Skip to content

Decrypt encypted data encrypts some critical secret data when shared with the apps. This is to improve security of the APIs. An example use case is the email & resetToken returned in the forgot password API.

This page explains how these can be decrypted in Java for further processing by the applications.


  1. Server public key - This can be obtained from the server admin

Java implementation

Java dependencies

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

Code snippet

publicKey = getKey(LoadConfig.getConfigValue("PUBLIC_KEY_PATH"));
String email = decrypt(objPass.getEmail());
String token = decrypt(objPass.getResetToken());

public static String decrypt(String data)
                  throws IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException,
                  NoSuchPaddingException, IOException, InvalidKeySpecException {
            return decrypt(data, getPublicKey(publicKey));

 public static String decrypt(String data, PublicKey publicKey) throws NoSuchPaddingException,
                  NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {

            String decryptedPassword = null;
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(Cipher.DECRYPT_MODE, publicKey);

            byte[] decryptedPasswordByte = cipher.doFinal(Base64.getDecoder().decode(data));
            decryptedPassword = new String(decryptedPasswordByte, StandardCharsets.UTF_8);
            return decryptedPassword;

private static String getKey(String filename) throws IOException {
            // Read key from file
            String strKeyPEM = "";
            BufferedReader br = new BufferedReader(new FileReader(filename));
            String line;
            while ((line = br.readLine()) != null) {
                  strKeyPEM += line + "\n";
            return strKeyPEM;

public static PublicKey getPublicKey(String base4096PublicKey)
            throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        // String filename = LoadConfig.getConfigValue("PUBLIC_KEY_PATH");
        // String publicKeyPEM = FileUtils.readFileToString(new File(filename));

        String publicKeyPEM = base4096PublicKey;

        // strip of header, footer, newlines, whitespace
        publicKeyPEM = publicKeyPEM.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "")
                .replaceAll("\\s", "");

        // decode to get the binary DER representation
        byte[] publicKeyDER = Base64.getDecoder().decode(publicKeyPEM);
        X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(publicKeyDER);
        PublicKey pubKey = KeyFactory.getInstance("RSA").generatePublic(keySpecX509);
        return pubKey;

Last update: 2022-12-02