Java/JCE: Decrypting “long” message encrypted with RSA

Question

I\'ve got a message contained in an byte[], encrypted with \"RSA/ECB/PKCS1Padding\". To decrypt it I create a Cipher c and initiate it with

c = Cipher.getIns         


        

Answer 1

I think using RSA encryption for anything but key transport is abuse.

Generate a new key for a symmetric cipher and encrypt your bulk data with that. Then encrypt the key with RSA. Send the symmetrically-encrypted cipher-text along with the asymmetrically-encrypted content encryption key to your recipient.

Answer 2

Like Erickson said,

The steps you should take encrypt are:

1. Generate RSA key pair (or retrieve public key from a key store)
2. Generate Symmetric key (AES)
3. Encrypt data with AES key
4. Encrypt AES key with public RSA key
5. Store (or send to person with private key) the encrypted AES key, and the AES Encrypted Data

To decrypt:

1. Get private key associated with that key pair used to encrypt
2. Decrypt AES key with private key
3. Decrypt data with AES key
4. Use data

Answer 3

With RSA you can only encrypt/decrypt block with size up to your key length minus padding length. If you have data longer than your key maybe it is just merged in one array so you should split it into chunks with size of your key (128 bytes suggests 1024 key with no padding, I'm not sure if it's possible). Using update() is not the case here.

Simply, you have to know how this array was created.

Generally speaking, RSA shouldn't be used to encrypt large amount of data as it's quite time consuming. Should be used to encrypt key to symmetric cipher, like AES.

Take a look here: https://www.owasp.org/index.php/Digital_Signature_Implementation_in_Java