Asymmetric Encryption¶
Asymmetric encryption refers to a cryptographic system requiring two separate keys, one to encrypt the plaintext, and one to decrypt the ciphertext. Neither key will do both functions. One of these keys is public and the other is kept private. If the encryption key is the one published then the system enables private communication from the public to the decryption key’s owner.
Contents
Asymmetric encryption can be used by a protocol or a user in two different ways:
1. The protocol works on an abstract level and does not know the concrete algorithm of the asymmetric encryption. This way the protocol cannot create a specific Plaintext to the encrypt function because it does not know which concrete Plaintext the encrypt function should get. Similarly, the protocol does not know how to treat the Plaintext returned from the decrypt function. In these cases the protocol has a byte array that needs to be encrypted.
- The protocol knows the concrete algorithm of the asymmetric encryption. This way the protocol knows which Plaintext implementation the encrypt function gets and the decrypt function returns. Therefore, the protocol can be specific and cast the plaintext to the concrete implementation. For example, the protocol knows that it has a DamgardJurikEnc object, so the encrypt function gets a BigIntegerPlaintext and the decrypt function returns a BigIntegerPlaintext. The protocol can create such a plaintext in order to call the encrypt function or cast the returned plaintext from the decrypt function to get the BigInteger value that was encrypted.
The AsymmetricEnc Interface¶
- public interface AsymmetricEnc extends Cpa, Indistinguishable¶
General interface for asymmetric encryption. Each class of this family must implement this interface.
Encryption and Decryption¶
- public AsymmetricCiphertext encrypt(Plaintext plainText)¶
Encrypts the given plaintext using this asymmetric encryption scheme.
Parameters: - plainText – message to encrypt
Throws: - IllegalArgumentException – if the given Plaintext doesn’t match this encryption type.
- IllegalStateException – if no public key was set.
Returns: Ciphertext the encrypted plaintext
- public Plaintext decrypt(AsymmetricCiphertext cipher)¶
Decrypts the given ciphertext using this asymmetric encryption scheme.
Parameters: - cipher – ciphertext to decrypt
Throws: - IllegalArgumentException – if the given Ciphertext doesn’t march this encryption type.
- KeyException – if there is no private key
Returns: Plaintext the decrypted cipher
Plaintext Manipulation¶
- public Plaintext generatePlaintext(byte[] text)¶
Generates a Plaintext suitable for this encryption scheme from the given message.
A Plaintext object is needed in order to use the encrypt function. Each encryption scheme might generate a different type of Plaintext according to what it needs for encryption. The encryption function receives as argument an object of type Plaintext in order to allow a protocol holding the encryption scheme to be oblivious to the exact type of data that needs to be passed for encryption.
Parameters: - text – byte array to convert to a Plaintext object.
Throws: - IllegalArgumentException – if the given message’s length is greater than the maximum.
- public byte[] generateBytesFromPlaintext(Plaintext plaintext)¶
Generates a byte array from the given plaintext. This function should be used when the user does not know the specific type of the Asymmetric encryption he has, and therefore he is working on byte array.
Parameters: - plaintext – to generates byte array from.
Returns: the byte array generated from the given plaintext.
- public int getMaxLengthOfByteArrayForPlaintext()¶
Returns the maximum size of the byte array that can be passed to generatePlaintext function. This is the maximum size of a byte array that can be converted to a Plaintext object suitable to this encryption scheme.
Throws: - NoMaxException – if this encryption scheme has no limit on the plaintext input.
Returns: the maximum size of the byte array that can be passed to generatePlaintext function.
- public boolean hasMaxByteArrayLengthForPlaintext()¶
There are some encryption schemes that have a limit of the byte array that can be passed to the generatePlaintext. This function indicates whether or not there is a limit. Its helps the user know if he needs to pass an array with specific length or not.
Returns: true if this encryption scheme has a maximum byte array length to generate a plaintext from; false, otherwise.
Key Generation¶
- public KeyPair generateKey(AlgorithmParameterSpec keyParams)¶
Generates public and private keys for this asymmetric encryption.
Parameters: - keyParams – hold the required parameters to generate the encryption scheme’s keys
Throws: - InvalidParameterSpecException – if the given parameters don’t match this encryption scheme.
Returns: KeyPair holding the public and private keys relevant to the encryption scheme
- public KeyPair generateKey()¶
Generates public and private keys for this asymmetric encryption.
Returns: KeyPair holding the public and private keys
Key Handling¶
- public PublicKey getPublicKey()¶
Returns the PublicKey of this encryption scheme.
