[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
Legrandin
gooksankoo at hoiptorrow.mailexpire.com
Wed Apr 11 08:19:09 EDT 2012
> So after a small search i found out that if i increase the RSA Modulus i'm
> able to encrypt larger number of bits ( makes sense ) but this feels dirty.
>
> What do your guys recommend ?
>
> Breaking the data in chunks and encrypting part by part joining it all in a
> buffer and send it down the socket all in one with the other server
> decrypting part by part and merging the data again ?
>
> P.S - I dont mind fishing by myself just trying to understand the best "way
> / more correct way " to do it :)
Hi Antonio,
Increasing the RSA key length is not "dirty": it simply increases
security (and incidentally useful payload size) at the expense of
decryption speed.
If decryption speed is not that important to you, and you have a clear
idea on how long you data can be at most, go ahead and increase the
key size. The time you gain by taking this approach can be spent on
important tasks like making the private key secure, or adding some
form of authentication to your protocol.
The "proper" way to do encryption would be to create a random AES
session key (16 bytes), encrypt it with RSA (hopefully at least 2048
bit long), send it, pad the data, encrypt it with AES, send it.
Additionally, you should also sign the data and send the signature
along.
At the receiving end, you decrypt the session key with RSA, decrypt
the data with AES, unpad the data, and verify its signature.
More information about the pycrypto
mailing list