Thanks for your response. That makes sense. That is the paradigm I'm using anyway for the data we are encrypting. Why I was trying to encrypt a file with RSA is because I was trying to provide a common interface that sat on top of the crypto++ that allowed users of the library to perform common cryptography tasks with different cryptography schemes. For instance, encrypt/decrypt string, file, binary buffer, etc.
Anyway thanks for your response, Chris -----Original Message----- From: Giuliano Bertoletti [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2003 12:49 PM To: [EMAIL PROTECTED] Subject: Re: RSA encryption question chris holt wrote: > > I do not have in depth knowledge about the cryptography schemes and > don't under stand why I would be getting this error when encrypting a > file with RSA. > > RSA/OAEP-MGF1(SHA-1): message too long for this public key > > How does the message length correspond to the public key? > Any help would be appreciated? > Although RSA can be used in its raw format to encrypt a whole file it's not recommended and it's very risky; there are many reasons you should use some cooked version (like OAEP-MGF1(SHA-1)) which are specifically designed to encrypt only a small portion of a message, typically a session key, in a secure manner. This message has to be a fraction of the public key length (say 1/2 or 1/3, I do not have the PKCS spec. here right now, but these numbers seems to be quite adequate for a session key). You can then use the session key and a symmetric cipher (for example cast, blowfish, 3des, rijndael, ecc.) to encrypt whatever you want. At destination, the receiver recovers the session key using RSA and its private key, then uses the symmetric cipher to decrypt the payload. With minimal work, you should be able to pack everything in one encrypted file. Bye, -- Giuliano Bertoletti e-Security Manager Intrinsic - Security Monitoring http://www.intrinsic.it COOL-FIRE: la soluzione Firewall per Windows NT/2000 http://www.symbolic.it/Prodotti/cool-fire.html SYMBOLIC S.p.A. Tel: +39 0521 776180 / Fax: +39 0521 776190
