[pycrypto] RSA / OAEP - ValueError: Plaintext is too long.

Paul_Koning at Dell.com Paul_Koning at Dell.com
Fri Apr 20 12:59:36 EDT 2012


I assume you meant in step 4 "encrypt the secret (but NOT the payload) with RSA".  Otherwise you've double-encrypted stuff and consumed vast quantities of time doing bulk encryption with RSA.

If so, you have recreated approximately what PGP does, because it too doesn't rely on a real time session.  You might take a look at the PGP RFC for a detailed recipe to follow.

               paul

From: pycrypto-bounces at lists.dlitz.net [mailto:pycrypto-bounces at lists.dlitz.net] On Behalf Of Antonio Teixeira
Sent: Friday, April 20, 2012 12:49 PM
To: PyCrypto discussion list
Subject: Re: [pycrypto] RSA / OAEP - ValueError: Plaintext is too long.

Hello Legrandin & Others.

I'm currently trying to implement the following :

The "proper" way to do encryption would be to create a random AES
session key (16 bytes), encrypt it with RSA (hopefully at least 2048
bit long), send it, pad the data, encrypt it with AES, send it.

Ok So ..
 - Create A Random AES 16 Bytes ( I'm assuming this will be the "secret")
- Pad The Payload
- Encrypt Using AES
- Encrypt The Secret +  Payload With the RSA Key
- Make A Signature Of The Entire "Encrypted Payload"
- Append it to the "Encrypted Payload"
Send it ....

Recv it ..
Make the reverse process.

One thing i can't use the Normal SSL/TLS type of "session key" since there is no state across requests or during the handshake.
Meaning "one worker can receive the request but another one can answer it and there is no shared memory between the two."
2012/4/12 Antonio Teixeira <eagle.antonio at gmail.com<mailto:eagle.antonio at gmail.com>>
Legrandin thank you for your help.
When i have time i will put something on pastebin so it can serve as example for future members that require this type of solution :)

Regards
A/T

2012/4/11 Legrandin <gooksankoo at hoiptorrow.mailexpire.com<mailto:gooksankoo at hoiptorrow.mailexpire.com>>
> So after a small search i found out that if i increase the RSA Modulus i'm
> able to encrypt larger number of bits ( makes sense )  but this feels dirty.
>
> What do your guys recommend ?
>
> Breaking the data in chunks and encrypting part by part joining it all in a
> buffer and send it down the socket all in one with the other server
> decrypting part by part and merging the data again ?
>
> P.S - I dont mind fishing by myself just trying to understand the best "way
> / more correct way " to do it :)
Hi Antonio,

Increasing the RSA key length is not "dirty": it simply increases
security (and incidentally useful payload size) at the expense of
decryption speed.
If decryption speed is not that important to you, and you have a clear
idea on how long you data can be at most, go ahead and increase the
key size. The time you gain by taking this approach can be spent on
important tasks like making the private key secure, or adding some
form of authentication to your protocol.

The "proper" way to do encryption would be to create a random AES
session key (16 bytes), encrypt it with RSA (hopefully at least 2048
bit long), send it, pad the data, encrypt it with AES, send it.
Additionally, you should also sign the data and send the signature
along.

At the receiving end, you decrypt the session key with RSA, decrypt
the data with AES, unpad the data, and verify its signature.
_______________________________________________
pycrypto mailing list
pycrypto at lists.dlitz.net<mailto:pycrypto at lists.dlitz.net>
http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20120420/130e2f16/attachment.html>


More information about the pycrypto mailing list