I have been able to use the algorithm to encrypt and decrypt files , but when I go to try and send a file from Android to a WAS server, it fails. Here is the encrypt side
Security.addProvider(new BouncyCastleProvider());
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecureRandom random = new SecureRandom();
keygen.init(random);
SecretKey key = keygen.generateKey();
// wrap with RSA public key
ObjectInputStream keyIn = new ObjectInputStream(new FileInputStream (getFileLocation(PUBLIC_KEY, localTest)));
Key publicKey = (Key) keyIn.readObject();
keyIn.close();
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.WRAP_MODE, publicKey);
byte[] wrappedKey = cipher.wrap(key);
DataOutputStream out = new DataOutputStream(new FileOutputStream(getFileLocation(SIGN_FILE, localTest)));
out.writeInt(wrappedKey.length);
out.write(wrappedKey);
InputStream in = new ByteArrayInputStream(message.getBytes());
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, key);
crypt(in, out, cipher);
in.close();
out.close();
FileInputStream fis = new FileInputStream(getFileLocation(SIGN_FILE, localTest));
byte[] buffer = new byte[fis.available()];
int i =0;
while (i< buffer.length ){
buffer[i]= (byte)fis.read();
i++;
}
String ss = encodeMsg(buffer);
return ss;
Here is the decrypt side
Security.addProvider(new BouncyCastleProvider());
byte[] arr = decodeMsg(encrypted);
DataInputStream in = new DataInputStream(new ByteArrayInputStream(arr));
int length = in.readInt();
byte[] wrappedKey = new byte[length];
in.read(wrappedKey, 0, length);
// unwrap with RSA private key
ObjectInputStream keyIn = new ObjectInputStream(new FileInputStream (getFileLocation(PRIVATE_KEY, localTest)));
Key privateKey = (Key) keyIn.readObject();
keyIn.close();
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.UNWRAP_MODE, privateKey);
Key key = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
OutputStream out = new FileOutputStream(getFileLocation(DECRYPTED, localTest));
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, key);
crypt(in, out, cipher);
in.close();
out.close();
FileInputStream fis = new FileInputStream(getFileLocation(DECRYPTED, localTest));
byte[] buffer = new byte[fis.available()];
int i =0;
while (i< buffer.length ){//!= 0) {
buffer[i]= (byte)fis.read();
i++;
}
String ss = new String(buffer);
return ss;
Again, on my workstation, this works. When doing the mobile request to the WAS web server, it fails. At first, it argued with the object class and so I recreated the keys using Java 1.6. I have recompiled the war into Java 1.6 as well. It errors as below.
–cipher unwrap
java.security.InvalidKeyException com.ibm.crypto.provider.RSA.engineUnwrap(Unknown Source)
javax.crypto.Cipher.unwrap(Unknown Source)
com.webapp.web.security.RSAEncrypt.decrypt(RSAEncrypt.java:161)
com.webapp.web.MobileRequest.doPost(MobileRequest.java:81)
javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
…
Does the WAS environment have to be updated to handle this? ideas?
UPDATE the keysize is set to 2048
The Unlimited Jurisdiciton policy might work, but I attempted to use the IBMJCE without success as well. Then, I switched to use the SunJCE provider (version Java 1.6) and now I am able to do the encryption and decryption in both Android and Websphere. I am having the administrators look into the policy files to see if BouncyCastle could be enabled, but I am ok with using the Sun provider files.