a solution for this?

1
javaphpandroidrsaphpseclib
I think you are trying to use long data. your data has to be shorter than key or modules (I dont remember which one). so, try to encrypt a small number. If you try to encode a data, try to encode only couple of bytesAdem
If you want your question answered provide more information, like some example inputs and outputs from PHP as well the code you use to encode the output. You say you've tried different encodings but you've shown none of them.President James K. Polk
Protip: You don't use asymmetric crypto to encrypt the message. You encrypt the message with symmetric crypto, encrypt the symmetric key with asymmetric crypto, and then send both to the recipient.Sammitch

1 Answers

0
votes

Since you're not specifying the encryption mode with phpseclib what that means is that you're using the (more secure and less common) OAEP encryption mode. My guess is that Java is using PKCS1 encryption by default ($rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);).

That said, with OAEP mode and the key that you're using (a 1024-bit key; 128 bytes), the limit is 86 bytes. The limit with PKCS1 mode is 117 bytes.

phpseclib 1.0 / 2.0 might not give errors because phpseclib tries to be all user friendly and will split the string up into chunks of the max size and will encrypt each chunk separately. It's unlikely that Java does that.