CubeBit/chat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* fixing security issues with rsa padding

Browse Source 
Signed-off-by: CubeBit <denis-seredenko@ukr.net>
This commit is contained in:
Denys Seredenko
2023-08-03 15:52:04 +02:00
parent fe3a0820cf
commit 3b03b2258a
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/main/java/org/orinprojects/encryption/EncryptionUtil.java
View File

@@ -10,7 +10,7 @@ import java.util.Base64;
public class EncryptionUtil { public class EncryptionUtil {
public static final int RSA_KEY_SIZE = 4096; public static final int RSA_KEY_SIZE = 2048;
public static final int AES_KEY_SIZE = 256; public static final int AES_KEY_SIZE = 256;
@@ -51,7 +51,7 @@ public class EncryptionUtil {
} }
public static String encryptWithRSA(String data, PublicKey publicKey) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException { public static String encryptWithRSA(String data, PublicKey publicKey) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey); cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedMessage = cipher.doFinal(data.getBytes()); byte[] encryptedMessage = cipher.doFinal(data.getBytes());
@@ -59,7 +59,7 @@ public class EncryptionUtil {
} }
public static String decryptWithRSA(String encryptedData, PrivateKey pk) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { public static String decryptWithRSA(String encryptedData, PrivateKey pk) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
cipher.init(Cipher.DECRYPT_MODE, pk); cipher.init(Cipher.DECRYPT_MODE, pk);
byte[] decryptedMessage = cipher.doFinal(Base64.getDecoder().decode(encryptedData)); byte[] decryptedMessage = cipher.doFinal(Base64.getDecoder().decode(encryptedData));