--- title: Encrypting images and keys - Java examples description: Examples of how to encrypt images and keys in Java to enroll users into PingOne Recognize with the IDV Bridge SaaS solution. component: recognize page_id: recognize:idv-bridge:idv-bridge-encrypting-images-and-keys-java canonical_url: https://docs.pingidentity.com/recognize/idv-bridge/idv-bridge-encrypting-images-and-keys-java.html llms_txt: https://docs.pingidentity.com/recognize/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md --- # Encrypting images and keys - Java examples 1. Install two libraries required to perform the cryptographic operations in this flow: ```java // build.gradle.kts dependencies { // if you're using a JDK version older than 8, check the docs at https://www.bouncycastle.org/documentation/documentation-java/#bouncy-castle-java-documentation implementation("org.bouncycastle:bcprov-jdk18on:1.78.1") implementation("org.apache.wicket:wicket-core:10.2.0") } ``` 2. Next, here's how to [encrypt images with AES-GCM-SIV](idv-bridge-saas.html#encrypt-aes-gcm-or-aes-gcm-siv-key): ```java public class CypherPoc { public static void main(String[] args) { // Important: make Bouncycastle available as the primary security provider if (Security.getProvider(PROVIDER_NAME) == null) { Security.insertProviderAt(new BouncyCastleProvider(), 1); } CypherPoc cypherPoc = new CypherPoc(); cypherPoc.aesGcmSiv(); } public void aesGcmSiv() { // defaults to AES-256-GCM-SIV GCMSIVCrypter crypter = new GCMSIVCrypter(); SecretKey secretKey = crypter.generateKey(new SecureRandom()); byte[] encrypt = crypter.encrypt("Hello, AES-GCM-SIV!".getBytes(), secretKey, new SecureRandom()); byte[] decrypt = crypter.decrypt(encrypt, secretKey); System.out.println("Decrypted Text: " + new String(decrypt)); } } ``` 3. Finally, here's an example of how to [encrypt with the RSA public key required by the next step](idv-bridge-saas.html#encrypt-aes-gcm-or-aes-gcm-siv-key): ```java public class CypherPoc { public static void main(String[] args) throws Exception { if (Security.getProvider(PROVIDER_NAME) == null) { Security.insertProviderAt(new BouncyCastleProvider(), 1); } CypherPoc cypherPoc = new CypherPoc(); SecretKey keyToEncrypt = cypherPoc.aesGcmSiv(); // RSAES-OAEP-SHA-256 String keyUsedToEncrypt = """ -----BEGIN PUBLIC KEY----- The public key base64 -----END PUBLIC KEY-----"""; byte[] encryptedKey = cypherPoc.encryptKey(keyUsedToEncrypt, keyToEncrypt); System.out.println("Encrypted Key: " + HexUtils.toHexString(encryptedKey)); } public SecretKey aesGcmSiv() { GCMSIVCrypter crypter = new GCMSIVCrypter(); SecretKey secretKey = crypter.generateKey(new SecureRandom()); return secretKey; } public byte[] encryptKey(String keyUsedToEncrypt, SecretKey keyToEncrypt) throws Exception { PemReader pemReader = new PemReader(new StringReader(keyUsedToEncrypt)); PemObject pemObject = pemReader.readPemObject(); byte[] content = pemObject.getContent(); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(content); PublicKey publicKey = keyFactory.generatePublic(keySpec); Cipher instance = Cipher.getInstance("RSA/ECB/OAEPWITHSHA256ANDMGF1PADDING"); instance.init(Cipher.ENCRYPT_MODE, publicKey); return instance.doFinal(keyToEncrypt.getEncoded()); } } ```