This function should not be use to check if the key has been set. To check if the key has been set use isKeySet function.
Throws: - IllegalStateException – if no public key was set.
Returns: the PublicKey
- public boolean isKeySet()¶
Checks if this AsymmetricEnc object has been previously initialized with corresponding keys.
Returns: true if either the Public Key has been set or the key pair (Public Key, Private Key) has been set; false otherwise.
- public void setKey(PublicKey publicKey, PrivateKey privateKey)¶
Sets this asymmetric encryption with public key and private key.
Parameters: - publicKey –
- privateKey –
Throws: - InvalidKeyException – if the given keys don’t match this encryption scheme.
- public void setKey(PublicKey publicKey)¶
Sets this asymmetric encryption with a public key
In this case the encryption object can be used only for encryption.
Parameters: - publicKey –
Throws: - InvalidKeyException – if the given key doesn’t match this encryption scheme.
Reconstruction (from communication channel)¶
- public AsymmetricCiphertext reconstructCiphertext(AsymmetricCiphertextSendableData data)¶
Reconstructs a suitable AsymmetricCiphertext from data that was probably obtained via a Channel or any other means of sending data (including serialization).
We emphasize that this is NOT in any way an encryption function, it just receives ENCRYPTED DATA and places it in a ciphertext object.
Parameters: - data – contains all the necessary information to construct a suitable ciphertext.
Returns: the AsymmetricCiphertext that corresponds to the implementing encryption scheme, for ex: CramerShoupCiphertext
- public PrivateKey reconstructPrivateKey(KeySendableData data)¶
Reconstructs a suitable PrivateKey from data that was probably obtained via a Channel or any other means of sending data (including serialization).
We emphasize that this function does NOT in any way generate a key, it just receives data and recreates a PrivateKey object.
Parameters: - data – a KeySendableData object needed to recreate the original key. The actual type of KeySendableData has to be suitable to the actual encryption scheme used, otherwise it throws an IllegalArgumentException
Returns: a new PrivateKey with the data obtained as argument
- public PublicKey reconstructPublicKey(KeySendableData data)¶
Reconstructs a suitable PublicKey from data that was probably obtained via a Channel or any other means of sending data (including serialization).
We emphasize that this function does NOT in any way generate a key, it just receives data and recreates a PublicKey object.
Parameters: - data – a KeySendableData object needed to recreate the original key. The actual type of KeySendableData has to be suitable to the actual encryption scheme used, otherwise it throws an IllegalArgumentException
Returns: a new PublicKey with the data obtained as argument
Using the Generic Interface¶
Sender Usage:
//Get an abstract Asymmetric encryption object from somewhere. //Generate a keyPair using the encryptor.
KeyPair pair = encryptor.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party2's public key:
encryptor.setKey(party2PublicKey, pair.getPrivate());
//Generate a plaintext suitable for this encryption object using the encryption object.
Plaintext plaintext = encryptor.generatePlaintext(msg);
//Encrypt the plaintext
AsymmetricCiphertext cipher = encryptor.encrypt(plaintext);
//Send cipher and keys to the receiver.
...
Receiver Usage:
//Get the same asymmetric encryption object as the sender’s object. //Generate a keyPair using the encryption object.
KeyPair pair = encryptor.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party1's public key:
encryptor.setKey(party1PublicKey, pair.getPrivate());
//Get the ciphertext and decrypt it to get the plaintext.
...
Plaintext plaintext = encryptor.decrypt(cipher);
//Get the plaintext bytes using the encryption object and use it as needed.
byte[] text = encryptor.generatesBytesFromPlaintext(plaintext);
...
El Gamal Encryption Scheme¶
The El Gamal encryption scheme’s security is based on the hardness of the decisional Diffie-Hellman (DDH) problem. ElGamal encryption can be defined over any cyclic group . Its security depends upon the difficulty of a certain problem in related to computing discrete logarithms. We implement El Gamal over a Dlog Group where is the order of group and is the generator.
ElGamal encryption scheme can encrypt a group element and a byte array. The general case that accepts a message that should be encrypted usually uses the encryption on a byte array, but in other cases there are protocols that do multiple calculations and might want to keep working on a close group. For those cases we provide encryption on a group element.
In order to allow these two encryption types, we provide two ElGamal concrete classes. One implements the encrypt function on a group element and is called ScElGamalOnGroupElement, and the other one implements the encrypt function on a byte array and is called ScElGamalOnByteArray.
