1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20RSA%20/%20OAEP%20-%20ValueError%3A%20Plaintext%20is%20too%20long.&In-Reply-To=%3CCAF%2B3j-sskHPjaDKNcg57_wPyYesKHEKdFg8mJMg8CtwmCTvwcw%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000569.html">
<LINK REL="Next" HREF="000574.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.</H1>
<B>Antonio Teixeira</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20RSA%20/%20OAEP%20-%20ValueError%3A%20Plaintext%20is%20too%20long.&In-Reply-To=%3CCAF%2B3j-sskHPjaDKNcg57_wPyYesKHEKdFg8mJMg8CtwmCTvwcw%40mail.gmail.com%3E"
TITLE="[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.">eagle.antonio at gmail.com
</A><BR>
<I>Fri Apr 20 12:48:56 EDT 2012</I>
<P><UL>
<LI>Previous message: <A HREF="000569.html">[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
</A></li>
<LI>Next message: <A HREF="000574.html">[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#573">[ date ]</a>
<a href="thread.html#573">[ thread ]</a>
<a href="subject.html#573">[ subject ]</a>
<a href="author.html#573">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hello Legrandin & Others.
I'm currently trying to implement the following :
The "proper" way to do encryption would be to create a random AES
session key (16 bytes), encrypt it with RSA (hopefully at least 2048
bit long), send it, pad the data, encrypt it with AES, send it.
Ok So ..
- Create A Random AES 16 Bytes ( I'm assuming this will be the "secret")
- Pad The Payload
- Encrypt Using AES
- Encrypt The Secret + Payload With the RSA Key
- Make A Signature Of The Entire "Encrypted Payload"
- Append it to the "Encrypted Payload"
Send it ....
Recv it ..
Make the reverse process.
One thing i can't use the Normal SSL/TLS type of "session key" since there
is no state across requests or during the handshake.
Meaning "one worker can receive the request but another one can answer it
and there is no shared memory between the two."
2012/4/12 Antonio Teixeira <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">eagle.antonio at gmail.com</A>>
><i> Legrandin thank you for your help.
</I>><i> When i have time i will put something on pastebin so it can serve as
</I>><i> example for future members that require this type of solution :)
</I>><i>
</I>><i> Regards
</I>><i> A/T
</I>><i>
</I>><i> 2012/4/11 Legrandin <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">gooksankoo at hoiptorrow.mailexpire.com</A>>
</I>><i>
</I>>><i> > So after a small search i found out that if i increase the RSA Modulus
</I>>><i> i'm
</I>>><i> > able to encrypt larger number of bits ( makes sense ) but this feels
</I>>><i> dirty.
</I>>><i> >
</I>>><i> > What do your guys recommend ?
</I>>><i> >
</I>>><i> > Breaking the data in chunks and encrypting part by part joining it all
</I>>><i> in a
</I>>><i> > buffer and send it down the socket all in one with the other server
</I>>><i> > decrypting part by part and merging the data again ?
</I>>><i> >
</I>>><i> > P.S - I dont mind fishing by myself just trying to understand the best
</I>>><i> "way
</I>>><i> > / more correct way " to do it :)
</I>>><i>
</I>>><i> Hi Antonio,
</I>>><i>
</I>>><i> Increasing the RSA key length is not "dirty": it simply increases
</I>>><i> security (and incidentally useful payload size) at the expense of
</I>>><i> decryption speed.
</I>>><i> If decryption speed is not that important to you, and you have a clear
</I>>><i> idea on how long you data can be at most, go ahead and increase the
</I>>><i> key size. The time you gain by taking this approach can be spent on
</I>>><i> important tasks like making the private key secure, or adding some
</I>>><i> form of authentication to your protocol.
</I>>><i>
</I>>><i> The "proper" way to do encryption would be to create a random AES
</I>>><i> session key (16 bytes), encrypt it with RSA (hopefully at least 2048
</I>>><i> bit long), send it, pad the data, encrypt it with AES, send it.
</I>>><i> Additionally, you should also sign the data and send the signature
</I>>><i> along.
</I>>><i>
</I>>><i> At the receiving end, you decrypt the session key with RSA, decrypt
</I>>><i> the data with AES, unpad the data, and verify its signature.
</I>>><i> _______________________________________________
</I>>><i> pycrypto mailing list
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>><i>
</I>><i>
</I>><i>
</I>-------------- next part --------------
An HTML attachment was scrubbed...
URL: <<A HREF="http://lists.dlitz.net/pipermail/pycrypto/attachments/20120420/0447be4b/attachment.html">http://lists.dlitz.net/pipermail/pycrypto/attachments/20120420/0447be4b/attachment.html</A>>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000569.html">[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
</A></li>
<LI>Next message: <A HREF="000574.html">[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#573">[ date ]</a>
<a href="thread.html#573">[ thread ]</a>
<a href="subject.html#573">[ subject ]</a>
<a href="author.html#573">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
