[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.
Antonio Teixeira
eagle.antonio at gmail.com
Fri Apr 20 12:48:56 EDT 2012
Hello Legrandin & Others.
I'm currently trying to implement the following :
The "proper" way to do encryption would be to create a random AES
session key (16 bytes), encrypt it with RSA (hopefully at least 2048
bit long), send it, pad the data, encrypt it with AES, send it.
Ok So ..
- Create A Random AES 16 Bytes ( I'm assuming this will be the "secret")
- Pad The Payload
- Encrypt Using AES
- Encrypt The Secret + Payload With the RSA Key
- Make A Signature Of The Entire "Encrypted Payload"
- Append it to the "Encrypted Payload"
Send it ....
Recv it ..
Make the reverse process.
One thing i can't use the Normal SSL/TLS type of "session key" since there
is no state across requests or during the handshake.
Meaning "one worker can receive the request but another one can answer it
and there is no shared memory between the two."
2012/4/12 Antonio Teixeira <eagle.antonio at gmail.com>
> Legrandin thank you for your help.
> When i have time i will put something on pastebin so it can serve as
> example for future members that require this type of solution :)
>
> Regards
> A/T
>
> 2012/4/11 Legrandin <gooksankoo at hoiptorrow.mailexpire.com>
>
>> > So after a small search i found out that if i increase the RSA Modulus
>> i'm
>> > able to encrypt larger number of bits ( makes sense ) but this feels
>> dirty.
>> >
>> > What do your guys recommend ?
>> >
>> > Breaking the data in chunks and encrypting part by part joining it all
>> in a
>> > buffer and send it down the socket all in one with the other server
>> > decrypting part by part and merging the data again ?
>> >
>> > P.S - I dont mind fishing by myself just trying to understand the best
>> "way
>> > / more correct way " to do it :)
>>
>> Hi Antonio,
>>
>> Increasing the RSA key length is not "dirty": it simply increases
>> security (and incidentally useful payload size) at the expense of
>> decryption speed.
>> If decryption speed is not that important to you, and you have a clear
>> idea on how long you data can be at most, go ahead and increase the
>> key size. The time you gain by taking this approach can be spent on
>> important tasks like making the private key secure, or adding some
>> form of authentication to your protocol.
>>
>> The "proper" way to do encryption would be to create a random AES
>> session key (16 bytes), encrypt it with RSA (hopefully at least 2048
>> bit long), send it, pad the data, encrypt it with AES, send it.
>> Additionally, you should also sign the data and send the signature
>> along.
>>
>> At the receiving end, you decrypt the session key with RSA, decrypt
>> the data with AES, unpad the data, and verify its signature.
>> _______________________________________________
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20120420/0447be4b/attachment.html>
More information about the pycrypto
mailing list