RSA - relation between message size and key size

Steffen Bingel, pi4 sbi at pi4.de
Fri Jul 6 10:24:46 CEST 2018


Hi Karl,

thanks for your reply. What I am trying to do goes more into the 
direction of what gpg offers with its encrypt decrypt feature. As far as 
I understood there is done what you are suggesting. Create a random key, 
encrypt the data symmetrically with this key and use asymmetric 
encryption for this key. Ok...

The big unanswered question is still why the gcry_pk_encrypt only works 
properly with data up to the key size and if that behavior is intended. 
Why is that function generating unusable output without throwing an error?

On 27.06.2018 03:43, Karl Magdsick wrote:
> There are a variety of attacks against RSA when used in this manner.  You
> really should use OAEP (
> https://en.m.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding ) and
> you almost certainly should use RSA to exchange keys for a symmetric
> authenticated encryption algorithm (such as ChaCha20-Poly1305 or AES-GCM).
>
> It goes without saying that playing around with encryption is fun, but for
> anything serious, use a high-level well-reviewed library implementing
> well-studied protocols.  libgnutls, libgpgme, and libsodium are good
> choices, depending on your use case.  libgcrypt is a low-level library
> meant as a building block for high-level end-user libraries.
>
>
> Cheers,
> Karl
>
> On Tue, Jun 26, 2018, 23:33 Steffen Bingel, pi4 <sbi at pi4.de> wrote:
>
>> Hi,
>>
>> at first, this is the first time for me using a mailing list and I
>> apologize in advance for any violation of rules I may not know yet.
>>
>> I'm playing around with the private/public key functions of libgcrypt
>> and ran into an behavior I couldn't find an explanation for. If my
>> message that I try to encrypt is larger than the key I use for
>> encryption the pk_encrypt seems to generate random data without throwing
>> an error. The following code is a condensed copy from
>> https://github.com/vedantk/gcrypt-example/blob/master/main.cc. If my
>> message contains 32 characters (256 bit) this works fine but if I pass
>> 33 or more characters the decrypted messages makes no sense at all. I
>> was also playing around with bigger keys where I could observe the same
>> behavior (msg bigger than key not working).
>>
>> So if the function is not intended to take data larger than the key, why
>> is it not returning an error?
>>
>> What is the correct way to encrypt large, at least larger than the key,
>> binary data I have in memory?
>>
>> Thanks a lot
>>
>>       gcry_error_t err;
>>
>>       #define _assert(cmd) {\
>>           err = cmd;\
>>           if (err != GPG_ERR_NO_ERROR) {\
>>               L("ERR: command returned: %s",gcry_strerror(err));\
>>           }}
>>
>>       /* generate key pair */
>>       gcry_sexp_t rsa_keypair;
>>       gcry_sexp_t parms;
>>       _assert(gcry_sexp_build( &parms, NULL, "(genkey(rsa(nbits
>> %d)))",256));
>>
>>       _assert(gcry_pk_genkey( &rsa_keypair,parms ));
>>
>>       gcry_sexp_t pubk = gcry_sexp_find_token(rsa_keypair, "public-key", 0);
>>       gcry_sexp_t privk = gcry_sexp_find_token(rsa_keypair,
>> "private-key", 0);
>>
>>       /* Create a message. */
>>       gcry_mpi_t msg;
>>       gcry_sexp_t data;
>>       const unsigned char* s = (const unsigned char*)
>>           "uweoirdnd1iejfkslrm2kdleirjfm3xss";
>>       _assert(gcry_mpi_scan(&msg, GCRYMPI_FMT_USG, s, strlen((const
>> char*) s), NULL));
>>
>>       gcry_mpi_dump(msg);
>>
>>       _assert(gcry_sexp_build(&data, NULL,"(data (flags raw) (value
>> %m))", msg));
>>
>>       gcry_sexp_dump(data);
>>
>>       /* Encrypt the message. */
>>       gcry_sexp_t ciph;
>>       _assert(gcry_pk_encrypt(&ciph, data, pubk));
>>
>>       gcry_sexp_dump(ciph);
>>
>>       /* Decrypt the message. */
>>       gcry_sexp_t plain;
>>       _assert(gcry_pk_decrypt(&plain, ciph, privk));
>>
>>       /* Pretty-print the results. */
>>       gcry_mpi_t out_msg = gcry_sexp_nth_mpi(plain, 0, GCRYMPI_FMT_USG);
>>       L("Original:");
>>       gcry_mpi_dump(msg);
>>       L("\n" "Decrypted:");
>>       gcry_mpi_dump(out_msg);
>>
>>       if (gcry_mpi_cmp(msg, out_msg)) {
>>           L("data corruption!");
>>       } else {
>>           L("Messages match.\n");
>>       }
>>
>>
>>
>>
>>
>> _______________________________________________
>> Gcrypt-devel mailing list
>> Gcrypt-devel at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>>

-- 
<http://www.youtube.com/user/pi4robotics> 
<https://www.facebook.com/pages/Pi4robotics/585066464944400> 
<http://shop.pi4.de/> shop pi4 <http://www.pi4.de/> 
<https://plus.google.com/114443897501813508840/posts> 
<https://twitter.com/pi4_robotics>

Mit freundlichen Grüßen
Yours sincerely

Steffen Bingel

pi4_robotics GmbH
Gustav-Meyer-Allee 25
13355 Berlin
Tel: +49 (0)30-7009694-210
Fax: +49 (0)30-7009694-69
Email: sbi at pi4.de
URL: www.pi4.de
Registergericht Berlin HRB 80513
Geschäftsführer: Matthias Krinke
USt-ID: DE217617178
Zollnr.: 6559298




More information about the Gcrypt-devel mailing list