1

I've implemented a security system in my app with RSA. I've generated the public and private keys using Keyczar Tool. Using just keyczar I can encrypt with public key and decrypt with private key with no problems at all.

I want to encrypt some data in JS and then pass it to Java. For this I'm trying to use this library (https://github.com/ziyan/javascript-rsa) but I'm not being able to encrypt the data or at least not encrypting the data correctly (it's bigger than with keyczar).

How can I encrypt with this tool using my public key? Can anyone help me?

Henrique Gonçalves
  • 1,572
  • 3
  • 16
  • 27

1 Answers1

1

There is not a javascript client for keyczar, so if you want to produce ciphertext consumable by keyczar.

Look at the keyczar public key format you will need to provide the public key info from your server to your javascript encryptor. http://code.google.com/p/keyczar/wiki/RsaPublicKey

Alternatively, it looks like your javascript library will read PEM format. You can use the KeyczarTool to export your public key in PEM format with the export.

Look at the Keyczar ciphertext format for rsa http://code.google.com/p/keyczar/wiki/CiphertextFormat

You'll need to prepend the header to your ciphertext generate with the javascript.

Technically you need to produce a keyhash to append a proper header, but a given header will always be identical for a given key regardless of the ciphertext, so you could just provide it with your public key generated by the java keyczar code.

jbtule
  • 31,383
  • 12
  • 95
  • 128
  • can you explain a little bit more plz. Using that JS library I'm trying to generate with my public key, with that publicExponent (AQAB). I'm getting errors (not generating the right key or because of Base64 wich I've needed to change) – Henrique Gonçalves Jan 17 '13 at 17:07
  • keyczar uses a modified base64 safe for url and filenames, http://tools.ietf.org/html/rfc4648, instead of +,/ it uses -,_ and omits padding. Also you should use the public key data from the keyset on your server, not the example, i'd just use the server code to reformat the public key data and key hash so that is easy to consume in your javascript. – jbtule Jan 17 '13 at 17:35
  • Yes, but when I change for my public key, JS gives an error in getPublicKey (commenting out the `$pem.substr(0,26)...` in rsa.js). Also changed the Base64 to `ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_` – Henrique Gonçalves Jan 17 '13 at 18:01
  • Ah i see, your javascript library will read the keydata in PEM format with normal Base64, your public key can be exported this way with the keyczartool. See `export` command. – jbtule Jan 17 '13 at 18:25
  • Thank you for your response. KeyczarTool doesn't have an export command (at least not the version I'm using `KeyczarTool-0.71f-060112.jar`). I've seen an example with keyczartool.exe but I can't find it... I'm trying to use openssl to convert the key to PEM but I'm not succedding. Any tips? – Henrique Gonçalves Jan 18 '13 at 11:19
  • It's weird, I saw it in the [source of the java version](http://code.google.com/p/keyczar/source/browse/java/code/src/org/keyczar/KeyczarTool.java#151). The exe version is the .NET version, which I wrote, so i can tell you how to get a premade binary, if you are running windows. Use [NugetExplorer](http://nuget.codeplex.com/downloads/get/clickOnce/NuGetPackageExplorer.application), and `open package from online feed` search for keyczar and it will be in the tools folder of the package, you can right click `save as`. – jbtule Jan 18 '13 at 13:30