That helped a lot! Thanks, Greg! Michelle
On Fri, 14 Mar 2003, Gregory Stark wrote: > > ----- Original Message ----- > From: "Michelle Li" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, March 12, 2003 9:38 AM > Subject: RSA padding scheme, plz help! > > > > On the card, the supported padding schemes are RSA_ISO14888, RSA_ISO9796, > > RSA_PKCS1, and RSA_NO_PAD. I was told that RSA_ISO9796 and RSA_PKCS1 are > > suitable for data of limited length (k/2 and k-11 max, respectively, where > > k is the RSA key size in bytes). Some of my data will be a lot more than > > that, so I guess I can't use those two? But which of these are supported > > by openssl? > > I believe the first two are not supported and are for RSA signatures anyway. > RSA_PKCS1 and RSA_NO_PAD are supported for encryption. > > > > > I'm new to cryptography, so any advises and help would be greatly > > appreciated. Thanks a lot! > > > > Usually, large amounts of data are not encrypted with RSA. It can be done, > but it is much slower then alternative methods. The usual technique employs > something called a 'digital envelope'. It combines the speed of a fast > symmetric encryption algorithm like AES, DES, 3DES, Blowfish, etc. with the > benefits of public key techniques. It works as follows: > > Consider a stream of data bytes that you want to encrypt, b0, b1, b2, ..., > b10000 (10000 is just an example size), and suppose you are using 1024 bit > RSA. In your notation above k=1024/8=128 bytes. Using the RSA_PKCS1 padding > we can encrypt up to 128-11=117 bytes. Just take the first 117 bytes of > data, b0 through b116, and RSA encrypt them. You get 128 bytes out. Then > take the next 117 bytes of data, b117 through b233, and RSA encrypt them. > You can another 128 bytes out. Continue on in this manner until you have > encrypted the all the data. On the decrypt side you just reverse the > process. Take the first 128 bytes of data and RSA decrypt them. The result > is the first 117 bytes of plaintext. > > Using the digital envelope technique instead, you first select a symmetric > encryption algorithm. Lets use Blowfish as an example. Next generate a > random blowfish key of 16 bytes, call it BKEY. Now you encrypt all the data > using blowfish with key BKEY and only encrypt the 16 byte quantity BKEY with > RSA. Send the RSA encrypted BKEY and the blowfish encrypted data to the > recipient. The recipient use RSA decryption to recover BKEY, and then uses > blowfish with the just recovered BKEY to decrypt the rest of the data. For > typical sized messages this will be between 200-2000 times faster than using > just RSA. It is also a little more efficient with bandwidth, since pure RSA > encryption takes 117 bytes in => 128 bytes out. > > Hope this helps, > > ====================== > Greg Stark > [EMAIL PROTECTED] > ====================== > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
