openssl rsa encryption problem  Security
This is a discussion on openssl rsa encryption problem  Security ; On Linux FC4, I am trying to use openssl to encrypt messages.
Here is my script:
#!/bin/bash
openssl rsautl in $1.txt out $1.crp \
inkey public_key pubin encrypt
It works for small input files, but for an input
file of ...

openssl rsa encryption problem
On Linux FC4, I am trying to use openssl to encrypt messages.
Here is my script:
#!/bin/bash
openssl rsautl in $1.txt out $1.crp \
inkey public_key pubin encrypt
It works for small input files, but for an input
file of length 286 bytes I get:
RSA operation error
27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
large for key size:rsa_pk1.c:151:
Is there something I can do about this? I would hope it
is possible to encrypt large messages.
If there is a better place to ask this, please let me know.
Thanks for your help.
Mike.

Re: openssl rsa encryption problem
Mike  EMAIL IGNORED kirjoitti:
> On Linux FC4, I am trying to use openssl to encrypt messages.
> Here is my script:
>
> #!/bin/bash
> openssl rsautl in $1.txt out $1.crp \
> inkey public_key pubin encrypt
>
> It works for small input files, but for an input
> file of length 286 bytes I get:
>
> RSA operation error
> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
> large for key size:rsa_pk1.c:151:
>
> Is there something I can do about this? I would hope it
> is possible to encrypt large messages.
>
> If there is a better place to ask this, please let me know.
>
> Thanks for your help.
> Mike.
Afaik you're supposed to encrypt the data using symmetric key, which is
used once, and then encrypt the actual key with RSA. The recipient can
then open the random key using his/hers key, and decrypt the data.
Aki Tuomi

Re: openssl rsa encryption problem
On Mon, 17 Apr 2006 22:22:53 +0300, Aki Tuomi wrote:
> Mike  EMAIL IGNORED kirjoitti:
>> On Linux FC4, I am trying to use openssl to encrypt messages.
>> Here is my script:
>>
>> #!/bin/bash
>> openssl rsautl in $1.txt out $1.crp \
>> inkey public_key pubin encrypt
>>
>> It works for small input files, but for an input
>> file of length 286 bytes I get:
>>
>> RSA operation error
>> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
>> large for key size:rsa_pk1.c:151:
>>
>> Is there something I can do about this? I would hope it
>> is possible to encrypt large messages.
>>
>> If there is a better place to ask this, please let me know.
>>
>> Thanks for your help.
>> Mike.
>
> Afaik you're supposed to encrypt the data using symmetric key, which is
> used once, and then encrypt the actual key with RSA. The recipient can
> then open the random key using his/hers key, and decrypt the data.
>
> Aki Tuomi
Oh, I see. What, then is the most
secure symmetric algorithm to use?
Thanks,
Mike.

Re: openssl rsa encryption problem
Mike  EMAIL IGNORED kirjoitti:
> On Mon, 17 Apr 2006 22:22:53 +0300, Aki Tuomi wrote:
>
>> Mike  EMAIL IGNORED kirjoitti:
>>> On Linux FC4, I am trying to use openssl to encrypt messages.
>>> Here is my script:
>>>
>>> #!/bin/bash
>>> openssl rsautl in $1.txt out $1.crp \
>>> inkey public_key pubin encrypt
>>>
>>> It works for small input files, but for an input
>>> file of length 286 bytes I get:
>>>
>>> RSA operation error
>>> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
>>> large for key size:rsa_pk1.c:151:
>>>
>>> Is there something I can do about this? I would hope it
>>> is possible to encrypt large messages.
>>>
>>> If there is a better place to ask this, please let me know.
>>>
>>> Thanks for your help.
>>> Mike.
>> Afaik you're supposed to encrypt the data using symmetric key, which is
>> used once, and then encrypt the actual key with RSA. The recipient can
>> then open the random key using his/hers key, and decrypt the data.
>>
>> Aki Tuomi
>
> Oh, I see. What, then is the most
> secure symmetric algorithm to use?
>
> Thanks,
> Mike.
>
Well, BLOWFISHCBC would be pretty good given that you'll only use the
key once anyways...
Aki Tuomi

Re: openssl rsa encryption problem
On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
[...[
>>
>> Oh, I see. What, then is the most
>> secure symmetric algorithm to use?
>>
>> Thanks,
>> Mike.
>>
>
> Well, BLOWFISHCBC would be pretty good given that you'll only use the
> key once anyways...
>
> Aki Tuomi
Is BLOWFISHCBC just "pretty good..." or is it, as I asked,
"the most secure symmetric algorithm" available?
Mike.

Re: openssl rsa encryption problem
On 18.04.2006, Mike  EMAIL IGNORED wrote:
> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
>
> [...[
>>>
>>> Oh, I see. What, then is the most
>>> secure symmetric algorithm to use?
>>>
>>> Thanks,
>>> Mike.
>>>
>>
>> Well, BLOWFISHCBC would be pretty good given that you'll only use the
>> key once anyways...
>>
>> Aki Tuomi
>
> Is BLOWFISHCBC just "pretty good..." or is it, as I asked,
> "the most secure symmetric algorithm" available?
How would you define "the most secure"?

