Error Encrytping Symmetric key with RSA Public Key

Hi group,

I have written a simple program to test my understanding of the

OpenSSL APIs.

And of course I have a problem with one of them. My problem is that when

I use

RSA_public_encrypt to encrypt my Symmetric key is get the following error:

[color=blue]

> Testing RSA encryption of Symmertic key

> 145 Encrypt In bytes: 128,

> 149 Encript failed:

> Code: 67555438

> error:0406D06E

> rsa routines:RSA_padding_add_PKCS1_type_2

> data too large for key size[/color]

The program first generates a Symmetric key, then uses it to encrypt and

decrypt some simple text that the user inputs. Next it create an RSA Key and

a public RSA key. then the same with these keys. The last thing tested is the

encryption of the Symmetric Key using the RSA keys which fails. The error

message does not make any sense to me since the Sym key is only 128 bytes.

I would appreciate any help with my problem. All of the code is here:

[url]http://64.124.13.3/_OpenSSL_/Keys/[/url]

Thanks for your time.

--

William Estrada

[email]MrUmunhum@popdial.com[/email]

Mt-Umunhum-Wireless.net ( [url]http://Mt-Umunhum-Wireless.net[/url] )

Ymessenger: MrUmunhum

______________________________________________________________________

OpenSSL Project [url]http://www.openssl.org[/url]

User Support Mailing List [email]openssl-users@openssl.org[/email]

Automated List Manager [email]majordomo@openssl.org[/email]

RE: Error Encrytping Symmetric key with RSA Public Key

The answer is in: "data too large for key size"

According to Secure Programming Cookbook, when using RSA PKCS #1 v1.5

padding you can only encrypt messages up to 11 bytes smaller than the

modulus size in bytes. If you are using RSA-1024, then that is

(1024/8)-11=117 bytes.

Bill

-----Original Message-----

From: [email]owner-openssl-users@openssl.org[/email]

[mailto:owner-openssl-users@openssl.org] On Behalf Of William Estrada

Sent: September 30, 2008 4:31 PM

To: [email]openssl-users@openssl.org[/email]

Subject: Error Encrytping Symmetric key with RSA Public Key

Hi group,

I have written a simple program to test my understanding of the

OpenSSL APIs.

And of course I have a problem with one of them. My problem is that when

I use

RSA_public_encrypt to encrypt my Symmetric key is get the following

error:

[color=blue]

> Testing RSA encryption of Symmertic key

> 145 Encrypt In bytes: 128,

> 149 Encript failed:

> Code: 67555438

> error:0406D06E

> rsa routines:RSA_padding_add_PKCS1_type_2

> data too large for key size[/color]

The program first generates a Symmetric key, then uses it to encrypt

and

decrypt some simple text that the user inputs. Next it create an RSA Key

and

a public RSA key. then the same with these keys. The last thing tested

is the

encryption of the Symmetric Key using the RSA keys which fails. The

error

message does not make any sense to me since the Sym key is only 128

bytes.

I would appreciate any help with my problem. All of the code is here:

[url]http://64.124.13.3/_OpenSSL_/Keys/[/url]

Thanks for your time.

--

William Estrada

[email]MrUmunhum@popdial.com[/email]

Mt-Umunhum-Wireless.net ( [url]http://Mt-Umunhum-Wireless.net[/url] )

Ymessenger: MrUmunhum

______________________________________________________________________

OpenSSL Project [url]http://www.openssl.org[/url]

User Support Mailing List [email]openssl-users@openssl.org[/email]

Automated List Manager [email]majordomo@openssl.org[/email]

______________________________________________________________________

OpenSSL Project [url]http://www.openssl.org[/url]

User Support Mailing List [email]openssl-users@openssl.org[/email]

Automated List Manager [email]majordomo@openssl.org[/email]

Re: Error Encrytping Symmetric key with RSA Public Key

Bill,

You are 100% right. I increased my buffer from 1024 to 1115 and it

works fine

now. I guess I should RTFM more?

