[pycrypto] Security of public_key.encrypt() and private_key.decrypt()
the2nd at otpme.org
the2nd at otpme.org
Sat Oct 10 13:32:55 PDT 2015
I'm not sure if this is the right list to ask my question but i'll give
it a try.
After reading the docs and doing some tests i found out that the
encrypt()/decrypt() methods of the RSA key object exactly do what i need
for OTPme (http://www.otpme.org).
My requirement is that the ciphertext for the same cleartext will always
be the same. Thats not the case when using a scheme like PKCS1_OAEP and
i guess that this behavior cannot be changed (probably for a good
To be clear, i'm talking about this methods:
I guess the ciphertext generated by the methods above is vulnerable to
brute force attacks. If i encrypt the string "hello world" with the
public key and the resulting ciphertext is always the same its easy to
brute force. But are there any other security implications when using
My use case is the following:
- The user logs in using the OTPme PAM module which sends a auth request
the the OTPme server
- On success the server sends back a session password (32 char hex
- The client generates a RSA key pair
- The session password is added to the otpme-agent which keeps it in
- The session password is encrypted with the RSA public key
- The encrypted session password along with the public key is saved to a
- The private key is encrypted using AES with the users password (or
some hardware token like the yubikey via HMAC challenge/response)
- The encrypted private key is saved to a file along with the offline
- From time to time the agent does a renegotiation with the server and
gets a new session password
- The agent encrypts the old password with the public key from the
session file and checks if the ciphertext matches the one from the
- Thats the reason for my initial requirement. Without this check an
attacker could create a fake session file with a public key he has the
private key for...
- The agent encrypts the new session password with the public key from
the session file and replaces the old encrypted session password with
the new one
Thats the short version of what the OTPme client does. There are some
more things because it supports offline logins etc. but this should not
be important for my question.
So my final question is. Is it secure to save a 32 char hex string
encrpyted with the public key encrypt() method?
There are some other things i am unsure about when it comes to AES
encryption but thats for another mail....
More information about the pycrypto