Re: asymmetric encryption options

On 8/28/06, snacktime <snacktime@xxxxxxxxx> wrote:
Without going into too much detail, I've run into a roadblock using
rsa. I need to encrypt data that is larger than the key size. Right
now I am generating a random key, encrypting the data with it using
AES, then encrypting the key with rsa. Works, but I'd rather keep it
simpler if there is another asymmetric cipher I could use in place of
rsa. At most the data to be encrypted would be 10 times the key size.

Any ideas?

Chris

1. You can try larger key, though I don't think it's a good idea.
Exponetiation algorithms are O(n**2) at best, possibly O(n**3). That
means, in the ideal case, that when you have 10x larger key, you'd
need 100x more multiplications.

2. You can split the longer key into blocks, and encrypt them alone.
If it is fast enough for you, then you're done.

3. If it is too slow, use the above mentioned combination of RSA&AES.
The tradeoff is slow RSA speed vs time of AES initialisation. In case
of relatively small number of blocks, AES might be slower.

4. For RSA+AES, I'd have a look at PKCS#1, either at the original
padding or OAEP. The original padding is really simple to implement,
and it'll save you some wheel reinventing. The newer one, OAEP, is
more complicated, but has some nice additional properties. You can use
standard pkcs tools to generate/test your data in this case as an
additional benefit.

5. For RSA only, I'd use some padding scheme as well, possibly based on PKCS.
I'd include block number somewhere to prevent reordering. You need to
make sure that the block doesn't produces a number larger than modulo
(in PKCS this is achived by adding 00 00 or 01 00 bytes in front of
the data).

6. You can try ElGamal [1] that allows you to precompute most of the
things berforehand, so it might be possible to use large keys. Even if
you choose the "random" parameters small enough, you might be able to
trade some security for some speed.

[1] http://en.wikipedia.org/wiki/ElGamal_encryption

HTH.

J.

.

Relevant Pages

  • Re: Asp.net 2.0 deployment with encryption
    ... I guesss I will create a rsa key on the production server. ... Export the public xml/key to a common location on some server. ... As for the ASP.NET 2.0 configuration section protection, ... encryption which use a single shared session key to encrypt and decrypte ...
    (microsoft.public.dotnet.framework.aspnet)
  • RSA padding questions
    ... encrypted using RSA and standard OAEP ... padding, ... still produces the same ciphertext 'c'? ... and then have 'm1' be any gibberish random text that would encrypt to ...
    (sci.crypt)
  • Re: What is exponent?
    ... For simple description of RSA algorithm ... I also have the receiver's certificate (public key only). ... Use RSA to encrypt the session key ...
    (microsoft.public.dotnet.security)
  • Re: Decrypt RSA using D
    ... We are planning on using RSA with WSE, so it only uses RSA to encrypt the symmetric key used for the SOAP body--the same scenario you outlined below. ... owner of the private key can decrypt it. ... always embedded inside the CSP key container and never passed out into the ...
    (microsoft.public.dotnet.framework)
  • Re: RSA Encryption
    ... this is a limit set by the RSA 1024 bit algorithm. ... William Stacey [MVP] wrote: ... Maybe you can if no padding is used, ... so a larger key can encrypt more bytes. ...
    (microsoft.public.dotnet.languages.csharp)