EldoS | Feel safer!

Software components for data protection, secure storage and transfer

input too long

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#11331
Posted: 10/13/2009 10:25:18
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Hello!

I'm migrating my code from old LockBox to SecureBlackBox, so, I only need to use the lowlevel functions.

I think the symmetric algorithms are now completely converted, however, I'm having some problems on the RSA!

I'm trying to encrypt a large text using it (for example, a 128 bit key) and I'm getting that error. I know, it I increase the key size, I can use a bigger input, but this doesn't solve my problem.

I want to be able to encrypt any text and any stream (file) with any key size using RSA.

How can I do that?

Thanks
Joao
#11332
Posted: 10/13/2009 10:42:23
by Eugene Mayevski (EldoS Corp.)

Asymmetric algorithms are not intended to be used this way, so in brief, you can't.

Instead, you must generate a random symmetric key for some algorithm (such as AES), encrypt your data using this key, then encrypt the generated symmetric key with RSA public key.


Sincerely yours
Eugene Mayevski
#11334
Posted: 10/13/2009 11:46:05
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

:(

This is bad! I knew Lockbox wasn't following the standards, but not at that level!

Now, I'm going to change lots of things :(
#11335
Posted: 10/13/2009 12:28:10
by Eugene Mayevski (EldoS Corp.)

It is mathematically impossible to encrypt "any amount of data" using plain RSA key, because this would be way too slow. Even if you split the data to 100-byte chunks (this is for 1024-bit) and encrypt each chunk separately, each chunk encryption operation will take, say, 10 ms. You get 100 msec per 1Kb or 10 Kb per second, comparing to ~1000 Kb (approximate) per second when using AES.


Sincerely yours
Eugene Mayevski
#11336
Posted: 10/13/2009 12:46:39
by Eugene Mayevski (EldoS Corp.)

To be more correct: it's not mathematically possible to apply the key to the generic amount of data using one operation. You would need to split the data into small pieces and apply the key to each piece. But this will be terribly slow.


Sincerely yours
Eugene Mayevski
#11337
Posted: 10/13/2009 16:16:56
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Yes, it was terrible slow, but I used it for small texts, but I didn't have to depend on the key size to encrypt more then x bytes :)

Anyway, I'm using your suggestion to use the RSA only for the key exchange.

Can you please tell me if there is any direct call to tell the algorith which key (private or public) is going to be used for the encryption and the other for decryption.

As far as I was able to see, by default, it uses the public to encrypt and the private do decrypt.

Thanks,
Joao
#11338
Posted: 10/13/2009 16:30:06
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Yes, it's how asymmetric cryptography works - public part is used for encryption, and private - for decryption.
#11339
Posted: 10/13/2009 16:42:05
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Sorry, maybe I didn't explain correctly.

How can I do the oposite? Encrypt with the private and decrypt with the public?
Is this possible in secureblackbox?
#11340
Posted: 10/13/2009 16:53:04
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

This operation is possible, but it doesn't make much sense in the current context.
For RSA algorithm, it will be called 'signing', not encrypting.
I recommend to you to read basics of asymmetric cryptography at wikipedia (http://en.wikipedia.org/wiki/Asymmetric_cryptography) or any other source.
#11343
Posted: 10/14/2009 05:08:12
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

I'm sorry, but I've always used that kind of schema.

One of the users have the private key and the other the public.
Anything encrypted using the private can only be decrypted using the public and everything encrypted using the public key can only be decrypted using the private.

SecureBlackBox doesn't allow this?
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 4540 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!