[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
Antonio Teixeira
eagle.antonio at gmail.com
Thu Apr 12 12:34:06 EDT 2012
Legrandin thank you for your help.
When i have time i will put something on pastebin so it can serve as
example for future members that require this type of solution :)
Regards
A/T
2012/4/11 Legrandin <gooksankoo at hoiptorrow.mailexpire.com>
> > So after a small search i found out that if i increase the RSA Modulus
> i'm
> > able to encrypt larger number of bits ( makes sense ) but this feels
> dirty.
> >
> > What do your guys recommend ?
> >
> > Breaking the data in chunks and encrypting part by part joining it all
> in a
> > buffer and send it down the socket all in one with the other server
> > decrypting part by part and merging the data again ?
> >
> > P.S - I dont mind fishing by myself just trying to understand the best
> "way
> > / more correct way " to do it :)
>
> Hi Antonio,
>
> Increasing the RSA key length is not "dirty": it simply increases
> security (and incidentally useful payload size) at the expense of
> decryption speed.
> If decryption speed is not that important to you, and you have a clear
> idea on how long you data can be at most, go ahead and increase the
> key size. The time you gain by taking this approach can be spent on
> important tasks like making the private key secure, or adding some
> form of authentication to your protocol.
>
> The "proper" way to do encryption would be to create a random AES
> session key (16 bytes), encrypt it with RSA (hopefully at least 2048
> bit long), send it, pad the data, encrypt it with AES, send it.
> Additionally, you should also sign the data and send the signature
> along.
>
> At the receiving end, you decrypt the session key with RSA, decrypt
> the data with AES, unpad the data, and verify its signature.
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20120412/91c526c7/attachment.html>
More information about the pycrypto
mailing list