I am facing a very peculiar problem when using RSA encryption/decryption in Java.

Example code:

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
KeyPair kp = kpg.genKeyPair();

Cipher enc = Cipher.getInstance("RSA");
enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
String CipherText = new String(enc.doFinal(PlainText.getBytes()));
System.out.println("CipherText: ") + CipherText);

Cipher dec = Cipher.getInstance("RSA");
dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());
PlainText = new String(dec.doFinal(CipherText.getBytes()));
System.out.println("PlainText: " + PlainText);

As everyone can plainly see: I encrypt the plaintext using the public key, after which I decrypt the ciphertext using the private key.

This code crashes with the following message:

Exception in thread "main" javax.crypto.BadPaddingException: Data must start with zero

I also tried to explicitly use “RSA/ECB/NoPadding”, and this fails on decoding period. (Eg the decoded ciphertext doesn’t match the original plaintext).

Last but not least, I have tried to perform this when using my own PKCS1.5 padding function ala the PKCS1.5 specs:

EMB = 00 || 02 || RD || 00 || MD
EMB is encoded messageblock of length k
Where RD are 8 random nonzero bytes
MD is max length k = 11, and optionally padded with zero bytes to make EMB length k.

After two days of testing I can only conclude that the RSA algo in Java is flawed or simply not performing what I expect it to perform.

Any suggestions or fixes to the above code are very welcome, as I am completely stumped on why the above code will not simply work as expected.