Question & Answer
Question
How to decrypt the string returned by the system.getRsaEncrypted call within an external Java application, without using ITDI code
Cause
The result of the RSA encryption of a string is a byte array and two common ways to represent it as a string are:
- through the string whose UTF-8 encoding corresponds to the byte array
- through the Base64 encoding of the byte array
However none of the methods above are actually used.
Answer
The system.getRsaEncrypted method returns the hexadecimal representation (as an ASCII string) of the byte array resulting from the encryption.
Here is an example of a simple Java stand alone program which can be called to decrypt:
******************************
package test;
import java.io.File;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import javax.crypto.Cipher;
public class Decript {
private static byte[] convertToBinary (String asci) {
int len = asci.length() / 2;
byte[] hexData = new byte[len];
for (int i = 0; i < len; i++) {
int asciInx = 2 * i;
int digit = Integer.parseInt(asci.substring(asciInx, asciInx+ 2), 16);
hexData[i] = ((byte)digit);
}
return hexData;
}
private static void doIt (String path, String password, String certAlias, String certPassword, byte[] encrText) throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS", "IBMJCE");
FileInputStream streamIn = new FileInputStream(path);
keyStore.load(streamIn, password.toCharArray());
Key key = keyStore.getKey(certAlias, certPassword.toCharArray());
Cipher cipher = Cipher.getInstance("RSA", "IBMJCE");
cipher.init(2,key);
byte[] clearText = cipher.doFinal(encrText);
System.out.println(new String(clearText));
}
public static void main(String[] args) {
try {
doIt(args[0],args[1],args[2],args[3],convertToBinary(args[4]));
} catch (Exception e) {
e.printStackTrace();
}
}
}
******************************
The arguments which need to be passed are (in the order):
- path of the jks keystore
- password of the keystore
- alias of the certificate within the keystore
- certificate password (if defined, or the keystore one)
- string to be decrypted
You can note the convertToBinary function, which actually returns the byte array corresponding to the hexadecimal representation (as an ASCII string) passed as input.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21669254