«

Hi,
I've 2 files : CA.cert (X509 certificate) and CA.key (contains private
key)
I want to encrypt a string "secret message" with the public key of the
certificate and decrypt this string with the private key.
I think encryption is ok, but I can't import the private key from the
file.
Here is my code:
--------------------------------------------------------------------
[...]

InputStream inStream = new FileInputStream("./CA.crt"); //The X509
certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert =
(X509Certificate)cf.generateCertificate(inStream);
inStream.close();

RSAPublicKey rsaPublicKey = (RSAPublicKey)cert.getPublicKey();
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.addProvider(bcp);
Cipher encryptCipher = Cipher.getInstance("RSA", bcp);
encryptCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey);

String message = "secret message";
byte[] messageACrypter = message.getBytes();
byte[] messageCrypte = encryptCipher.doFinal(messageACrypter);

System.out.println("\nSource : "+message);
System.out.println("Source crypted: "+new String(messageCrypte)+"\n");

File keyFile = new File("./CA.key");
DataInputStream in = new DataInputStream(new FileInputStream(keyFile));
byte [] fileBytes = new byte[(int) keyFile.length()];
in.readFully(fileBytes);
in.close();
KeyFactory kf = KeyFactory.getInstance("RSA");
KeySpec ks = new X509EncodedKeySpec(fileBytes);
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)kf.generatePrivate(ks);

Cipher decryptCipher = Cipher.getInstance("RSA", bcp);
decryptCipher.init(Cipher.DECRYPT_MODE,rsaPrivateK ey);

byte[] messageDecrypte = decryptCipher.doFinal(messageCrypte);
System.out.println("Source decrypted: "+new
String(messageDecrypte)+"\n");
[...]
-------------------------------------------------------------
I've an error :

java.security.spec.InvalidKeySpecException: Key spec not RSA.

How to correct this?
Thanks a lot.

escreveu:
> Hi,
> I've 2 files : CA.cert (X509 certificate) and CA.key (contains private
> key)
> I want to encrypt a string "secret message" with the public key of the
> certificate and decrypt this string with the private key.
> I think encryption is ok, but I can't import the private key from the
> file.

OK. I store my Certs in LDAP and the private key as a serialized object
in LDAP. When I create my certs/private key and store them in LDAP - I
use the keystore file created by the java tool keygen. So this may not
help you - but the general idea is:

pk = (PrivateKey)ks.getKey(privateKeyAlias,
privateKeyPass.toCharArray());

I can show you the rest if you decide you want to go that route.

HTH,
iksrazal
http://www.braziloutsource.com/




> Here is my code:
> --------------------------------------------------------------------
> [...]
>
> InputStream inStream = new FileInputStream("./CA.crt"); //The X509
> certificate
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert =
> (X509Certificate)cf.generateCertificate(inStream);
> inStream.close();
>
> RSAPublicKey rsaPublicKey = (RSAPublicKey)cert.getPublicKey();
> BouncyCastleProvider bcp = new BouncyCastleProvider();
> Security.addProvider(bcp);
> Cipher encryptCipher = Cipher.getInstance("RSA", bcp);
> encryptCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey);
>
> String message = "secret message";
> byte[] messageACrypter = message.getBytes();
> byte[] messageCrypte = encryptCipher.doFinal(messageACrypter);
>
> System.out.println("\nSource : "+message);
> System.out.println("Source crypted: "+new String(messageCrypte)+"\n");
>
> File keyFile = new File("./CA.key");
> DataInputStream in = new DataInputStream(new FileInputStream(keyFile));
> byte [] fileBytes = new byte[(int) keyFile.length()];
> in.readFully(fileBytes);
> in.close();
> KeyFactory kf = KeyFactory.getInstance("RSA");
> KeySpec ks = new X509EncodedKeySpec(fileBytes);
> RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)kf.generatePrivate(ks);
>
> Cipher decryptCipher = Cipher.getInstance("RSA", bcp);
> decryptCipher.init(Cipher.DECRYPT_MODE,rsaPrivateK ey);
>
> byte[] messageDecrypte = decryptCipher.doFinal(messageCrypte);
> System.out.println("Source decrypted: "+new
> String(messageDecrypte)+"\n");
> [...]
> -------------------------------------------------------------
> I've an error :
>
> java.security.spec.InvalidKeySpecException: Key spec not RSA.
>
> How to correct this?
> Thanks a lot.

Thanks.
I use keystore generated with keytool.
Your solution with LDAP is interresting but a little complex in my
case.
I keep your email if I'me interrested later

Bye