Using RSA encryption with Java

With the increase awareness to security the demand for securing data is rising. Fortunately Java provides pretty good tools that can help developers encrypt and decrypt data.

One of the most popular encryption is called RSA encryption. Named after its inventors, Ron Rivest, Adi Shamir and Leonard Adleman, RSA encryption transforms the number "char" into the number "cipher" with the formula

The numbers e and n are the two numbers you create and publish. They are your "public key." The number char can be simply the digital value of a block of ASCII characters. The formula says: multiply the number char by itself e times, then divide the result by the number n and save only the remainder. The remainder that we have called cipher is the encrypted representation of char.

Using the two numbers you have published, anyone can scramble a message and send it to you. You are the only one who can unscramble it; not even the sender of the message can decrypt the ciphertext.

Standard Java 2 distribution includes security provider support for generation of RSA digital signatures, but does NOT contain a provider implementation for generating RSA encrypted data. An extra provider must be added to obtain this capability from standard Java 2, such as the <a href="" target=_blank>Bouncy Castle Provider</a>.

Since I couldn't find any good examples that use Java with RSA, we'll build a nice RSAEncryptUtil class that you can use as a reference for using RSA encryption (you can download the full source code at the bottom of this page)

Now that we have the two keys we can encrypt and decrypt information. In order to do that we are going to use javax.crypto.Cipher. This class provides the functionality of a cryptographic cipher for encryption and decryption. It forms the core of the Java Cryptographic Extension (JCE) framework.

In order to create a Cipher object, the application calls the Cipher's getInstance method, and passes the name of the requested transformation to it. Optionally, the name of a provider may be specified.

A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm, and may be followed by a feedback mode and padding scheme. A transformation is of the form:"algorithm/mode/padding" or "algorithm"

In our example we'll encrypt a message using our public key.

Now that we have the strings we can do anything we want with them: Save the key in a database, send the public key thru email, web page or any other method, send and receive encrypted messages and anything else you can think of.

One more useful task you would like to do is to be able to handle files. The problem with files (and large strings) is that RSA encryption data size limitations are slightly less than the key modulus size, depending on the actual padding scheme used (e.g. with 1024 bit (128 byte) RSA key, the size limit is 117 bytes for PKCS#1 v 1.5 padding. Hence in order to handle files we need to read and write the files in small blocks. In our example well use blocks of 100 bytes.

I hope this article will help you make your first steps in to the encryption world. You can <a download the full source code from the link below which includes some other convenient methods for you to work with.