Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > asymmetric encryption options

Reply
Thread Tools

asymmetric encryption options

 
 
snacktime
Guest
Posts: n/a
 
      08-28-2006
Without going into too much detail, I've run into a roadblock using
rsa. I need to encrypt data that is larger than the key size. Right
now I am generating a random key, encrypting the data with it using
AES, then encrypting the key with rsa. Works, but I'd rather keep it
simpler if there is another asymmetric cipher I could use in place of
rsa. At most the data to be encrypted would be 10 times the key size.

Any ideas?

Chris

 
Reply With Quote
 
 
 
 
Jan Svitok
Guest
Posts: n/a
 
      08-28-2006
On 8/28/06, snacktime <(E-Mail Removed)> wrote:
> Without going into too much detail, I've run into a roadblock using
> rsa. I need to encrypt data that is larger than the key size. Right
> now I am generating a random key, encrypting the data with it using
> AES, then encrypting the key with rsa. Works, but I'd rather keep it
> simpler if there is another asymmetric cipher I could use in place of
> rsa. At most the data to be encrypted would be 10 times the key size.
>
> Any ideas?
>
> Chris


1. You can try larger key, though I don't think it's a good idea.
Exponetiation algorithms are O(n**2) at best, possibly O(n**3). That
means, in the ideal case, that when you have 10x larger key, you'd
need 100x more multiplications.

2. You can split the longer key into blocks, and encrypt them alone.
If it is fast enough for you, then you're done.

3. If it is too slow, use the above mentioned combination of RSA&AES.
The tradeoff is slow RSA speed vs time of AES initialisation. In case
of relatively small number of blocks, AES might be slower.

4. For RSA+AES, I'd have a look at PKCS#1, either at the original
padding or OAEP. The original padding is really simple to implement,
and it'll save you some wheel reinventing. The newer one, OAEP, is
more complicated, but has some nice additional properties. You can use
standard pkcs tools to generate/test your data in this case as an
additional benefit.

5. For RSA only, I'd use some padding scheme as well, possibly based on PKCS.
I'd include block number somewhere to prevent reordering. You need to
make sure that the block doesn't produces a number larger than modulo
(in PKCS this is achived by adding 00 00 or 01 00 bytes in front of
the data).

6. You can try ElGamal [1] that allows you to precompute most of the
things berforehand, so it might be possible to use large keys. Even if
you choose the "random" parameters small enough, you might be able to
trade some security for some speed.

[1] http://en.wikipedia.org/wiki/ElGamal_encryption

HTH.

J.

 
Reply With Quote
 
 
 
 
Dido Sevilla
Guest
Posts: n/a
 
      08-28-2006
On 8/28/06, snacktime <(E-Mail Removed)> wrote:
> Without going into too much detail, I've run into a roadblock using
> rsa. I need to encrypt data that is larger than the key size. Right
> now I am generating a random key, encrypting the data with it using
> AES, then encrypting the key with rsa. Works, but I'd rather keep it
> simpler if there is another asymmetric cipher I could use in place of
> rsa. At most the data to be encrypted would be 10 times the key size.


Well, ElGamal (basically a variation on Diffie-Hellman key agreement),
but then again having implemented both ElG and RSA on various
platforms myself I don't see ElG as being significantly simpler than
RSA (both still require modular exponentiation of large numbers).
What's the big problem with RSA?

 
Reply With Quote
 
snacktime
Guest
Posts: n/a
 
      08-28-2006
>
> Well, ElGamal (basically a variation on Diffie-Hellman key agreement),
> but then again having implemented both ElG and RSA on various
> platforms myself I don't see ElG as being significantly simpler than
> RSA (both still require modular exponentiation of large numbers).
> What's the big problem with RSA?
>
>

The openssl implementation won't encrypt a block larger then the size
of the key. I think I will just stick with my current approach
though, as it seems to be the path of least resistance, and the
performance is acceptable.

 
Reply With Quote
 
Francis Cianfrocca
Guest
Posts: n/a
 
      08-28-2006
On 8/28/06, snacktime <(E-Mail Removed)> wrote:
> The openssl implementation won't encrypt a block larger then the size
> of the key. I think I will just stick with my current approach
> though, as it seems to be the path of least resistance, and the
> performance is acceptable.
>
>



What you're doing is definitely the standard approach. Most people
would also throw in a digital signature of a digest of the message and
the key material.

 
Reply With Quote
 
Dido Sevilla
Guest
Posts: n/a
 
      08-29-2006
On 8/29/06, snacktime <(E-Mail Removed)> wrote:
> The openssl implementation won't encrypt a block larger then the size
> of the key. I think I will just stick with my current approach
> though, as it seems to be the path of least resistance, and the
> performance is acceptable.


