Java Asymmetric Encryption Decryption Example with RSA
Asymmetric encryption is a strong encryption technique which uses a key pair. The key pair consists of a public key and a private key. Data or message encrypted using the private key can only be decrypted using the public key and vice versa. Many internet protocols and secure processes use asymmetric key encryption. For example SSH, SSL and digital signatures use asymmetric key encryption. Asymmetric key encryption assures confidentiality, integrity, authenticity and non-repudiability of the data being transferred from one system to another.
Asymmetric key encryption can be implemented in a number of algorithms. Some of the common algorithms are RSA, DSA and Elliptic Curve. The most commonly used asymmetric key algorithm is RSA. Java has good support for RSA algorithm. The following code example for RSA encryption is written in Java 8 (uses the new Base64 class).
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
// Java 8 example for RSA encryption/decryption.
// Uses strong encryption with 2048 key size.
public class RSAEncryptionJava8 {
public static void main(String[] args) throws Exception {
String plainText = "Hello World!";
// Generate public and private keys using RSA
Map<String, Object> keys = getRSAKeys();
PrivateKey privateKey = (PrivateKey) keys.get("private");
PublicKey publicKey = (PublicKey) keys.get("public");
String encryptedText = encryptMessage(plainText, privateKey);
String descryptedText = decryptMessage(encryptedText, publicKey);
System.out.println("input:" + plainText);
System.out.println("encrypted:" + encryptedText);
System.out.println("decrypted:" + descryptedText);
}
// Get RSA keys. Uses key size of 2048.
private static Map<String,Object> getRSAKeys() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
Map<String, Object> keys = new HashMap<String,Object>();
keys.put("private", privateKey);
keys.put("public", publicKey);
return keys;
}
// Decrypt using RSA public key
private static String decryptMessage(String encryptedText, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(encryptedText)));
}
// Encrypt using RSA private key
private static String encryptMessage(String plainText, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return Base64.getEncoder().encodeToString(cipher.doFinal(plainText.getBytes()));
}
}
The following code example for RSA encryption is written for Java 7. This uses the Apache commons library for base64 encoding. Ensure the Apache commons codec library jar is in the classpath,
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
// Java example for RSA encryption/decryption.
// Uses Apache commons codec library
// Uses strong encryption with 2048 key size.
public class RSAEncryptionJava {
public static void main(String[] args) throws Exception {
String plainText = "Hello World!";
// Generate public and private keys using RSA
Map<String, Object> keys = getRSAKeys();
PrivateKey privateKey = (PrivateKey) keys.get("private");
PublicKey publicKey = (PublicKey) keys.get("public");
String encryptedText = encryptMessage(plainText, privateKey);
String descryptedText = decryptMessage(encryptedText, publicKey);
System.out.println("input:" + plainText);
System.out.println("encrypted:" + encryptedText);
System.out.println("decrypted:" + descryptedText);
}
// Get RSA keys. Uses key size of 2048.
private static Map<String, Object> getRSAKeys() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
Map<String, Object> keys = new HashMap<String, Object>();
keys.put("private", privateKey);
keys.put("public", publicKey);
return keys;
}
// Decrypt using RSA public key
private static String decryptMessage(String encryptedText, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(cipher.doFinal(Base64.decodeBase64(encryptedText)));
}
// Encrypt using RSA private key
private static String encryptMessage(String plainText, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return Base64.encodeBase64String(cipher.doFinal(plainText.getBytes()));
}
}
Here is the gradle build file for the above example.
apply plugin: 'java'
apply plugin: 'application'
repositories {
jcenter()
}
dependencies {
compile 'commons-codec:commons-codec:1.10'
}
When large messages are involved, RSA encryption and decryption can be slow. In such scenarios, a hybrid encryption approach is used. In this method, the large message is encrypted using AES algorithm and then the AES key is encrypted using the RSA algorithm. The AES encrypted message and RSA encrypted AES key is sent across. When the message is received, the AES key is first decrypted using RSA public key and then the message is decrypted using the AES key. The following example in Java 8 demonstrates this hybrid encryption approach.
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
// Java 8 example for RSA-AES encryption/decryption.
// Uses strong encryption with 2048 key size.
public class RSAEncryptionWithAES {
public static void main(String[] args) throws Exception {
String plainText = "Hello World!";
// Generate public and private keys using RSA
Map<String, Object> keys = getRSAKeys();
PrivateKey privateKey = (PrivateKey) keys.get("private");
PublicKey publicKey = (PublicKey) keys.get("public");
// First create an AES Key
String secretAESKeyString = getSecretAESKeyAsString();
// Encrypt our data with AES key
String encryptedText = encryptTextUsingAES(plainText, secretAESKeyString);
// Encrypt AES Key with RSA Private Key
String encryptedAESKeyString = encryptAESKey(secretAESKeyString, privateKey);
// The following logic is on the other side.
// First decrypt the AES Key with RSA Public key
String decryptedAESKeyString = decryptAESKey(encryptedAESKeyString, publicKey);
// Now decrypt data using the decrypted AES key!
String decryptedText = decryptTextUsingAES(encryptedText, decryptedAESKeyString);
System.out.println("input:" + plainText);
System.out.println("AES Key:" + secretAESKeyString);
System.out.println("decrypted:" + decryptedText);
}
// Create a new AES key. Uses 128 bit (weak)
public static String getSecretAESKeyAsString() throws Exception {
KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(128); // The AES key size in number of bits
SecretKey secKey = generator.generateKey();
String encodedKey = Base64.getEncoder().encodeToString(secKey.getEncoded());
return encodedKey;
}
// Encrypt text using AES key
public static String encryptTextUsingAES(String plainText, String aesKeyString) throws Exception {
byte[] decodedKey = Base64.getDecoder().decode(aesKeyString);
SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
// AES defaults to AES/ECB/PKCS5Padding in Java 7
Cipher aesCipher = Cipher.getInstance("AES");
aesCipher.init(Cipher.ENCRYPT_MODE, originalKey);
byte[] byteCipherText = aesCipher.doFinal(plainText.getBytes());
return Base64.getEncoder().encodeToString(byteCipherText);
}
// Decrypt text using AES key
public static String decryptTextUsingAES(String encryptedText, String aesKeyString) throws Exception {
byte[] decodedKey = Base64.getDecoder().decode(aesKeyString);
SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
// AES defaults to AES/ECB/PKCS5Padding in Java 7
Cipher aesCipher = Cipher.getInstance("AES");
aesCipher.init(Cipher.DECRYPT_MODE, originalKey);
byte[] bytePlainText = aesCipher.doFinal(Base64.getDecoder().decode(encryptedText));
return new String(bytePlainText);
}
// Get RSA keys. Uses key size of 2048.
private static Map<String, Object> getRSAKeys() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
Map<String, Object> keys = new HashMap<String, Object>();
keys.put("private", privateKey);
keys.put("public", publicKey);
return keys;
}
// Decrypt AES Key using RSA public key
private static String decryptAESKey(String encryptedAESKey, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(encryptedAESKey)));
}
// Encrypt AES Key using RSA private key
private static String encryptAESKey(String plainAESKey, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return Base64.getEncoder().encodeToString(cipher.doFinal(plainAESKey.getBytes()));
}
}