santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich Ackermann <ulrich.ackerm...@web.de>
Subject RE: Encrypt with public key
Date Wed, 13 Jun 2007 20:20:10 GMT
Hi Joseph,

Not sure if you are still interested in a solution for your problem because of the lack of
security involved in your attempt to sign a document with a public key.
But if so, there should be a possibility to do so by converting the public key in a private
key via an RSAKeySpec. I have not tried this on myself, so I am not sure if it really works.
The steps to do involve the following:

1. Create a RSAPrivateKeySpec object with the following (the exponents can be retrieved by
any object implementing the RSAPublicKey interface): RSAPrivateKeySpec(BigInteger modulus,
BigInteger privateExponent) 
2. Create a KeyFactory: KeyFactory.getInstance("RSA")
3. Generate the PrivateKey object by calling: generatePrivate(KeySpec keySpec), where keySpec
ist the key specification you got in step 1.

HTH,
Ulrich

-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 12.06.07 07:54:19
An:  <security-dev@xml.apache.org>
Betreff: RE: Encrypt with public key


Hi Ulrich! 

Thanks for your time to answer my query. My problem is not so much with
using the APIs. In fact I have successfully sent encrypted and signed
messages between two communicators. However, my problem lies here. The code
hereunder shows how I am signing the XML document, and it uses a PrivateKey
to do the signature. That is ok, and I want it that way. My problem is that
I ALSO want to sign the document with the PUBLIC key of the other person.
However, when I try to change localPrivateKey to a Public Key, I get an
exception that it needs a PrivateKey. Is it possible to work it out that
way?

public org.dom4j.Document sign (Document xmlDoc, PrivateKey localPrivateKey)
	   throws CustomException
	{
		org.dom4j.Document dc = null;

		try {
			String              providerName =
System.getProperty(
					  "jsr105Provider",
	
"org.jcp.xml.dsig.internal.dom.XMLDSigRI"
					);
			XMLSignatureFactory fac          =
XMLSignatureFactory.getInstance(
					  "DOM",
					  (Provider)
Class.forName(providerName).newInstance()
					);

			//fac.newSignatureMethod(SignatureMethod.DSA_SHA1,
null);
			Reference      ref      = fac.newReference(
					  "#root",
	
fac.newDigestMethod(DigestMethod.SHA1, null)
					);
			Node           rootNote =
xmlDoc.getDocumentElement();

			XMLStructure   content  = new
DOMStructure(rootNote);
			XMLObject      obj      = fac.newXMLObject(
	
Collections.singletonList(content),
					  "root",
					  null,
					  null
					);

			SignedInfo     si       = fac.newSignedInfo(
					  fac.newCanonicalizationMethod(
	
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
	
(C14NMethodParameterSpec) null
						  ),
	
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
					  Collections.singletonList(ref)
					);
			XMLSignature   xmlSig   = fac.newXMLSignature(
					  si,
					  null,
					  Collections.singletonList(obj),
					  null,
					  null
					);  // Check Key Info

			Document       doc      =
DocumentBuilderFactory.newInstance()
	
.newDocumentBuilder()
	
.newDocument();
			DOMSignContext dsc      = new
DOMSignContext(localPrivateKey, doc);

			//Sign XML
			xmlSig.sign(dsc);

			dc = new org.dom4j.io.DOMReader().read(doc);
		}  // end try
		catch (NoSuchAlgorithmException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (ClassNotFoundException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (InstantiationException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (IllegalAccessException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (InvalidAlgorithmParameterException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (MarshalException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (XMLSignatureException ex) {
			throw new CustomException (ex.getMessage(), ex);
		}  // end catch
		catch (ParserConfigurationException pce) {
			pce.printStackTrace();
		}  // end catch

		return dc;
	}  // end sign()


Kind regards


-----Original Message-----
From: Ulrich Ackermann 
Sent: 06 June 2007 23:57
To: security-dev@xml.apache.org
Subject: RE: Encrypt with public key

Hi Joseph,

There are a lot of sample classes shipped with the Apache XML Security
framework. 

How to perform encryption and decryption is shown the classes Decrypter and
Encrypter in the package org.apache.xml.security.samples.encryption.

How to perform signature and verification is shown the classes
CreateEnvelopingSignature CreateSignature and VerifySignature in the package
org.apache.xml.security.samples.signature.

We have used both BouncyCastle and IAIK as JCE providers and both worked
fine for us.

HTH,
Ulrich

-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 06.06.07 08:41:36
An: <security-dev@xml.apache.org>
Betreff: RE: Encrypt with public key


Dear Ulrich

Thanks for your response and the advice. I am using Bouncy Castle as my
security provider. Is there some code that I can use as an example for what
I need? The public key is stored in a public key object in a database, so
there is no difficutly retrieving it. 

Thanks and Regards
Joseph



-----Original Message-----
From: Ulrich Ackermann
Sent: 05 June 2007 22:50
To: security-dev@xml.apache.org
Subject: Re: Encrypt with public key

Hi Joseph,

Sure is this possible. That's what Apache XML Security is all about, isn't
it? :)

But I would first sign the message and encrypt it afterwards. That gives a
hacker less information because all signature related information is in the
encrypted part of the receipt.

Cheers,
Ulrich
-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 05.06.07 07:59:24
An: <security-dev@xml.apache.org>
Betreff: Encrypt with public key

Hi

I am writing an XML exchange program in which I would like a
mechanism if acknowledgements using encrypted XML receipts.

The receipt is an XML file simply stating that a message has
been received. It is sent by the receiver to the sender. I would like to
encrypt the message with the public key of the sender, and then signing the
message with the private key of the receiver. 

Is it possible to encrypt the message using the public key
with the Apache Encryption library?

Thanks for your help in advance.

Kind regards


Joseph

_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192







_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192







_________________________________________________________________________
In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114


Mime
View raw message