That helped a lot! Thanks, Greg!
Michelle
On Fri, 14 Mar 2003, Gregory Stark wrote:
- Original Message -
From: Michelle Li [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 12, 2003 9:38 AM
Subject: RSA padding scheme, plz help!
On the card, the supported padding schemes are RSA_ISO14888, RSA_ISO9796,
RSA_PKCS1, and RSA_NO_PAD. I was told that RSA_ISO9796 and RSA_PKCS1 are
suitable for data of limited length (k/2 and k-11 max, respectively, where
k is the RSA key size in bytes). Some of my data will be a lot more than
that, so I guess I can't use those two? But which of these are supported
by openssl?
I believe the first two are not supported and are for RSA signatures anyway.
RSA_PKCS1 and RSA_NO_PAD are supported for encryption.
I'm new to cryptography, so any advises and help would be greatly
appreciated. Thanks a lot!
Usually, large amounts of data are not encrypted with RSA. It can be done,
but it is much slower then alternative methods. The usual technique employs
something called a 'digital envelope'. It combines the speed of a fast
symmetric encryption algorithm like AES, DES, 3DES, Blowfish, etc. with the
benefits of public key techniques. It works as follows:
Consider a stream of data bytes that you want to encrypt, b0, b1, b2, ...,
b1 (1 is just an example size), and suppose you are using 1024 bit
RSA. In your notation above k=1024/8=128 bytes. Using the RSA_PKCS1 padding
we can encrypt up to 128-11=117 bytes. Just take the first 117 bytes of
data, b0 through b116, and RSA encrypt them. You get 128 bytes out. Then
take the next 117 bytes of data, b117 through b233, and RSA encrypt them.
You can another 128 bytes out. Continue on in this manner until you have
encrypted the all the data. On the decrypt side you just reverse the
process. Take the first 128 bytes of data and RSA decrypt them. The result
is the first 117 bytes of plaintext.
Using the digital envelope technique instead, you first select a symmetric
encryption algorithm. Lets use Blowfish as an example. Next generate a
random blowfish key of 16 bytes, call it BKEY. Now you encrypt all the data
using blowfish with key BKEY and only encrypt the 16 byte quantity BKEY with
RSA. Send the RSA encrypted BKEY and the blowfish encrypted data to the
recipient. The recipient use RSA decryption to recover BKEY, and then uses
blowfish with the just recovered BKEY to decrypt the rest of the data. For
typical sized messages this will be between 200-2000 times faster than using
just RSA. It is also a little more efficient with bandwidth, since pure RSA
encryption takes 117 bytes in = 128 bytes out.
Hope this helps,
==
Greg Stark
[EMAIL PROTECTED]
==
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]