String RSA encryption in Android

Question

The situation:

I want an application that encrypts an string using RSA. I have the public key stored in res/raw, and as the key is 1024 bits, the resulting string has to be 128 bytes long. However, the resulting string after encrypting is 124 long, and as a result, the decryption crashes.

The function I am using to recover the public key is:

private PublicKey getPublicKey() throws Exception {
    InputStream is = getResources().openRawResource(R.raw.publickey);
    DataInputStream dis = new DataInputStream(is);
    byte [] keyBytes = new byte [(int) is.available()];
    dis.readFully(keyBytes);
    dis.close();

    X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePublic(spec);
}

And the code of the function that I am using to encrypt:

private String rsaEncrypt (String plain) {

    byte [] encryptedBytes;
    Cipher cipher = Cipher.getInstance("RSA");
    PublicKey publicKey = getPublicKey();
    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
    encryptedBytes = cipher.doFinal(plain.getBytes());
    String encrypted = new String(encryptedBytes);
    return encrypted;

}

P.D.: The code works perfectly in a desktop application, it just crashes in Android.

I really would appreciate any help,

Thank you very much.

Answer 1

String encrypted = new String(encryptedBytes);

is a bug. The output from crypto transforms are binary bytes. You cannot reliably store them as Strings.

Using is.available() is probably also a bug, but I'm not sure in this case.

Finally, it is one of my pet peeves when folks use the default charset versions of new String(...) and String.getBytes(). It is very rarely the right thing to do, especially in that Java claims to be "write once, run everywhere". The default charset is different on different platforms, which will trigger a bug in your code even if you do everything else correct. You should always specify a particular charset. In every case I have ever seen, simply using the UTF-8 Charset (Charset.forName("UTF-8");) will always work and represent data efficiently.