Dear Sir/Madam,

According to the enquiry posted earlier regarding the block type issue:
http://marc.info/?l=openssl-users&m=121247900612032&w=2

With the basic understanding that sender (Service Provider) uses private key to encrypt the data before sending back to client, which supposes to work fine with the following perl code:

$RSA_Decrypt = Crypt::OpenSSL::RSA->new_public_key( $PublicKey );
$RSA_Decrypt->use_pkcs1_padding();
my $TmpText = decode_base64( $CipherText );

my $PlainText = $RSA_Decrypt->public_decrypt( $TmpText );

However, we found that the sender actually have the java code to, somehow, transform the private key into public key as followed:

private String SendBack(String ciphertext, String pri_key )
{
BASE64Decoder decode64 = new BASE64Decoder();
byte[] o_t_privk = decode64.decodeBuffer(pri_key);

RSAPrivateKey rsaKey = (RSAPrivateKey)KeyFactory.getInstance("RSA")
.generatePrivate(new PKCS8EncodedKeySpec(o_t_privk));

BigInteger modulus = new BigInteger(
rsaKey.getModulus().toString());
BigInteger expoment= new BigInteger(
rsaKey.getPrivateExponent().toString());

RSAPublicKeySpec pubKeySpec = null;
RSAPublicKey rsaPublicKey = null;

pubKeySpec = new RSAPublicKeySpec(modulus,expoment);
rsaPublicKey = (RSAPublicKey)KeyFactory.getInstance("RSA")
.generatePublic(pubKeySpec);

Cipher rsa_cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa_cipher.init(Cipher.ENCRYPT_MODE,rsaPublicKey);
// auto selects block type 2

...

}

With this code, sender is actually encrypting data as if the public key is used - making the block type = 2.

There seems to be 2 ways to handle this issues:

1. Ask the sender to do something like openssl/perl's private_encrypt() instead to set block type to 1.
--> tried rsa_cipher.init(Cipher.ENCRYPT_MODE, rsaPrivateKey); but didn't work. Failed to compile.

2. Try to do reverse like sender - taking public key to make private key and use openssl/perl's decrypt()
--> don't know how...

Please kindly suggest on the matter.

Thank you and Best Regards,
Phakin Ch.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org