[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] javax.crypto.BadPaddingException



The RSACipher is not supposed to support bulk data encryption. This is
generally not recommended for RSA both for performance and security reasons.
Each call to doFinal() will perform exactly one RSA operation ("modulo
exponentiation") on the data. Consequently the data has to be valid for the
employed padding scheme, in the case of PKCS#1 encryption the data needs to
be at least 11 bytes shorter as the modulus.

In the real world RSA is used only to encrypt symmetric content encryption
keys, which are used for actual data encryption. You should consider doing
the same or using a secure standard in the first place, e.g. PKCS#7.

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at


----- Original Message -----
From: "Frank" <frank@cpp.twbbs.org>
To: <iaik-jce@iaik.at>
Sent: Thursday, December 28, 2000 5:03 PM
Subject: [iaik-jce] javax.crypto.BadPaddingException


Hi, all:

javax.crypto.BadPaddingException: PKCS#1 requires data at least 11 bytes
shorter
 than the modulus!
javax.crypto.BadPaddingException: PKCS#1 requires data at least 11 bytes
shorter
 than the modulus!
        at iaik.pkcs.pkcs1.RSACipher.b(Unknown Source)
        at iaik.pkcs.pkcs1.RSACipher.engineDoFinal(Unknown Source)
        at javax.crypto.Cipher.doFinal(Unknown Source)
        at Test.main(Test.java:58)

I can't understand what the exception means...

Does RSACipher.dofinal(byte[]) have some restrictions on the byte array???

How can I resolve it?

Thank you~~~~~



smime.p7s