Re: Maximum size of RSA message, was: Re: RSA Encrypt/Decrypt fails

Mon, 26 Feb 2001 02:37:29 -0800 

On Sun, Feb 25, 2001 at 08:04:55PM -0500, Greg Stark wrote:

> It is not a bug, it is a known fact. As Joseph Ashwood notes, you end up
> trying to encrypt values that are larger than the modulus. The documentation
> and most literature do tend to refer to moduli as having a certain "length"
> in bits or bytes. This is fine for most discussions, but if you are planning
> to use RSA to directly encrypt/decrypt AND you are not willing or able to
> use one of the padding schemes, then you'll have to understand *all* the
> details. One of these details is that it is possible to supply
> RSA_public_encrypt() with plaintext values that are greater than the modulus
> N. It returns values that are always between 0 and N-1, which is the only
> reasonable behavior. Similarly, RSA_public_decrypt() returns values between
> 0 and N-1.

I have to confess I totally overlooked that and just assumed that if
RSA_size(key) would be 1024, then I would be able to encrypt messages of 1024
bits.

> There are multiple solutions to this problem. A generally useful one
> is to use the RSA PKCS#1 ver 1.5 padding
> (http://www.rsalabs.com/pkcs/pkcs-1/index.html). If you don't like that
> padding scheme, then you might want to read the PKCS#1 document for the
> reasons behind that padding scheme and decide for yourself where you can
> modify it. It sounds like it be easiest if you just follow Mr. Ashwood's
> advice. Is there some problem with that?

Yes well, upon reading the PKCS#1 v1.5 document I noticed that Mr. Ashwood
solves this problem by not only making the most significant bit zero, but in
fact the 6 most significant bits.

I don't want to use one of the padding schemes because I already know the
message size in advance, and so does a possible attacker. Using a padding
scheme would therefore add known plaintext, which does not improve security.

But thank you for the link! I think this solves my problem now :).

-------------------------------------------
Met vriendelijke groet / with kind regards,
  Guus Sliepen <[EMAIL PROTECTED]>
-------------------------------------------
See also: http://tinc.nl.linux.org/
          http://www.kernelbench.org/
-------------------------------------------

PGP signature

Reply via email to