AES and RSA Encryption in Java

I. Introduction In this blog post, we will discuss how to encrypt a confidential message from the client to the backend application. An ...

I. Introduction

In this blog post, we will discuss how to encrypt a confidential message from the client to the backend application. An example would be a POS terminal sending the payment information of the user to the payment gateway.

II. Encryption Algorithms

There are two encryption algorithms that we would look at to secure our message:
  1. AES - a successor to DES. It's a subset of the Rijndael block cipher. It's the symmetric key algorithm, which means we need the same key to encrypt and decrypt data. This algorithm is considered faster compared to RSA.
  2. RSA - one of the most widely used public/private key cryptosystems. It's an asymmetric key algorithm, which means we will use a public key to encrypt a text and private key to decrypt it. RSA has several modes
    1. Cipher Block Chaining(CBC) — Typically used for encrypting text files, e-mail messages, images, and so forth. It generates a random Initialization Vector (IV), then encrypts the data block-by-block in such a way that later blocks are randomized by the encryption of earlier blocks. Due to the randomly generated IV, repeated encryptions of the same plaintext will yield distinct ciphertexts.
    2. ECB-Mix-ECB (EME*) — If your application requires that data is encrypted so that every bit of the plaintext will affect every bit of the ciphertext, or an initialization vector cannot be used, then EME* should be used. EME* is less efficient than CBC mode but encrypts the data in a single block.

III. Integrating AES and RSA Encryption to our POS Application

User Story

  1. A customer purchases a new laptop in the mall. He then enters his card and the POS reads this information.
  2. This information is encrypted using an AES Key. We will need the same key to decrypt the encrypted text afterward. So we need a secure way to send it.
  3. The AES key is encrypted using the RSA algorithm, which means our POS terminal should have a public key.
  4. The encrypted information plus the encrypted AES key is then saved into a single request object and send over the internet.
  5. Upon receive in the payment gateway side, we get the encrypted AES key and decrypt it using the RSA algorithm. Needless to say, we need the private key pair that we use during encryption.
  6. After the AES key is decrypted, we will use it to decrypt the private information which contains the payment details of the customer.
  7. The payment details are now decrypted and we can process the payment with the bank.

IV. Running the Application

The source code is available at the repository mentioned in the reference section below.
  1. You must run to generate both the AES key and RSA private and public keys.
  2. Refresh your project and key files should be generated in its root.
  3. Copy both the rsa_public and rsa_private into your src/test/resources directory.
  4. Run mvn clean test
I'm sure you are also a developer otherwise, you won't get here. Thus, I trust that you will understand how the project works. If you need help, I'm just one message away.

V. References


coding 1027261838519025419

Post a Comment Default Comments