RSA Keys

Overview

A message authentication code is a good first step to ensure we can transfer data in a reliable way between two parties. Using an array of bytes as a secret key is not ideal. A JWS created by party A can be verified and altered by party B since they also have the same key. If we use an RSA key, we can ensure that no one else can create a signed message.

The RSA, or the Rivest-Shamir-Adleman, is a widely used asymmetric encryption algorithm that uses a key of 2048 or 4096 bits. RSA keys can perform fast and reliable encryption and decryption of a value and can also be used in the creation of a signature. Since the signature is created with the private part of the key (which is not distributed), everyone that receives the public key can verify it. This process therefore guarantees not only that the message has not been tampered with but that the sender also owns the private key.

Let’s explore how RSA keys can be used in encryption. RSA is a central and important aspect of the security world. The way that these keys are used in encryption is different from the signature case. We encrypt with a public key, so that only the owner of the matching private key can decrypt. A receiver must therefore hand out the public key to anyone who wants to send them a message.

Create the project

We start from the project template that we have defined earlier. We are not creating a web application, but we can still use the template in this case.

• If you want to work within the Educative platform, simply use the project we’ve created at the end of this lesson. If you choose to work locally, you will need to create a Maven project rsa as described in "Introduction to Window Shopping."

There are no other dependencies needed, all code is available in every JVM.

TestRSA class

Let's go ahead and create new class file TestRSA.java in the maven rsa directory src/main/java/be/rubus/security/workshop/rsa.