1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
|
<tt>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40"><br>
<br>
<head><br>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii"><br>
<meta name=Generator content="Microsoft Word 12 (filtered medium)"><br>
<style><br>
<!--<br>
/* Font Definitions */<br>
@font-face<br>
        {font-family:"Cambria Math";<br>
        panose-1:2 4 5 3 5 4 6 3 2 4;}<br>
@font-face<br>
        {font-family:Calibri;<br>
        panose-1:2 15 5 2 2 2 4 3 2 4;}<br>
@font-face<br>
        {font-family:Tahoma;<br>
        panose-1:2 11 6 4 3 5 4 4 2 4;}<br>
/* Style Definitions */<br>
p.MsoNormal, li.MsoNormal, div.MsoNormal<br>
        {margin:0in;<br>
        margin-bottom:.0001pt;<br>
        font-size:12.0pt;<br>
        font-family:"Times New Roman","serif";}<br>
a:link, span.MsoHyperlink<br>
        {mso-style-priority:99;<br>
        color:blue;<br>
        text-decoration:underline;}<br>
a:visited, span.MsoHyperlinkFollowed<br>
        {mso-style-priority:99;<br>
        color:purple;<br>
        text-decoration:underline;}<br>
span.EmailStyle17<br>
        {mso-style-type:personal-reply;<br>
        font-family:"Calibri","sans-serif";<br>
        color:#1F497D;}<br>
.MsoChpDefault<br>
        {mso-style-type:export-only;}<br>
@page Section1<br>
        {size:8.5in 11.0in;<br>
        margin:1.0in 1.0in 1.0in 1.0in;}<br>
div.Section1<br>
        {page:Section1;}<br>
--><br>
</style><br>
<!--[if gte mso 9]><xml><br>
<o:shapedefaults v:ext="edit" spidmax="1026" /><br>
</xml><![endif]--><!--[if gte mso 9]><xml><br>
<o:shapelayout v:ext="edit"><br>
<o:idmap v:ext="edit" data="1" /><br>
</o:shapelayout></xml><![endif]--><br>
</head><br>
<br>
<body lang=EN-US link=blue vlink=purple><br>
<br>
<div class=Section1><br>
<br>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br>
color:#1F497D'>All blocks need to be 16 bytes. &nbsp;So for example, if the<br>
file is 2,000,005 bytes, you'd encrypt 125,000 16-byte blocks; you then have 5<br>
bytes left over, to which you'd add 11 padding bytes, which can be any binary<br>
value and then encrypt that last block.<o:p></o:p></span></p><br>
<br>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br>
color:#1F497D'><o:p>&nbsp;</o:p></span></p><br>
<br>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br>
color:#1F497D'>Some schemes add a header to the beginning of the file with the cleartext<br>
length, so the decrypter can easily discard the padding.&nbsp; Also, consider<br>
using CBC mode with a non-zero IV, which has some security advantages.<o:p></o:p></span></p><br>
<br>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br>
color:#1F497D'><o:p>&nbsp;</o:p></span></p><br>
<br>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><br>
<br>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span<br>
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>
pycrypto-bounces@lists.dlitz.net [mailto:pycrypto-bounces@lists.dlitz.net] <b>On<br>
Behalf Of </b>John Matthew<br><br>
<b>Sent:</b> Thursday, November 10, 2011 12:10 PM<br><br>
<b>To:</b> PyCrypto discussion list<br><br>
<b>Subject:</b> Re: [pycrypto] Public Key encryption of files<o:p></o:p></span></p><br>
<br>
</div><br>
<br>
<p class=MsoNormal><o:p>&nbsp;</o:p></p><br>
<br>
<p class=MsoNormal>Dean, thanks for the reply<o:p></o:p></p><br>
<br>
<div><br>
<br>
<p class=MsoNormal><o:p>&nbsp;</o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal><o:p>&nbsp;</o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal>Ah, I see. &nbsp;If I want to encrypt a 2mb file with<br>
a&nbsp;Symmetric&nbsp;Key, it just has to have a &quot;16 byte padding&quot;<br>
for AES, or do all the chunks need to be 16 bytes?<o:p></o:p></p><br>
<br>
<div><br>
<br>
<p class=MsoNormal><o:p>&nbsp;</o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='margin-bottom:12.0pt'>J<o:p></o:p></p><br>
<br>
<div><br>
<br>
<p class=MsoNormal>On Thu, Nov 10, 2011 at 5:17 AM, Dean Macinskas &lt;<a<br>
href="mailto:dmacinskas@geobridge.net">dmacinskas@geobridge.net</a>&gt; wrote:<o:p></o:p></p><br>
<br>
<div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>John,</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>Unless the file is small, the typical<br>
way to encrypt a file is to use a symmetric key, like TDES or AES.&nbsp;<br>
Asymmetric key crypto is usually too slow for bulk encryption; you use a<br>
symmetric key for that, and store/export the symmetric key using asymmetric key<br>
protection.</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>The block size of a public key is fixed<br>
by the length of the key; in other words, if you generate a 2048 bit key, the<br>
block size is 2048 bits (256 bytes).&nbsp; Symmetric key block length is set by<br>
the algorithm: 8 bytes for TDES, 16 for AES.&nbsp; Any data you encrypt has to<br>
be padded to a multiple of the block length.</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>If you use RSA, there are a couple of<br>
rules for encrypting data, one of which is that the data has to be numerically<br>
less than the public modulus.&nbsp; This is usually accomplished by setting the<br>
left-most bit (MSB) of the data block to zero; another reason why using a<br>
public key directly is not a good choice for bulk encryption.</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>HTH,</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>Dean</span><o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br>
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br>
<br>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span<br>
style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> <a<br>
href="mailto:pycrypto-bounces@lists.dlitz.net" target="_blank">pycrypto-bounces@lists.dlitz.net</a><br>
[mailto:<a href="mailto:pycrypto-bounces@lists.dlitz.net" target="_blank">pycrypto-bounces@lists.dlitz.net</a>]<br>
<b>On Behalf Of </b>John Matthew<br><br>
<b>Sent:</b> Tuesday, November 08, 2011 11:59 AM<br><br>
<b>To:</b> <a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br>
<b>Subject:</b> [pycrypto] Public Key encryption of files</span><o:p></o:p></p><br>
<br>
</div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>First<br>
off, pycrypto is awesome! &nbsp;Thank you for creating it!<o:p></o:p></p><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I'd<br>
like to use Public Keys to encrypt files, is this something that seems<br>
appropriate for file encryption?<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I've<br>
noticed that the encrypt method for RSA keys is only 256 bytes, which seems<br>
rather small.<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I<br>
know I could wrap that in a generator, but was hoping for some feedback on<br>
another way or a configuration change to increase that number.<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thanks<br>
for your contribution, and help.<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br>
<br>
</div><br>
<br>
<div><br>
<br>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>J<o:p></o:p></p><br>
<br>
</div><br>
<br>
</div><br>
<br>
</div><br>
<br>
<p class=MsoNormal style='margin-bottom:12.0pt'><br><br>
_______________________________________________<br><br>
pycrypto mailing list<br><br>
<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto"<br>
target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><o:p></o:p></p><br>
<br>
</div><br>
<br>
<p class=MsoNormal><o:p>&nbsp;</o:p></p><br>
<br>
</div><br>
<br>
</div><br>
<br>
</div><br>
<br>
</body><br>
<br>
</html><br>
</tt>
|