TSS feedback: JCE Encryption of QueryString parameters

  1. JCE Encryption of QueryString parameters (3 messages)

    Good morning.

    I need to be able to encryption some information in Java and have the cipher decrypted in an ASP page.

    Is there any Java JCE Provider that also provides a MS/COM solution or works with MSs Cryot API?

  2. If you use a standard algorithm you don't need a cross-platform crypto engine. The output of an encryption operation depends on the algorithm and the input parameters, not on the library provider. Any decent crypto library will have implementations of well-known algorithms so you won't have problems here.

    Also, if you only need to send some encrypted info from a client to a server, you could use an HTTPS POST (or even GET, but less recommended). If you want to use symmetric encryption, key management will be a significant overhead (dispatching & revoking of the symmetric key, storing it safely on the client and so on).

  3. Razvan, thanks for the reply. I need to digitally sign some information in a servlet and have an ASP page decrypt the information with our public key. It's not so much for data encryption as for verification that we are infact the sender of the information. I see that the IBM Provider supplied with WAS 4.0 handles RSA asymmetric encryption and so does the MS CryptoAPI, so I should be good to go.
  4. You got me confused, do you need digital signatures (then you wouldn't _decrypt_ the information as there is nothing encrypted) or encryption (then you'd decrypt with the _private_ not the public key)? Or perhaps both.

    Again, the simpler (and probably faster) solution is to use SSL with client certificates. Then you'd have strong client authentication which you say you want. SSL uses the RSA algorithm for the initial handshake anyway.

    However, SSL is not good if you need to persist the signature for later use (for non-repudiation purposes, for instance). SSL is bound to the transport.

    In either case, though, the PKI management part will be bigger than the passing of the encrypted/signed data. Good luck.