JavaScript encryption based on Java generated RSA key

Question

I'm trying to implement a solution for encryption between Java and JavaScript.

on the Java end I have the following static block:

public class Manager {

  public static KeyPairGenerator keyPairGenerator;
  public static KeyPair keyPair;

  static{       
      try {
        keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        keyPair = keyPairGenerator.genKeyPair();
      } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
      }
  }
  ...
}

This basically generates a fresh KeyPair once my server is up and running...

then I give the public key in a JSON format:

<%
JSONObject json = new JSONObject();
json.put("publicKey", "-----BEGIN PUBLIC KEY-----" + Base64.encodeBase64URLSafeString(Manager.keyPair.getPublic().getEncoded()) + "-----END PUBLIC KEY-----");
%>

and I want to use that key (be it 1024 or 2048 bit) to encode information coming from client's forms... anyone knows how can I encode the information using an RSA 1024 bit, base64 encoded public key?

I tried jCryption and severel other libraries to no avail...

Answer 1

If you don't send your public key as a certificate, you are better off just sending the modulus and the public exponent separately (eg base 64 encoded in separate fields). The default encoding will result in a X509 SubjectPublicKeyInfo ASN.1 structure, which you would need to parse in your JavaScript libraries.

Note that you are protecting only against eavesdroppers; man-in-the-middle attacks are still viable as they can replace your public key with their own. RSA 1024 is of course outdated by now. Fortunately you still have TLS/SSL to protect you.