Well, a common problem with asymmetric ciphers is that they tend to be
problematic when encrypting large amounts of data. They often cause
data expansion and are extremely slow; I imagine that using an
asymmetric cipher to encrypt everything would result in your data
being at least twice the size of what you put in (whether you used RSA
or ElGamal), and I think that it would probably be even slower than
what you're doing now as well. It would probably also be prudent, as
Francis suggests, to add a digital signature to your data; I've found
that authentication of data is quite often more important than keeping
the data confidential.

 
Reply With Quote
 
snacktime
Guest
Posts: n/a
 
      08-29-2006
> Well, a common problem with asymmetric ciphers is that they tend to be
> problematic when encrypting large amounts of data. They often cause
> data expansion and are extremely slow; I imagine that using an
> asymmetric cipher to encrypt everything would result in your data
> being at least twice the size of what you put in (whether you used RSA
> or ElGamal), and I think that it would probably be even slower than
> what you're doing now as well. It would probably also be prudent, as
> Francis suggests, to add a digital signature to your data; I've found
> that authentication of data is quite often more important than keeping
> the data confidential.
>


What would be a good envelope to put all that in? I'm not sure what
ruby openssl supports, and my experience with this is somewhat
limited. In the past I've always used PKCS7. Performance is also an
issue, plus I have two types of data to store. One is short term with
a life of maybe a week at most, the other would be stored much longer
for auditing purposes. Plus the keys have to change every 90 days.

 
Reply With Quote
 
Francis Cianfrocca
Guest
Posts: n/a
 
      08-29-2006
On 8/29/06, snacktime <(E-Mail Removed)> wrote:
> What would be a good envelope to put all that in? I'm not sure what
> ruby openssl supports, and my experience with this is somewhat
> limited. In the past I've always used PKCS7. Performance is also an
> issue, plus I have two types of data to store. One is short term with
> a life of maybe a week at most, the other would be stored much longer
> for auditing purposes. Plus the keys have to change every 90 days.
>
>


To decide on the storage container you have to ask how transportable
and how interoperable your encrypts need to be. If they're only going
to be consumed by your own applications or stored in your own
archives, then you can roll your own formats. If not, then you face a
documentation and support challenge whether you use a "standard" like
PKCS7 or not.

As far as performance is concerned, I think you've already taken the
most important step by using asymmetric crypto only for key material
and digests. I also strongly recommend you not use asymmetric keys
longer than 1024 bits, especially given that you will be re-keying
everything every 90 days. 2048-bit keys sound really attractive until
you see them running 10 to 100 times slower in software, or several
times more expensive in crypto-hardware!

Another critical performance factor, perhaps the dominant one if you
have to protect a lot of documents, is the quality of your
symmetric-key material. It's very time consuming on most ordinary
servers to generate high-quality randomness (although there are ways
to speed it up), and you really don't want to use pseudo-randomness.

A final consideration is the usage profile. I've generally found that
what you're proposing to do is most worth doing with documents of
medium-sensitivity that have medium-sized user communities. (A
canonical example I've often used is engineering documents for large
manufacturers, that have to be seen by perhaps 10,000 people.) With
smaller communities, the job is far easier. With highly-sensitive
data, it shouldn't be stored in computers in the first place .

 
Reply With Quote
 
snacktime
Guest
Posts: n/a
 
      08-29-2006
> To decide on the storage container you have to ask how transportable
> and how interoperable your encrypts need to be. If they're only going
> to be consumed by your own applications or stored in your own
> archives, then you can roll your own formats. If not, then you face a
> documentation and support challenge whether you use a "standard" like
> PKCS7 or not.
>


The encrypted data is for our own applications only. We have used a
variety of methods but now that I'm tackling it again I'd like to
decide this once and for all. I doubt that I could brew up a
container any more efficient then just using PKCS7 via openssl, and
experience tells me that it's probably better to use a well known
standard. I'm not going to be the one maintaining the code in the
long run.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Asymmetric encryption/decryption Bruce ASP General 3 12-13-2007 11:41 PM
Asymmetric Encryption pintu ASP .Net Web Services 1 01-16-2007 11:24 PM
Asymmetric Encryption pintu ASP .Net 4 01-16-2007 02:14 PM
Pix Asymmetric Routing and a multihomed server Alex Cisco 3 01-02-2005 01:53 AM
Asymmetric Timeouts on ISDN Brandon Hines Cisco 1 12-15-2003 03:50 PM



Advertisments