Daniel Batista Daniel Batista - 1 month ago 18
Java Question

Bouncycastle: encrypt with a public key

I need some help with this lib. Fetching the following examples code BouncyCastle and I do not understand how this works.
My code: http://pastebin.com/RieDfUd9
Dictionary: chain[0], is sender cert.
conv, is the receiver cert.

My problem is this, I need to encrypt an email using smime with the public key personnel which I am sending the email. At the moment in my test environment I have access to both certificates. But in a production environment I will have only access to my certificate (who is sending) chain [0], and the public key of those who receive. I need encryptar email so that I can open with the public key of who is reading (and which was used to encrypt the message).

I already tried several ways, but I always have problems when decrypting.

Answer

You cannot do that. You will have to store the cert instead of just the public keys.

When a mail client receive a email, it has to know which private key to use to decrypt it - or it will just fail to decrypt.

How does the mail client knows which private key to use? Because recipient information is also in the encrypted mail.

You can't just encrypt your data encryption key with any random public key and hope the receiver knows which key can be used to decrypt it.

That's why the BouncyCastle API takes a certificate instead of a key.

You can more read about the details of SMIME encryption here: http://security.stackexchange.com/questions/45222/smime-email-decryption-key-with-openssl

This link has more about how the decryption process is done for multiple recipients: SMIME decryption for multiple recipients

Comments