Note
Note that ElGamal on a groupElement is an asymmetric multiplicative homomorphic encryption, while ElGamal on a ByteArray is not.
ElGamalEnc Interface¶
- public interface ElGamalEnc extends AsymmetricEnc¶
General interface for El Gamal encryption scheme. Every concrete implementation of ElGamal should implement this interface. By definition, this encryption scheme is CPA-secure and Indistinguishable.
- public AsymmetricCiphertext encryptWithGivenRandomValue(Plaintext plaintext, BigInteger y)¶
Encrypts the given message using ElGamal encryption scheme.
Parameters: - plaintext – contains message to encrypt. The given plaintext must match this ElGamal type.
Throws: - IllegalArgumentException – if the given Plaintext does not match this ElGamal type.
- IllegalStateException – if no public key was set.
Returns: Ciphertext containing the encrypted message.
ScElGamalOnByteArray Interface¶
- public class ScElGamalOnByteArray extends ElGamalAbs¶
This class performs the El Gamal encryption scheme that perform the encryption on a ByteArray. The general encryption of a message usually uses this type of encryption. By definition, this encryption scheme is CPA-secure and Indistinguishable.
Constructors¶
- public ScElGamalOnByteArray()¶
Default constructor. Uses the default implementations of DlogGroup and SecureRandom.
- public ScElGamalOnByteArray(DlogGroup dlogGroup, KeyDerivationFunction kdf)¶
Constructor that gets a DlogGroup and sets it to the underlying group. It lets SCAPI choose and source of randomness.
Parameters: - dlogGroup – must be DDH secure.
- kdf – a key derivation function.
Throws: - SecurityLevelException – if the given dlog group does not have DDH security level.
- public ScElGamalOnByteArray(DlogGroup dlogGroup, KeyDerivationFunction kdf, SecureRandom random)¶
Constructor that gets a DlogGroup and source of randomness.
Parameters: - dlogGroup – must be DDH secure.
- kdf – a key derivation function.
- random – source of randomness.
Throws: - SecurityLevelException – if the given dlog group does not have DDH security level.
Complete Encryption¶
- protected AsymmetricCiphertext completeEncryption(GroupElement c1, GroupElement hy, Plaintext plaintext)¶
Completes the encryption operation.
Parameters: - plaintext – contains message to encrypt. MUST be of type ByteArrayPlaintext.
Throws: - IllegalArgumentException – if the given Plaintext is not an instance of ByteArrayPlaintext.
Returns: Ciphertext of type ElGamalOnByteArrayCiphertext containing the encrypted message.
ScElGamalOnGroupElement Interface¶
- public class ScElGamalOnGroupElement extends ElGamalAbs implements AsymMultiplicativeHomomorphicEnc¶
This class performs the El Gamal encryption scheme that perform the encryption on a GroupElement.
In some cases there are protocols that do multiple calculations and might want to keep working on a close group. For those cases we provide encryption on a group element. By definition, this encryption scheme is CPA-secure and Indistinguishable.
Constructors¶
- public ScElGamalOnGroupElement()¶
Default constructor. Uses the default implementations of DlogGroup, CryptographicHash and SecureRandom.
- public ScElGamalOnGroupElement(DlogGroup dlogGroup)¶
Constructor that gets a DlogGroup and sets it to the underlying group. It lets SCAPI choose and source of randomness.
Parameters: - dlogGroup – must be DDH secure.
Throws: - SecurityLevelException –
- public ScElGamalOnGroupElement(DlogGroup dlogGroup, SecureRandom random)¶
Constructor that gets a DlogGroup and source of randomness.
Parameters: - dlogGroup – must be DDH secure.
- random – source of randomness.
Throws: - SecurityLevelException – if the given dlog group does not have DDH security level.
Complete Encryption¶
- protected AsymmetricCiphertext completeEncryption(GroupElement c1, GroupElement hy, Plaintext plaintext)¶
Completes the encryption operation.
Parameters: - plaintext – contains message to encrypt. MUST be of type GroupElementPlaintext.
Throws: - IllegalArgumentException – if the given Plaintext is not an instance of GroupElementPlaintext.
Returns: Ciphertext of type ElGamalOnGroupElementCiphertext containing the encrypted message.
Multiply Ciphertexts (Homomorphic Encryption operation)¶
- public AsymmetricCiphertext multiply(AsymmetricCiphertext cipher1, AsymmetricCiphertext cipher2)¶
Calculates the ciphertext resulting of multiplying two given ciphertexts. Both ciphertexts have to have been generated with the same public key and DlogGroup as the underlying objects of this ElGamal object.