Feel free to correct my English
Stanislaw Klekot

Re: openssl rsa encryption problem
On Tue, 18 Apr 2006 00:57:50 +0000, Stachu 'Dozzie' K. wrote:
> On 18.04.2006, Mike  EMAIL IGNORED wrote:
>> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
>>
>> [...[
>>>>
>>>> Oh, I see. What, then is the most
>>>> secure symmetric algorithm to use?
>>>>
>>>> Thanks,
>>>> Mike.
>>>>
>>>
>>> Well, BLOWFISHCBC would be pretty good given that you'll only use the
>>> key once anyways...
>>>
>>> Aki Tuomi
>>
>> Is BLOWFISHCBC just "pretty good..." or is it, as I asked,
>> "the most secure symmetric algorithm" available?
>
> How would you define "the most secure"?
I would not attempt a precise definition; I am sure
that people who know more about it than I do have done
that. I idea I intend to convey is one of difficulty
in breaking the code. The positivist view, popular in
the mid 20th century, that precise definition is required
to convey meaning with language is obviously false and
has been discredited by many modern philosophers. If it
is pertinent, whoever answers the question could clarify
the way in which this or that algorithm is more secure.
Mike.

Re: openssl rsa encryption problem
On Mon, 17 Apr 2006 21:49:21 0400, Mike  EMAIL IGNORED wrote:
> On Tue, 18 Apr 2006 00:57:50 +0000, Stachu 'Dozzie' K. wrote:
>
>> On 18.04.2006, Mike  EMAIL IGNORED wrote:
>>> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
>>>
>>> [...[
>>>>>
>>>>> Oh, I see. What, then is the most
>>>>> secure symmetric algorithm to use?
>>>>>
>>>>> Thanks,
>>>>> Mike.
>>>>>
>>>>
>>>> Well, BLOWFISHCBC would be pretty good given that you'll only use the
>>>> key once anyways...
>>>>
>>>> Aki Tuomi
>>>
>>> Is BLOWFISHCBC just "pretty good..." or is it, as I asked,
>>> "the most secure symmetric algorithm" available?
>>
>> How would you define "the most secure"?
>
> I would not attempt a precise definition; I am sure
> that people who know more about it than I do have done
> that. I idea I intend to convey is one of difficulty
> in breaking the code. The positivist view, popular in
> the mid 20th century, that precise definition is required
> to convey meaning with language is obviously false and
> has been discredited by many modern philosophers. If it
> is pertinent, whoever answers the question could clarify
> the way in which this or that algorithm is more secure.
>
> Mike.
Pardon me for saying so, but I think you are mildly in need of an attitude
transplant. Nobody here owes you a damned thing  you are aware of that
aren't you?
You can read about Blowfish on its homepage, here:
http://www.schneier.com/blowfish.html
I'm no cryptographer but I don't think there has ever been a report of
anyone successfully cracking Blowfish. It seems to be a favourite of the
people behind OpenBSD and OpenSSH if that counts. In addition to being
"strong enough" (apparently) it is also known for its speed.

Re: openssl rsa encryption problem
John (060418 03:00:47):
> You can read about Blowfish on its homepage, here:
>
> http://www.schneier.com/blowfish.html
>
> I'm no cryptographer but I don't think there has ever been a report of
> anyone successfully cracking Blowfish. It seems to be a favourite of
> the people behind OpenBSD and OpenSSH if that counts. In addition to
> being "strong enough" (apparently) it is also known for its speed.
According to that, Blowfish is one of the secure and well performing
ciphers. However, currently I only use it for swap encryption (because
of its speed). For the rest of my harddisk I use AES (aka Rijndael).
The opinions are very different here. Virtually Blowfish and any AES
candidate would suffice, but Rijndael has won and there must be a
reason.
Now to the vulnerabilities. One vulnerability of Blowfish is known.
There are certain weak keys, which you shouldn't use. They are
unlikely, but not impossible.
AES (Rijndael) has also one purely theoretical vulnerability: the XSL
attack. It doesn't seem to be practical however, and it also doesn't
seem to get practical in the next few decades either.
Regards.

Re: openssl rsa encryption problem
Ertugrul Soeylemez wrote:
> John (060418 03:00:47):
>
>> You can read about Blowfish on its homepage, here:
>>
>> http://www.schneier.com/blowfish.html
>>
>> I'm no cryptographer but I don't think there has ever been a report of
>> anyone successfully cracking Blowfish.
IIRC both Twofish (son of Blowfish) and Rijndael (and several others) were
candidates for the AES title. Blowfish is certainly fast.
How did we manage to go from asymmetric to symmetric so quickly?
C.

Re: openssl rsa encryption problem
Colin McKinnon (060418 22:21:11):
> IIRC both Twofish (son of Blowfish) and Rijndael (and several others)
> were candidates for the AES title. Blowfish is certainly fast.
Exactly. But since Rijndael has won the contest, it's since then called
'AES' itself. Blowfish is fast, but also not universally useful for any
purpose. If Blowfish was perfect, we wouldn't need an AES contest. =)
> How did we manage to go from asymmetric to symmetric so quickly?
Talking about (practical) asymmetric cryptography means talking about
hybrid systems, where both are combined. Since choosing an asymmetric
cipher and solving implementationspecific problems wasn't that hard,
we've already approached the symmetric part.
Regards.