How to avoid using BouncyCastle as provider with jCryption

**AlexZam** · 22 August 2013 at 13:52

Here is the snippet for RSA decoding compatible with jCryption. We assume that encExternalKey is what jCryption send in key parameter on handshake call. modulus and secretExponent are taken from 100_1024_keys.inc.php file that comes with jCryption.

RSAPrivateKeySpec privateKeySpec =
   new RSAPrivateKeySpec(new BigInteger(modulus, 10), new BigInteger(secretExponent, 10));
RSAPrivateKey privateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(privateKeySpec);

Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
StringBuilder externalKeyBuf =
    new StringBuilder(new String(cipher.doFinal(new BigInteger(encExternalKey, 16).toByteArray())));
String externalKey = externalKeyBuf.reverse().toString().trim();

**neubert** · 29 March 2012 at 16:26

jcryption isn't as secure as you might think:

http://www.securityfocus.com/archive/1/520683

My recommendation... do something similar to this:

http://www.frostjedi.com/terra/dev/rsa/index.php

The following URL elaborates:

http://area51.phpbb.com/phpBB/viewtopic.php?f=84&t=33024&start=0

**Bruno** · 29 March 2012 at 16:33

Generally speaking, if you want security, avoid JavaScript cryptography, use SSL/TLS instead.

The main problems are:

insufficient quality of implementation of cryptographic routines (e.g. random numbers)
the client has no idea whether the script may have been tampered with by a MITM attacker, even if the JavaScript library is of sufficient quality.

You're not actually adding much security by using JavaScript cryptography on your website unfortunately.

How to avoid using BouncyCastle as provider with jCryption

There are 3 best solutions below

Related Questions in JAVA

Related Questions in SECURITY

Related Questions in ENCRYPTION

Related Questions in RSA

Related Questions in JCRYPTION

Trending Questions

Popular # Hahtags

Popular Questions