Thanks.

Bill Colvin wrote:[color=blue]

> The answer is in: "data too large for key size"

>

> According to Secure Programming Cookbook, when using RSA PKCS #1 v1.5

> padding you can only encrypt messages up to 11 bytes smaller than the

> modulus size in bytes. If you are using RSA-1024, then that is

> (1024/8)-11=117 bytes.

>

> Bill

>

> -----Original Message-----

> From: [email]owner-openssl-users@openssl.org[/email]

> [mailto:owner-openssl-users@openssl.org] On Behalf Of William Estrada

> Sent: September 30, 2008 4:31 PM

> To: [email]openssl-users@openssl.org[/email]

> Subject: Error Encrytping Symmetric key with RSA Public Key

>

> Hi group,

>

> I have written a simple program to test my understanding of the

> OpenSSL APIs.

> And of course I have a problem with one of them. My problem is that when

>

> I use

> RSA_public_encrypt to encrypt my Symmetric key is get the following

> error:

>

>[color=green]

>> Testing RSA encryption of Symmertic key

>> 145 Encrypt In bytes: 128,

>> 149 Encript failed:

>> Code: 67555438

>> error:0406D06E

>> rsa routines:RSA_padding_add_PKCS1_type_2

>> data too large for key size

>>[/color]

>

> The program first generates a Symmetric key, then uses it to encrypt

> and

> decrypt some simple text that the user inputs. Next it create an RSA Key

> and

> a public RSA key. then the same with these keys. The last thing tested

> is the

> encryption of the Symmetric Key using the RSA keys which fails. The

> error

> message does not make any sense to me since the Sym key is only 128

> bytes.

>

> I would appreciate any help with my problem. All of the code is here:

>

> [url]http://64.124.13.3/_OpenSSL_/Keys/[/url]

>

> Thanks for your time.

>

>[/color]

--

William Estrada

[email]MrUmunhum@popdial.com[/email]

Mt-Umunhum-Wireless.net ( [url]http://Mt-Umunhum-Wireless.net[/url] )

Ymessenger: MrUmunhum

______________________________________________________________________

OpenSSL Project [url]http://www.openssl.org[/url]

User Support Mailing List [email]openssl-users@openssl.org[/email]

Automated List Manager [email]majordomo@openssl.org[/email]

Re: Error Encrytping Symmetric key with RSA Public Key

[QUOTE=unix;1616878]The answer is in: "data too large for key size"

According to Secure Programming Cookbook, when using RSA PKCS #1 v1.5

padding you can only encrypt messages up to 11 bytes smaller than the

modulus size in bytes. If you are using RSA-1024, then that is

(1024/8)-11=117 bytes.

Bill

[/quote]

This doesn't make a whole lot of sense to me. Which probably means I'm totally not understanding it.

As I understand you, you are saying every time I encrypt something using OpenSSL I have to create a new key that is at least 11 bytes larger than what I'm trying to encrypt thus making the whole point of having a public key um... pointless.

That can't be right so what am I not understanding? The "common sense" way it should work is I create a key then I use that key to encrypt stuff regardless of the size of the stuff or the key. One should not depend on the other.

What I hear you saying is that if I send an encrypted 100MB file first I have to have a 100MB + 11 bytes key? That every time a I encrypt something I pretty much have to make a tailor made key to make sure the data isn't too big for the key. But that's insane, and not in a good way, so that can't be what you're saying. Right?

Oh, specifically I'm trying to use the following functionality to encrypt a file (I'm using OpenSSL because I know all my clients will have that):

openssl rsautl -encrypt -pubin -inkey ~/.ssh/id_rsa.pub.pem -in input.txt -out output.enc

And getting this error message:

RSA operation error

6176:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:/SourceCache/OpenSSL098/OpenSSL098-32/src/crypto/rsa/rsa_pk1.c:151:

Thank you in advance for your help.