How to encrypt / decrypt long input messages using RSA? [Openssl, C]

Question

How to encrypt / decrypt long input messages using RSA? [Openssl, C]

I wrote a simple test program that encrypts / decrypts a message.

I have a keylength :

int keylength = 1024; // it can also be 2048, 4096

and maximum input length:

int maxlen = (keylength/8)-11;

and I know that my input size should be <than maxlen, something like this:

 if(insize >= maxlen) printf("cannot encrypt/decrypt!\n");

My question is simple - is it possible (if so, how to do it) for encryption / decryption using RSA messages LONG than maxlen ?

The main code is also very simple, but only works when insize <MaxLen:

  if((encBytes=RSA_public_encrypt(strlen(buff1)+1, buff1, buff2, keypair, RSA_PKCS1_PADDING)) == -1) { printf("error\n"); } if((decBytes=RSA_private_decrypt(encBytes, buff2, buff3, keypair, RSA_PKCS1_PADDING)) == -1) { printf("error\n"); }

+6

c cryptography openssl encryption rsa

ivy Oct 13 '13 at 10:25

source share

4 answers

Nickolay Olshevsky · Answer 1 · 2013-10-13T11:51:26+0000

Encryption of long messages requires a combined scheme. The RSA algorithm encrypts the session key (i.e., the AES key), and the data itself is encrypted using this key. I would recommend not to invent another bike and use a well-established scheme, i.e. PKCS # 7 / CMS or OpenPGP, depending on your needs.

Vlad Krasnov · Answer 2 · 2013-10-13T10:30:45+0000

In this case, you can use RSA as a block cipher. This message break is several blocks smaller than maxlen. Otherwise impossible.

Ebbe M. pedersen · Answer 3 · 2013-10-20T00:35:32+0000

You could encrypt long messages using RSA just like block ciphers do. That is, messages in blocks are encrypted and the blocks are associated with the corresponding chain mode. However, this is not an ordinary way to do this, and you will not find support for it (RSA chain) in the libraries you use.

Since RSA is fairly slow, a common way to encrypt large messages is to use hybrid encryption. Hybrid encryption uses a fast, symmetric encryption algorithm (such as AES ) to encrypt data with a random key. Then the random key is encrypted using RSA and sends the symmetric key along with the encrypted data.

EDIT:

As for your implementation, you have insize = 1300 and keylength = 1024 , which gives maxlen = 117 . To encrypt a complete message, you need 12 ciphers, each of which creates 128 bytes, providing an encrypted size of 1536 bytes. In your code, you only allocate 1416 byte buffers. Also, you don't seem to allow 128 bytes to be output, as you only increment with 117 in:

 RSA_public_encrypt(maxlen, buff1+i, buff2+i, keypair, RSA_PKCS1_PADDING)

and

 i += maxlen;

Murph · Answer 4 · 2013-10-21T17:13:27+0000

If you want to run RSA in block cipher mode, you will need to run it in a loop.

Like most other commentators, I would like to point out that this is a poor use of RSA. You just have to encrypt the AES key with RSA, and then use AES for a longer message.

However, I am not one of those who allow practicality to embark on the path of learning, so how do you do it. This code has not been verified since I do not know which libraries you use. It is also a bit overly verbose, for readability.

 int inLength = strlen(buff1)+1; int numBlocks = (inLength / maxlen) + 1; for (int i = 0; i < numBlocks; i++) { int bytesDone = i * maxlen; int remainingLen = inLength - bytesDone; int thisLen; // The length of this block if (remainingLen > maxlen) { thisLen = maxlen; } else { thisLen = remainingLen; } if((encBytes=RSA_public_encrypt(thisLen, buff1 + bytesDone, buff2 + bytesDone, keypair, RSA_PKCS1_PADDING)) == -1) { printf("error\n"); } // Okay, IDK what the first parameter to this should be. It depends on the library. You can figure it out, hopefully. if((decBytes=RSA_private_decrypt(idk, buff2 + bytesDone, buff3 + bytesDone, keypair, RSA_PKCS1_PADDING)) == -1) { printf("error\n"); } }

How to encrypt / decrypt long input messages using RSA? [Openssl, C]

More articles: