RSA - relation between message size and key size

Weikeng Chen w.k at berkeley.edu
Fri Jul 6 10:41:45 CEST 2018


Hi Steffen,

I think your question is about whether the encryption algorithm should
check where the message fits into the message space.

So, asymmetric encryption algorithms today are commonly used to encrypt
keys rather than data, and the common key size is far smaller than the
message size of common RSA message space.

I think that is the reason why such a check does not exist in the current
implementation.

On Fri, Jul 6, 2018, 1:24 AM Steffen Bingel, pi4 <sbi at pi4.de> wrote:

> Hi Karl,
>
> thanks for your reply. What I am trying to do goes more into the
> direction of what gpg offers with its encrypt decrypt feature. As far as
> I understood there is done what you are suggesting. Create a random key,
> encrypt the data symmetrically with this key and use asymmetric
> encryption for this key. Ok...
>
> The big unanswered question is still why the gcry_pk_encrypt only works
> properly with data up to the key size and if that behavior is intended.
> Why is that function generating unusable output without throwing an error?
>
> On 27.06.2018 03:43, Karl Magdsick wrote:
> > There are a variety of attacks against RSA when used in this manner.  You
> > really should use OAEP (
> > https://en.m.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding )
> and
> > you almost certainly should use RSA to exchange keys for a symmetric
> > authenticated encryption algorithm (such as ChaCha20-Poly1305 or
> AES-GCM).
> >
> > It goes without saying that playing around with encryption is fun, but
> for
> > anything serious, use a high-level well-reviewed library implementing
> > well-studied protocols.  libgnutls, libgpgme, and libsodium are good
> > choices, depending on your use case.  libgcrypt is a low-level library
> > meant as a building block for high-level end-user libraries.
> >
> >
> > Cheers,
> > Karl
> >
> > On Tue, Jun 26, 2018, 23:33 Steffen Bingel, pi4 <sbi at pi4.de> wrote:
> >
> >> Hi,
> >>
> >> at first, this is the first time for me using a mailing list and I
> >> apologize in advance for any violation of rules I may not know yet.
> >>
> >> I'm playing around with the private/public key functions of libgcrypt
> >> and ran into an behavior I couldn't find an explanation for. If my
> >> message that I try to encrypt is larger than the key I use for
> >> encryption the pk_encrypt seems to generate random data without throwing
> >> an error. The following code is a condensed copy from
> >> https://github.com/vedantk/gcrypt-example/blob/master/main.cc. If my
> >> message contains 32 characters (256 bit) this works fine but if I pass
> >> 33 or more characters the decrypted messages makes no sense at all. I
> >> was also playing around with bigger keys where I could observe the same
> >> behavior (msg bigger than key not working).
> >>
> >> So if the function is not intended to take data larger than the key, why
> >> is it not returning an error?
> >>
> >> What is the correct way to encrypt large, at least larger than the key,
> >> binary data I have in memory?
> >>
> >> Thanks a lot
> >>
> >>       gcry_error_t err;
> >>
> >>       #define _assert(cmd) {\
> >>           err = cmd;\
> >>           if (err != GPG_ERR_NO_ERROR) {\
> >>               L("ERR: command returned: %s",gcry_strerror(err));\
> >>           }}
> >>
> >>       /* generate key pair */
> >>       gcry_sexp_t rsa_keypair;
> >>       gcry_sexp_t parms;
> >>       _assert(gcry_sexp_build( &parms, NULL, "(genkey(rsa(nbits
> >> %d)))",256));
> >>
> >>       _assert(gcry_pk_genkey( &rsa_keypair,parms ));
> >>
> >>       gcry_sexp_t pubk = gcry_sexp_find_token(rsa_keypair,
> "public-key", 0);
> >>       gcry_sexp_t privk = gcry_sexp_find_token(rsa_keypair,
> >> "private-key", 0);
> >>
> >>       /* Create a message. */
> >>       gcry_mpi_t msg;
> >>       gcry_sexp_t data;
> >>       const unsigned char* s = (const unsigned char*)
> >>           "uweoirdnd1iejfkslrm2kdleirjfm3xss";
> >>       _assert(gcry_mpi_scan(&msg, GCRYMPI_FMT_USG, s, strlen((const
> >> char*) s), NULL));
> >>
> >>       gcry_mpi_dump(msg);
> >>
> >>       _assert(gcry_sexp_build(&data, NULL,"(data (flags raw) (value
> >> %m))", msg));
> >>
> >>       gcry_sexp_dump(data);
> >>
> >>       /* Encrypt the message. */
> >>       gcry_sexp_t ciph;
> >>       _assert(gcry_pk_encrypt(&ciph, data, pubk));
> >>
> >>       gcry_sexp_dump(ciph);
> >>
> >>       /* Decrypt the message. */
> >>       gcry_sexp_t plain;
> >>       _assert(gcry_pk_decrypt(&plain, ciph, privk));
> >>
> >>       /* Pretty-print the results. */
> >>       gcry_mpi_t out_msg = gcry_sexp_nth_mpi(plain, 0, GCRYMPI_FMT_USG);
> >>       L("Original:");
> >>       gcry_mpi_dump(msg);
> >>       L("\n" "Decrypted:");
> >>       gcry_mpi_dump(out_msg);
> >>
> >>       if (gcry_mpi_cmp(msg, out_msg)) {
> >>           L("data corruption!");
> >>       } else {
> >>           L("Messages match.\n");
> >>       }
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Gcrypt-devel mailing list
> >> Gcrypt-devel at gnupg.org
> >> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
> >>
>
> --
> <http://www.youtube.com/user/pi4robotics>
> <https://www.facebook.com/pages/Pi4robotics/585066464944400>
> <http://shop.pi4.de/> shop pi4 <http://www.pi4.de/>
> <https://plus.google.com/114443897501813508840/posts>
> <https://twitter.com/pi4_robotics>
>
> Mit freundlichen Grüßen
> Yours sincerely
>
> Steffen Bingel
>
> pi4_robotics GmbH
> Gustav-Meyer-Allee 25
> 13355 Berlin
> Tel: +49 (0)30-7009694-210
> Fax: +49 (0)30-7009694-69
> Email: sbi at pi4.de
> URL: www.pi4.de
> Registergericht Berlin HRB 80513
> Geschäftsführer: Matthias Krinke
> USt-ID: DE217617178
> Zollnr.: 6559298
>
>
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20180706/ff68ee72/attachment.html>


More information about the Gcrypt-devel mailing list