## Java rsa decrypt_mode behavior

I was just experimenting with the following code but I don't understand why the code behaves the way it does:

public class Test { public static void main(String args[]) throws Exception { CertificateFactory certificateFactory1 = CertificateFactory.getInstance("X.509"); X509Certificate certificate1 = (X509Certificate)certificateFactory1.generateCertificate(Test.class.getResourceAsStream("pub.cer"); //Loading ssl certificate PublicKey pk1 = certificate1.getPublicKey(); Cipher cipher1 = Cipher.getInstance("RSA/ECB/NOPADDING"); cipher1.init(Cipher.ENCRYPT_MODE, pk1); bytes[] encrypted = cipher1.doFinal("dummy".getBytes("UTF-8"); CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X.509"); X509Certificate certificate2 = (X509Certificate)certificateFactory2.generateCertificate(Test.class.getResourceAsStream("pub.cer"); //Loading ssl certificate PublicKey pk2 = certificate2.getPublicKey(); Cipher cipher2 = Cipher.getInstance("RSA/ECB/NOPADDING"); cipher2.init(Cipher.DECRYPT_MODE, pk2); bytes[] decrypted = cipher2.doFinal(encrypted); } }

Why in `byte[]`

decrypted I'm getting output by `doFinal`

? I'm using jdk1.8.0_192.

Because I'm using public key for decryption and in asymmetric public key cryptography we can encrypt with public key and decrypt with private key.

Can somebody explain that and hopefully back it up with documentation?

If you specify `NoPadding`

then you basically get modular exponentiation. Of course, before that there is a step to convert the binary input to a number, and afterwards the encoding from a number to binary again. Funny enough that's true for both encryption and decryption, as those operations are rather symmetric for RSA.

The only difference is that you do first use the public key for encryption and the *private key* for decryption. However, sometimes you have to create your own *verification* scheme. In that case a raw modular exponentiation *with the public key* will nicely give you the (commonly padded) result. So then *decryption* with the public key makes some sense, even if it technically shouldn't be called decryption.

All in all, if your input is about the right size than just the decoding the input to a number, modular encryption (or decryption) and finally encoding the result will *never* fail. So you just get an output with the same size as the modulus, i.e. the key size in bytes. It is the unpadding for RSA that may fail. But your code would just run because you don't do any unpadding.

Of course, if you use the wrong modulus and exponent, the result of the decryption will not make any sense; it will look like a random number between 0 and the modulus used for the last operation.

**RSA Encryption and Decryption in Java,** Here, you can encrypt sensitive information with a public key and a matching private key is used to decrypt the same. Asymmetric encryption is RSA [Rivest Shamir Adleman] is a strong encryption and decryption algorithm which uses public key cryptography. RSA algorithm is an Asymmetric Cryptography algorithm, unlike Symmetric algorithm which uses the same key for both Encryption and Decryption we will be using two different keys.

https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html#init(int,%20java.security.Key)

Throws: InvalidKeyException - if the given key is inappropriate for initializing this cipher, or requires algorithm parameters that cannot be determined from the given key, or if the given key has a keysize that exceeds the maximum allowable keysize (as determined from the configured jurisdiction policy files).

RSA in decrypt mode reqruires PrivateKey instance instead of PublicKey and hence Case 2 of the above example would throw this exception.

If you are wondering Why it does not produce Compile time error, PublicKey and PrivateKey both extends Key Class and hence the Cipher.init(int,Key) signature is satisfied by both the Cases of your code.

**Issue decoding with RSA Public key,** CryptoCompatibility rsa-small-decrypt public.pem sig I used Java test code with "unlimited key strength" policy files and it worked! Java allows you to install With every doubling of the RSA key length, decryption is 6-7 times times slower.Hence, when there are large messages for RSA encryption, the performance degrades.In such scenarios, we first do an AES encryption of the messages and the key used for AES encryption is RSA encrypted and sent to the server.

These pricks that have hacked my phone have used this method on it causing it to not be encrypted..(among other things) my phone will not update as if it's rooted in their computer..

**Beginning Cryptography with Java,** As far as using the public key for encryption, El Gamal is pretty much like RSA; because it is based Not surprisingly, you will also find that the Diffie-Hellman key pair generator exhibits the same behavior. DECRYPT_MODE, privKey); byte[]. Java refuses to do this -- which is the correct behavior in my opinion -- and just throws an exception. You must emulate the behavior of phpseclib yourself in your Java code. You do this by first computing the length in bytes of your RSA modulus, by for example the following: int lenBytes = (((RSAKey)pr).getModulus().bitLength() + 7 ) / 8;

**BadPaddingException when using the textbook cipher,** It will behave like a textbook cipher. private static String decrypt(byte [] ciphertext) throws Exception { KeyStore doFinal(Cipher.java:2165) at when the padding is applied such as RSA with OAEP or something similar. RSA encrypt and decrypt in JAVA. GitHub Gist: instantly share code, notes, and snippets.

**Encryption / Decryption algorithm generic across JRE (Sun/IBM ,** Is RSA generic across SUN/IBM JRE? Another question: will base64Encoder / base64Decoder sun.misc.BASE64Decode / sun.misc.BASE64Encoder behave the RSA/ECB/PKCS1Padding (1024, 2048) RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048) RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048) These transformations are described in the Cipher section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Consult the release documentation for your implementation to see if any other

**CWE-780: Use of RSA Algorithm without OAEP (4.1),** The software uses the RSA algorithm but does not incorporate Optimal Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data Example Language: Java. Table data encryption works as follows: Users specify the properties to be encrypted. The client library generates a random Initialization Vector (IV) of 16 bytes along with a random content encryption key (CEK) of 32 bytes for every entity, and performs envelope encryption on the individual properties to be encrypted by deriving a new IV per property.