Re: Java, MSCAPI interoperability - newbie

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 09:57:12 -0500

A good solution (analogous to enveloped email) is to have the two parties have
their own RSA keypair. Then you can leverage RSA key-exchange protocol very easily.
This is a very good way to exchange session keys.
The client and server then simple use EnvelopedData approach to encrypt any amount of
data with random symmetric key and encrypt the symmetric key with their local private RSA key
and send it all together (either as packaged CMS/PKCS#7 blob or with bits in a cab et...).
This gives you persistent encrypted data (SSL only provides privacy and authentication over the
wire) for storage if you wish. You should also ensure that the data is authenticated properly
(e.g.
add signature to above blobs), otherwise someone else using your public key might be encrypting
to you etc...

This approach is not a "conversation/session" but you could easily build a simple communication
session under this ... doesn't need to be secure because your data is secured already.
For Java 2, you would need support for pkcs7 (e.g. BouncyCastle) and that appears to work well.

- Mitch Gallant
   MVP Security

"Shan" <anonymous@discussions.microsoft.com> wrote in message
news:1C8B00A5-2B7A-48B7-9DA6-8982C1FB2CAE@microsoft.com...
> Hi Lucas,
> SSL would be too costly an option. I have some kind of symmetric encryption on my mind. But have
no idea of how this can be done symmetrically on Java and Windows. Other things like authentication
can wait :-) Probably my (naive) questions will tell you how much (or little) I know about this
process:
> 1. How can I transfer session keys from Win32 client to Java server, or better still, can you give
me a description of all the steps involved in a ciphered conversation between a Win32 client and
Java server?
> 2. Can I do it without using JNI to interface with MSCAPIs, becoz with the frequency of data these
two need to exchange is too high?
> Please help.
> Thanks!

Relevant Pages

  • Re: RSA Encrypt/Decrypt Problems
    ... You can generate a snk for each and replicate the public key part to each ... Then sym encrypt your data with the key and iv and store in the ... You could actually do it with small blocks and only the public rsa key, ... > key) with the symmetric key embedded in the file and encrypted using the ...
    (microsoft.public.dotnet.security)
  • Re: RSA Encrypt/Decrypt Problems
    ... I suppose that I could expose the public key on each ... key) with the symmetric key embedded in the file and encrypted using the ... then encrypt it with the other public key. ... anyone demonstrating a bulk encryption approach using just RSA ...
    (microsoft.public.dotnet.security)
  • RE: Problems with public key decryption with RSA
    ... RSA. ... Create a signed hash for the "data to encrypt" with a RSA Private Key ... Encrypt the symmetric key with a fixed symmetric key known to sender/recipient ... sender and would be able to decrypt the data ...
    (microsoft.public.dotnet.framework)
  • RE: Problems with public key decryption with RSA
    ... RSA. ... Create a signed hash for the "data to encrypt" with a RSA Private Key ... Encrypt the symmetric key with a fixed symmetric key known to sender/recipient ... sender and would be able to decrypt the data ...
    (microsoft.public.platformsdk.security)
  • RE: Problems with public key decryption with RSA
    ... RSA. ... Create a signed hash for the "data to encrypt" with a RSA Private Key ... Encrypt the symmetric key with a fixed symmetric key known to sender/recipient ... sender and would be able to decrypt the data ...
    (microsoft.public.dotnet.security)