Hi,
I wrote a little cryptography module. It implemented a (theoretically) fully secure RSA cryptosystem.
This turned out to be harder than anticipated. In addition to jogging my memory of RSA, implementing it in Java is a nightmare (exercise of actual real programming).
It turns out that there are two different APIs for this. The one most directly implemented by Java has a bug that prevents it from working except when writing to a file. The second is also too buggy to use.
So, I decided to write my own implementation. It turns out that there are a number of (buggy) Java implementations. These fail in a number of cases, (usually when a message is too long). Obviously, real RSA doesn't crash. I ended up basing my solution on an existing RSA implementation and then rewriting half of it to actually work.
In the process, I also tried compressing the RSA output stream. It turns out that the Java "Inflate" class has a bug that causes it to hang on the general kind of data that can be produced by compressing an RSA stream.
I can't really do anything about that, because if I were to try to fix all the bugs in the JRE, I should at least get paid--and anyway, at this time, there are more pressing matters, such as serialization, updates concerning which should appear on the next post.
Ian
No comments:
Post a Comment