[pycrypto] Public Key encryption of files

Dean Macinskas dmacinskas at geobridge.net
Thu Nov 10 12:18:53 CST 2011

All blocks need to be 16 bytes.  So for example, if the file is 2,000,005 bytes, you'd encrypt 125,000 16-byte blocks; you then have 5 bytes left over, to which you'd add 11 padding bytes, which can be any binary value and then encrypt that last block.

Some schemes add a header to the beginning of the file with the cleartext length, so the decrypter can easily discard the padding.  Also, consider using CBC mode with a non-zero IV, which has some security advantages.

From: pycrypto-bounces at lists.dlitz.net [mailto:pycrypto-bounces at lists.dlitz.net] On Behalf Of John Matthew
Sent: Thursday, November 10, 2011 12:10 PM
To: PyCrypto discussion list
Subject: Re: [pycrypto] Public Key encryption of files

Dean, thanks for the reply

Ah, I see.  If I want to encrypt a 2mb file with a Symmetric Key, it just has to have a "16 byte padding" for AES, or do all the chunks need to be 16 bytes?

On Thu, Nov 10, 2011 at 5:17 AM, Dean Macinskas <dmacinskas at geobridge.net<mailto:dmacinskas at geobridge.net>> wrote:

Unless the file is small, the typical way to encrypt a file is to use a symmetric key, like TDES or AES.  Asymmetric key crypto is usually too slow for bulk encryption; you use a symmetric key for that, and store/export the symmetric key using asymmetric key protection.

The block size of a public key is fixed by the length of the key; in other words, if you generate a 2048 bit key, the block size is 2048 bits (256 bytes).  Symmetric key block length is set by the algorithm: 8 bytes for TDES, 16 for AES.  Any data you encrypt has to be padded to a multiple of the block length.

If you use RSA, there are a couple of rules for encrypting data, one of which is that the data has to be numerically less than the public modulus.  This is usually accomplished by setting the left-most bit (MSB) of the data block to zero; another reason why using a public key directly is not a good choice for bulk encryption.


From: pycrypto-bounces at lists.dlitz.net<mailto:pycrypto-bounces at lists.dlitz.net> [mailto:pycrypto-bounces at lists.dlitz.net<mailto:pycrypto-bounces at lists.dlitz.net>] On Behalf Of John Matthew
Sent: Tuesday, November 08, 2011 11:59 AM
To: pycrypto at lists.dlitz.net<mailto:pycrypto at lists.dlitz.net>
Subject: [pycrypto] Public Key encryption of files

First off, pycrypto is awesome!  Thank you for creating it!

I'd like to use Public Keys to encrypt files, is this something that seems appropriate for file encryption?

I've noticed that the encrypt method for RSA keys is only 256 bytes, which seems rather small.

I know I could wrap that in a generator, but was hoping for some feedback on another way or a configuration change to increase that number.

Thanks for your contribution, and help.


pycrypto mailing list
pycrypto at lists.dlitz.net<mailto:pycrypto at lists.dlitz.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.dlitz.net/pipermail/pycrypto/attachments/20111110/bda53c29/attachment.htm 

More information about the pycrypto mailing list