openssl rsa encryption problem - Security

This is a discussion on openssl rsa encryption problem - Security ; On Linux FC4, I am trying to use openssl to encrypt messages. Here is my script: #!/bin/bash openssl rsautl -in $1.txt -out $1.crp \ -inkey public_key -pubin -encrypt It works for small input files, but for an input file of ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: openssl rsa encryption problem

  1. openssl rsa encryption problem

    On Linux FC4, I am trying to use openssl to encrypt messages.
    Here is my script:

    #!/bin/bash
    openssl rsautl -in $1.txt -out $1.crp \
    -inkey public_key -pubin -encrypt

    It works for small input files, but for an input
    file of length 286 bytes I get:

    RSA operation error
    27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
    large for key size:rsa_pk1.c:151:

    Is there something I can do about this? I would hope it
    is possible to encrypt large messages.

    If there is a better place to ask this, please let me know.

    Thanks for your help.
    Mike.

  2. Re: openssl rsa encryption problem

    Mike - EMAIL IGNORED kirjoitti:
    > On Linux FC4, I am trying to use openssl to encrypt messages.
    > Here is my script:
    >
    > #!/bin/bash
    > openssl rsautl -in $1.txt -out $1.crp \
    > -inkey public_key -pubin -encrypt
    >
    > It works for small input files, but for an input
    > file of length 286 bytes I get:
    >
    > RSA operation error
    > 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
    > large for key size:rsa_pk1.c:151:
    >
    > Is there something I can do about this? I would hope it
    > is possible to encrypt large messages.
    >
    > If there is a better place to ask this, please let me know.
    >
    > Thanks for your help.
    > Mike.


    Afaik you're supposed to encrypt the data using symmetric key, which is
    used once, and then encrypt the actual key with RSA. The recipient can
    then open the random key using his/hers key, and decrypt the data.

    Aki Tuomi

  3. Re: openssl rsa encryption problem

    On Mon, 17 Apr 2006 22:22:53 +0300, Aki Tuomi wrote:

    > Mike - EMAIL IGNORED kirjoitti:
    >> On Linux FC4, I am trying to use openssl to encrypt messages.
    >> Here is my script:
    >>
    >> #!/bin/bash
    >> openssl rsautl -in $1.txt -out $1.crp \
    >> -inkey public_key -pubin -encrypt
    >>
    >> It works for small input files, but for an input
    >> file of length 286 bytes I get:
    >>
    >> RSA operation error
    >> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
    >> large for key size:rsa_pk1.c:151:
    >>
    >> Is there something I can do about this? I would hope it
    >> is possible to encrypt large messages.
    >>
    >> If there is a better place to ask this, please let me know.
    >>
    >> Thanks for your help.
    >> Mike.

    >
    > Afaik you're supposed to encrypt the data using symmetric key, which is
    > used once, and then encrypt the actual key with RSA. The recipient can
    > then open the random key using his/hers key, and decrypt the data.
    >
    > Aki Tuomi


    Oh, I see. What, then is the most
    secure symmetric algorithm to use?

    Thanks,
    Mike.


  4. Re: openssl rsa encryption problem

    Mike - EMAIL IGNORED kirjoitti:
    > On Mon, 17 Apr 2006 22:22:53 +0300, Aki Tuomi wrote:
    >
    >> Mike - EMAIL IGNORED kirjoitti:
    >>> On Linux FC4, I am trying to use openssl to encrypt messages.
    >>> Here is my script:
    >>>
    >>> #!/bin/bash
    >>> openssl rsautl -in $1.txt -out $1.crp \
    >>> -inkey public_key -pubin -encrypt
    >>>
    >>> It works for small input files, but for an input
    >>> file of length 286 bytes I get:
    >>>
    >>> RSA operation error
    >>> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
    >>> large for key size:rsa_pk1.c:151:
    >>>
    >>> Is there something I can do about this? I would hope it
    >>> is possible to encrypt large messages.
    >>>
    >>> If there is a better place to ask this, please let me know.
    >>>
    >>> Thanks for your help.
    >>> Mike.

    >> Afaik you're supposed to encrypt the data using symmetric key, which is
    >> used once, and then encrypt the actual key with RSA. The recipient can
    >> then open the random key using his/hers key, and decrypt the data.
    >>
    >> Aki Tuomi

    >
    > Oh, I see. What, then is the most
    > secure symmetric algorithm to use?
    >
    > Thanks,
    > Mike.
    >


    Well, BLOWFISH-CBC would be pretty good given that you'll only use the
    key once anyways...

    Aki Tuomi

  5. Re: openssl rsa encryption problem

    On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:

    [...[
    >>
    >> Oh, I see. What, then is the most
    >> secure symmetric algorithm to use?
    >>
    >> Thanks,
    >> Mike.
    >>

    >
    > Well, BLOWFISH-CBC would be pretty good given that you'll only use the
    > key once anyways...
    >
    > Aki Tuomi


    Is BLOWFISH-CBC just "pretty good..." or is it, as I asked,
    "the most secure symmetric algorithm" available?

    Mike.


  6. Re: openssl rsa encryption problem

    On 18.04.2006, Mike - EMAIL IGNORED wrote:
    > On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
    >
    > [...[
    >>>
    >>> Oh, I see. What, then is the most
    >>> secure symmetric algorithm to use?
    >>>
    >>> Thanks,
    >>> Mike.
    >>>

    >>
    >> Well, BLOWFISH-CBC would be pretty good given that you'll only use the
    >> key once anyways...
    >>
    >> Aki Tuomi

    >
    > Is BLOWFISH-CBC just "pretty good..." or is it, as I asked,
    > "the most secure symmetric algorithm" available?


    How would you define "the most secure"?

