<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I assume you meant in step 4 “encrypt the secret (but NOT the payload) with RSA”. Otherwise you’ve double-encrypted stuff and consumed vast quantities of time doing bulk encryption with RSA.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If so, you have recreated approximately what PGP does, because it too doesn’t rely on a real time session. You might take a look at the PGP RFC for a detailed recipe to follow.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> paul<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> pycrypto-bounces@lists.dlitz.net [mailto:pycrypto-bounces@lists.dlitz.net] <b>On Behalf Of </b>Antonio Teixeira<br><b>Sent:</b> Friday, April 20, 2012 12:49 PM<br><b>To:</b> PyCrypto discussion list<br><b>Subject:</b> Re: [pycrypto] RSA / OAEP - ValueError: Plaintext is too long.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>Hello Legrandin & Others.<br><br>I'm currently trying to implement the following :<br><br>The "proper" way to do encryption would be to create a random AES<br>session key (16 bytes), encrypt it with RSA (hopefully at least 2048<br>bit long), send it, pad the data, encrypt it with AES, send it.<br><br>Ok So .. <br> - Create A Random AES 16 Bytes ( I'm assuming this will be the "secret")<br>- Pad The Payload <br>- Encrypt Using AES<br>- Encrypt The Secret + Payload With the RSA Key<br>- Make A Signature Of The Entire "Encrypted Payload"<br>- Append it to the "Encrypted Payload"<br>Send it ....<br><br>Recv it ..<br>Make the reverse process.<br> <br>One thing i can't use the Normal SSL/TLS type of "session key" since there is no state across requests or during the handshake.<br>Meaning "one worker can receive the request but another one can answer it and there is no shared memory between the two."<o:p></o:p></p><div><p class=MsoNormal>2012/4/12 Antonio Teixeira <<a href="mailto:eagle.antonio@gmail.com">eagle.antonio@gmail.com</a>><o:p></o:p></p><p class=MsoNormal>Legrandin thank you for your help.<br>When i have time i will put something on pastebin so it can serve as example for future members that require this type of solution :)<br><br>Regards<span style='color:#888888'><br><span class=hoenzb>A/T</span></span><o:p></o:p></p><div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>2012/4/11 Legrandin <<a href="mailto:gooksankoo@hoiptorrow.mailexpire.com" target="_blank">gooksankoo@hoiptorrow.mailexpire.com</a>><o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>> So after a small search i found out that if i increase the RSA Modulus i'm<br>> able to encrypt larger number of bits ( makes sense ) but this feels dirty.<br>><br>> What do your guys recommend ?<br>><br>> Breaking the data in chunks and encrypting part by part joining it all in a<br>> buffer and send it down the socket all in one with the other server<br>> decrypting part by part and merging the data again ?<br>><br>> P.S - I dont mind fishing by myself just trying to understand the best "way<br>> / more correct way " to do it :)<o:p></o:p></p></div><p class=MsoNormal>Hi Antonio,<br><br>Increasing the RSA key length is not "dirty": it simply increases<br>security (and incidentally useful payload size) at the expense of<br>decryption speed.<br>If decryption speed is not that important to you, and you have a clear<br>idea on how long you data can be at most, go ahead and increase the<br>key size. The time you gain by taking this approach can be spent on<br>important tasks like making the private key secure, or adding some<br>form of authentication to your protocol.<br><br>The "proper" way to do encryption would be to create a random AES<br>session key (16 bytes), encrypt it with RSA (hopefully at least 2048<br>bit long), send it, pad the data, encrypt it with AES, send it.<br>Additionally, you should also sign the data and send the signature<br>along.<br><br>At the receiving end, you decrypt the session key with RSA, decrypt<br>the data with AES, unpad the data, and verify its signature.<br>_______________________________________________<br>pycrypto mailing list<br><a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>