Throws: - IllegalArgumentException – in the following cases: 1. If one or more of the given ciphertexts is not instance of ElGamalOnGroupElementCiphertext. 2. If one or more of the GroupElements in the given ciphertexts is not a member of the underlying DlogGroup of this ElGamal encryption scheme.
- IllegalStateException – if no public key was set.
Returns: Ciphertext of the multiplication of the plaintexts p1 and p2 where alg.encrypt(p1)=cipher1 and alg.encrypt(p2)=cipher2
Basic Usage¶
Sender usage:
//Create an underlying DlogGroup.
DlogGroup dlog = new MiraclDlogECFp();
//Create an ElGamalOnGroupElement encryption object.
ElGamalEnc elGamal = new ScElGamalOnGroupElement(dlog);
//Generate a keyPair using the ElGamal object.
KeyPair pair = elGamal.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party2's public key:
elGamal.setKey(party2PublicKey, pair.getPrivate());
//Create a GroupElementPlaintext to encrypt and encrypt the plaintext.
Plaintext plaintext = new GroupElementPlaintext(dlog.createRandomElement());
AsymmetricCiphertext cipher = elGamal.encrypt(plaintext);
//Sends cipher to the receiver.
Receiver usage:
//Create an ElGamal object with the same DlogGroup definition as party1.
//Generate a keyPair using the ElGamal object.
KeyPair pair = elGamal.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party1's public key:
elGamal.setKey(party1PublicKey, pair.getPrivate());
//Get the ciphertext and decrypt it to get the plaintext. ...
GroupElementPlaintext plaintext = (GroupElementPlaintext)elGamal.decrypt(cipher);
//Get the plaintext element and use it as needed.
GroupElement element = plaintext.getElement(); ...
Cramer Shoup DDH Encryption Scheme¶
The Cramer Shoup encryption scheme’s security is based on the hardness of the decisional Diffie-Hellman (DDH) problem, like El Gamal encryption scheme. Cramer Shoup encryption can be defined over any cyclic group . Its security depends upon the difficulty of a certain problem in related to computing discrete logarithms.
We implement Cramer Shoup over a Dlog Group where is the order of group and is the generator.
In contrast to El Gamal, which is extremely malleable, Cramer–Shoup adds other elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a hash function and additional computations, resulting in a ciphertext which is twice as large as in El Gamal.
Similary to ElGamal, Cramer Shoup encryption scheme can encrypt a group element and a byte array. In order to allow these two encryption types, we provide two Cramer Shoup concrete classes. One implements the encrypt function on a group element and is called ScCramerShoupDDHOnGroupElement, and the other one implements the encrypt function on a byte array and is called ScCramerShoupDDHOnByteArray.
The CramerShoupDDHEnc Interface¶
- public interface CramerShoupDDHEnc extends AsymmetricEnc, Cca2¶
General interface for CramerShoup encryption scheme. Every concrete implementation of CramerShoup encryption should implement this interface. By definition, this encryption scheme is CCA-secure and NonMalleable.
The ScCramerShoupDDHOnByteArray Interface¶
- public class ScCramerShoupDDHOnByteArray extends CramerShoupAbs¶
- public ScCramerShoupDDHOnByteArray()¶
Default constructor. It uses a default Dlog group and CryptographicHash.
- public ScCramerShoupDDHOnByteArray(DlogGroup dlogGroup, CryptographicHash hash, KeyDerivationFunction kdf)¶
Constructor that lets the user choose the underlying dlog and hash. Uses default implementation of SecureRandom as source of randomness.
Parameters: - dlogGroup – underlying DlogGroup to use, it has to have DDH security level
- hash – underlying hash to use, has to have CollisionResistant security level
Throws: - SecurityLevelException – if the Dlog Group or the Hash function do not meet the required Security Level
- public ScCramerShoupDDHOnByteArray(DlogGroup dlogGroup, CryptographicHash hash, KeyDerivationFunction kdf, SecureRandom random)¶
Constructor that lets the user choose the underlying dlog, hash and source of randomness.
Parameters: - dlogGroup – underlying DlogGroup to use, it has to have DDH security level
- hash – underlying hash to use, has to have CollisionResistant security level
- random – source of randomness.
Throws: - SecurityLevelException – if the Dlog Group or the Hash function do not meet the required Security Level
The ScCramerShoupDDHOnGroupElement Interface¶
- public class ScCramerShoupDDHOnGroupElement extends CramerShoupAbs¶
Concrete class that implement Cramer-Shoup encryption scheme. By definition, this encryption scheme is CCA-secure and NonMalleable.
- public ScCramerShoupDDHOnGroupElement()¶
Default constructor. It uses a default Dlog group and CryptographicHash.
- public ScCramerShoupDDHOnGroupElement(DlogGroup dlogGroup, CryptographicHash hash)¶
Constructor that lets the user choose the underlying dlog and hash. Uses default implementation of SecureRandom as source of randomness.
Parameters: - dlogGroup – underlying DlogGroup to use, it has to have DDH security level
- hash – underlying hash to use, has to have CollisionResistant security level
Throws: - SecurityLevelException – if the Dlog Group or the Hash function do not meet the required Security Level
- public ScCramerShoupDDHOnGroupElement(DlogGroup dlogGroup, CryptographicHash hash, SecureRandom random)¶
Constructor that lets the user choose the underlying dlog, hash and source of randomness.
Parameters: - dlogGroup – underlying DlogGroup to use, it has to have DDH security level
- hash – underlying hash to use, has to have CollisionResistant security level
- random – source of randomness.
Throws: - SecurityLevelException – if the Dlog Group or the Hash function do not meet the required Security Level
Basic Usage¶
Sender usage:
//Create an underlying DlogGroup.
DlogGroup dlog = new MiraclDlogECF2m();
//Create a CramerShoupOnByteArray encryption object.
CramerShoupDDHEnc encryptor = new ScCramerShoupDDHOnByteArray(dlog);
//Generate a keyPair using the CramerShoup object.
KeyPair pair = encryptor.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party2's public key:
encryptor.setKey(party2PublicKey, pair.getPrivate());
//Get a byte[] message to encrypt. Check if the length of the given msg is valid.
if (encryptor.hasMaxByteArrayLengthForPlaintext()){
if (msg.length>encryptor.getMaxLengthOfByteArrayForPlaintext()) {
throw new IllegalArgumentException(“message too long”);
}
}
//Generate a plaintext suitable to this CramerShoup object.
Plaintext plaintext = encryptor.generatePlaintext(msg);
//Encrypt the plaintext
AsymmetricCiphertext cipher = encrypor.encrypt(plaintext);
//Send cipher and keys to the receiver.
Receiver usage:
//Create a CramerShoup object with the same DlogGroup definition as party1.
//Generate a keyPair using the CramerShoup object.
KeyPair pair = encryptor.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party1's public key:
encryptor.setKey(party1PublicKey, pair.getPrivate());
//Get the ciphertext and decrypt it to get the plaintext. ...
ByteArrayPlaintext plaintext = ((ByteArrayPlaintext)encryptor).decrypt(cipher);
//Get the plaintext bytes and use it as needed.
byte[] text = plaintext.getText();
Damgard Jurik Encryption Scheme¶
Damgard Jurik is an asymmetric encryption scheme that is based on the Paillier encryption scheme. This encryption scheme is CPA-secure and Indistinguishable.
Interface¶
- public interface DamgardJurikEnc extends AsymAdditiveHomomorphicEnc¶
General interface for DamgardJurik encryption scheme. Every concrete implementation of DamgardJurik encryption should implement this interface. By definition, this encryption scheme is CPA-secure and Indistinguishable.
- public AsymmetricCiphertext reRandomize(AsymmetricCiphertext cipher)¶
This function takes an encryption of some plaintext (let’s call it originalPlaintext) and returns a cipher that “looks” different but it is also an encryption of originalPlaintext.
Parameters: - cipher –
Throws: - IllegalArgumentException – if the given ciphertext does not match this asymmetric encryption.
- IllegalStateException – if no public key was set.
Scapi Implementation¶
- public class ScDamgardJurikEnc implements DamgardJurikEnc¶
Damgard Jurik is an asymmetric encryption scheme based on the Paillier encryption scheme. This encryption scheme is CPA-secure and Indistinguishable.
- public ScDamgardJurikEnc()¶
Default constructor. Uses the default implementations of SecureRandom.
- public ScDamgardJurikEnc(SecureRandom rnd)¶
Constructor that lets the user choose the source of randomness.
Parameters: - rnd – source of randomness.
Basic Usage¶
The code example below is used when the sender and receiver know the specific type of asymmetric encryption object.
Sender code:
//Create a DamgardJurik encryption object.
DamgardJurikEnc encryptor = new ScDamgardJurikEnc();
//Generate a keyPair using the DamgardJurik object.