    --
    Feel free to correct my English
    Stanislaw Klekot

  7. Re: openssl rsa encryption problem

    On Tue, 18 Apr 2006 00:57:50 +0000, Stachu 'Dozzie' K. wrote:

    > On 18.04.2006, Mike - EMAIL IGNORED wrote:
    >> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
    >>
    >> [...[
    >>>>
    >>>> Oh, I see. What, then is the most
    >>>> secure symmetric algorithm to use?
    >>>>
    >>>> Thanks,
    >>>> Mike.
    >>>>
    >>>
    >>> Well, BLOWFISH-CBC would be pretty good given that you'll only use the
    >>> key once anyways...
    >>>
    >>> Aki Tuomi

    >>
    >> Is BLOWFISH-CBC just "pretty good..." or is it, as I asked,
    >> "the most secure symmetric algorithm" available?

    >
    > How would you define "the most secure"?


    I would not attempt a precise definition; I am sure
    that people who know more about it than I do have done
    that. I idea I intend to convey is one of difficulty
    in breaking the code. The positivist view, popular in
    the mid 20th century, that precise definition is required
    to convey meaning with language is obviously false and
    has been discredited by many modern philosophers. If it
    is pertinent, whoever answers the question could clarify
    the way in which this or that algorithm is more secure.

    Mike.


  8. Re: openssl rsa encryption problem

    On Mon, 17 Apr 2006 21:49:21 -0400, Mike - EMAIL IGNORED wrote:

    > On Tue, 18 Apr 2006 00:57:50 +0000, Stachu 'Dozzie' K. wrote:
    >
    >> On 18.04.2006, Mike - EMAIL IGNORED wrote:
    >>> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
    >>>
    >>> [...[
    >>>>>
    >>>>> Oh, I see. What, then is the most
    >>>>> secure symmetric algorithm to use?
    >>>>>
    >>>>> Thanks,
    >>>>> Mike.
    >>>>>
    >>>>
    >>>> Well, BLOWFISH-CBC would be pretty good given that you'll only use the
    >>>> key once anyways...
    >>>>
    >>>> Aki Tuomi
    >>>
    >>> Is BLOWFISH-CBC just "pretty good..." or is it, as I asked,
    >>> "the most secure symmetric algorithm" available?

    >>
    >> How would you define "the most secure"?

    >
    > I would not attempt a precise definition; I am sure
    > that people who know more about it than I do have done
    > that. I idea I intend to convey is one of difficulty
    > in breaking the code. The positivist view, popular in
    > the mid 20th century, that precise definition is required
    > to convey meaning with language is obviously false and
    > has been discredited by many modern philosophers. If it
    > is pertinent, whoever answers the question could clarify
    > the way in which this or that algorithm is more secure.
    >
    > Mike.


    Pardon me for saying so, but I think you are mildly in need of an attitude
    transplant. Nobody here owes you a damned thing - you are aware of that
    aren't you?

    You can read about Blowfish on its homepage, here:

    http://www.schneier.com/blowfish.html

    I'm no cryptographer but I don't think there has ever been a report of
    anyone successfully cracking Blowfish. It seems to be a favourite of the
    people behind OpenBSD and OpenSSH if that counts. In addition to being
    "strong enough" (apparently) it is also known for its speed.


  9. Re: openssl rsa encryption problem

    John (06-04-18 03:00:47):

    > You can read about Blowfish on its homepage, here:
    >
    > http://www.schneier.com/blowfish.html
    >
    > I'm no cryptographer but I don't think there has ever been a report of
    > anyone successfully cracking Blowfish. It seems to be a favourite of
    > the people behind OpenBSD and OpenSSH if that counts. In addition to
    > being "strong enough" (apparently) it is also known for its speed.


    According to that, Blowfish is one of the secure and well performing
    ciphers. However, currently I only use it for swap encryption (because
    of its speed). For the rest of my hard-disk I use AES (aka Rijndael).
    The opinions are very different here. Virtually Blowfish and any AES
    candidate would suffice, but Rijndael has won and there must be a
    reason.

    Now to the vulnerabilities. One vulnerability of Blowfish is known.
    There are certain weak keys, which you shouldn't use. They are
    unlikely, but not impossible.

    AES (Rijndael) has also one purely theoretical vulnerability: the XSL
    attack. It doesn't seem to be practical however, and it also doesn't
    seem to get practical in the next few decades either.


    Regards.

  10. Re: openssl rsa encryption problem

    Ertugrul Soeylemez wrote:

    > John (06-04-18 03:00:47):
    >
    >> You can read about Blowfish on its homepage, here:
    >>
    >> http://www.schneier.com/blowfish.html
    >>
    >> I'm no cryptographer but I don't think there has ever been a report of
    >> anyone successfully cracking Blowfish.


    IIRC both Twofish (son of Blowfish) and Rijndael (and several others) were
    candidates for the AES title. Blowfish is certainly fast.

    How did we manage to go from asymmetric to symmetric so quickly?

    C.

  11. Re: openssl rsa encryption problem

    Colin McKinnon (06-04-18 22:21:11):

    > IIRC both Twofish (son of Blowfish) and Rijndael (and several others)
    > were candidates for the AES title. Blowfish is certainly fast.


    Exactly. But since Rijndael has won the contest, it's since then called
    'AES' itself. Blowfish is fast, but also not universally useful for any
    purpose. If Blowfish was perfect, we wouldn't need an AES contest. =)


    > How did we manage to go from asymmetric to symmetric so quickly?


    Talking about (practical) asymmetric cryptography means talking about
    hybrid systems, where both are combined. Since choosing an asymmetric
    cipher and solving implementation-specific problems wasn't that hard,
    we've already approached the symmetric part.


    Regards.

+ Reply to Thread