Here's what I'm trying to do:
I want to securely send a message (just a String) from one application to another (using Web Services). The message must be encrypted for privacy reasons, and sender and receiver must be ensured. Each of these applications has their own asymmetric key pair.
Here's my problem:
My approach was to encrypt the message symmetrically (e.g. using DES) and send that. Along with the encrypted message, I would send the symmetric key, encrypted once with the sender's private key, and once with the receiver's public key (i.e. assuring sender and receiver).
I wrap the original symmetric key with the sender's private key using the following code: (note I am using the Bouncy Castle providor)
Cipher cipher = Cipher.getInstance("RSA", "BC");
cipher.init(Cipher.WRAP_MODE, keyPair.getPrivate());
byte[] halfEncryptedKey = cipher.wrap(key);
Then encrypt the key again with the receiver's public key:
cipher.init(Cipher.ENCRYPT_MODE, receiverPublicKey);
encryptedKey = cipher.doFinal(halfEncryptedKey);
but a '
DataLengthException' exception is thrown when encrypting for the second time. I assume this is because the half-encrypted key is too long?
Does anyone know what I'm doing wrong, how I can solve it or another way I could/should approach it?!?
I hope I've explained myself well enough - thanks in advance.
Gareth