KeyPair pair = encryptor.generateKey(new DJKeyGenParameterSpec(128, 40));
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party2's public key:
encryptor.setKey(party2PublicKey, pair.getPrivate());
//Get the BigInteger value to encrypt, create a BigIntegerPlaintext with it and encrypt the plaintext.
...
BigIntegerPlainText plaintext = new BigIntegerPlainText(num);
AsymmetricCiphertext cipher = encryptor.encrypt(plaintext);
//Send cipher and keys to the receiver.
Receiver code:
//Create a DamgardJurik object with the same definition as party1.
//Generate a keyPair using the DamgardJurik object.
KeyPair pair = encryptor.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party1's public key:
encryptor.setKey(party1PublicKey, pair.getPrivate());
//Get the ciphertext and decrypt it to get the plaintext. ...
BigIntegerPlainText plaintext = (BigIntegerPlainText)elGamal.decrypt(cipher);
//Get the plaintext element and use it as needed.
BigInteger element = plaintext.getX();
RSA Oaep Encryption Scheme¶
RSA-OAEP is a public-key encryption scheme combining the RSA algorithm with the Optimal Asymmetric Encryption Padding (OAEP) method.
Interface¶
- public interface RSAOaepEnc extends AsymmetricEnc, Cca2¶
General interface for RSA OAEP encryption scheme. Every concrete implementation of RSA OAEP encryption should implement this interface. By definition, this encryption scheme is CCA-secure and NonMalleable.
Scapi Implementation¶
- public class BcRSAOaep extends RSAOaepAbs¶
RSA-OAEP encryption scheme based on BC library’s implementation. By definition, this encryption scheme is CCA-secure and NonMalleable.
- public BcRSAOaep()¶
Default constructor. Uses default implementation of SecureRandom as source of randomness.
- public BcRSAOaep(SecureRandom random)¶
Constructor that lets the user choose the source of randomness.
Parameters: - random – source of randomness.
Crypto++ Implementation¶
- public class CryptoPPRSAOaep extends RSAOaepAbs¶
RSA-OAEP encryption scheme based on Crypto++ library’s implementation. By definition, this encryption scheme is CCA-secure and NonMalleable.
- public CryptoPPRSAOaep()¶
Default constructor. Uses default implementation of SecureRandom as source of randomness.
- public CryptoPPRSAOaep(SecureRandom secureRandom)¶
Constructor that lets the user choose the source of randomness.
Parameters: - secureRandom – source of randomness.
OpenSSL Implementation¶
- public class OpenSSLRSAOaep extends RSAOaepAbs¶
RSA-OAEP encryption scheme based on OpenSSL library’s implementation. By definition, this encryption scheme is CCA-secure and NonMalleable.
- public OpenSSLRSAOaep()¶
Default constructor. Uses default implementation of SecureRandom as source of randomness.
- public OpenSSLRSAOaep(SecureRandom secureRandom)¶
Constructor that lets the user choose the source of randomness.
Parameters: - secureRandom – source of randomness.
Basic Usage¶
Sender code:
//Create an RSA encryption object.
RSAOaepEnc encryptor = new CryptoPPRSAOaep();
//Generate a keyPair using the RSAOaep object.
KeyPair pair = encryptor.generateKey(new RSAKeyGenParameterSpec(1024, null));
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party2's public key:
encryptor.setKey(party2PublicKey, pair.getPrivate());
//Get a byte[] message to encrypt. Check if the length of the given msg is valid.
if (encryptor.hasMaxByteArrayLengthForPlaintext()){
if (msg.length>encryptor.getMaxLengthOfByteArrayForPlaintext()) {
throw new IllegalArgumentException(“message too long”);
}
}
//Generate a plaintext suitable to this RSAOaep object.
Plaintext plaintext = encryptor.generatePlaintext(msg);
//Encrypt the plaintext
AsymmetricCiphertext cipher = encrypor.encrypt(plaintext);
//Send cipher and keys to the receiver.
Receiver code:
//Create the same RSAOaep object with the same definition as the sender’s object.
//Generate a keyPair using the RSAOaep object.
KeyPair pair = encryptor.generateKey();
//Publish your public key.
Publish(pair.getPublic());
//Set private key and party1's public key:
encryptor.setKey(party1PublicKey, pair.getPrivate());
//Get the ciphertext and decrypt it to get the plaintext.
...
ByteArrayPlaintext plaintext = ((ByteArrayPlaintext)encryptor).decrypt(cipher);
//Get the plaintext bytes and use it as needed.
byte[] text = plaintext.getText();
...