openssl rsa encryption problem
This is a discussion on openssl rsa encryption problem within the Linux Security forums, part of the System Security and Security Related category; On Linux FC4, I am trying to use openssl to encrypt messages. Here is my script: #!/bin/bash openssl rsautl -...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-17-2006
|
|||
|
|||
openssl rsa encryption problem
On Linux FC4, I am trying to use openssl to encrypt messages.
Here is my script: #!/bin/bash openssl rsautl -in $1.txt -out $1.crp \ -inkey public_key -pubin -encrypt It works for small input files, but for an input file of length 286 bytes I get: RSA operation error 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:151: Is there something I can do about this? I would hope it is possible to encrypt large messages. If there is a better place to ask this, please let me know. Thanks for your help. Mike. 
|
|
04-17-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
Mike - EMAIL IGNORED kirjoitti:
> On Linux FC4, I am trying to use openssl to encrypt messages. > Here is my script: > > #!/bin/bash > openssl rsautl -in $1.txt -out $1.crp \ > -inkey public_key -pubin -encrypt > > It works for small input files, but for an input > file of length 286 bytes I get: > > RSA operation error > 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too > large for key size:rsa_pk1.c:151: > > Is there something I can do about this? I would hope it > is possible to encrypt large messages. > > If there is a better place to ask this, please let me know. > > Thanks for your help. > Mike. Afaik you're supposed to encrypt the data using symmetric key, which is used once, and then encrypt the actual key with RSA. The recipient can then open the random key using his/hers key, and decrypt the data. Aki Tuomi
|
|
04-17-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
On Mon, 17 Apr 2006 22:22:53 +0300, Aki Tuomi wrote:
> Mike - EMAIL IGNORED kirjoitti: >> On Linux FC4, I am trying to use openssl to encrypt messages. >> Here is my script: >> >> #!/bin/bash >> openssl rsautl -in $1.txt -out $1.crp \ >> -inkey public_key -pubin -encrypt >> >> It works for small input files, but for an input >> file of length 286 bytes I get: >> >> RSA operation error >> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too >> large for key size:rsa_pk1.c:151: >> >> Is there something I can do about this? I would hope it >> is possible to encrypt large messages. >> >> If there is a better place to ask this, please let me know. >> >> Thanks for your help. >> Mike. > > Afaik you're supposed to encrypt the data using symmetric key, which is > used once, and then encrypt the actual key with RSA. The recipient can > then open the random key using his/hers key, and decrypt the data. > > Aki Tuomi Oh, I see. What, then is the most secure symmetric algorithm to use? Thanks, Mike.
|
|
04-17-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
Mike - EMAIL IGNORED kirjoitti:
> On Mon, 17 Apr 2006 22:22:53 +0300, Aki Tuomi wrote: > >> Mike - EMAIL IGNORED kirjoitti: >>> On Linux FC4, I am trying to use openssl to encrypt messages. >>> Here is my script: >>> >>> #!/bin/bash >>> openssl rsautl -in $1.txt -out $1.crp \ >>> -inkey public_key -pubin -encrypt >>> >>> It works for small input files, but for an input >>> file of length 286 bytes I get: >>> >>> RSA operation error >>> 27358:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too >>> large for key size:rsa_pk1.c:151: >>> >>> Is there something I can do about this? I would hope it >>> is possible to encrypt large messages. >>> >>> If there is a better place to ask this, please let me know. >>> >>> Thanks for your help. >>> Mike. >> Afaik you're supposed to encrypt the data using symmetric key, which is >> used once, and then encrypt the actual key with RSA. The recipient can >> then open the random key using his/hers key, and decrypt the data. >> >> Aki Tuomi > > Oh, I see. What, then is the most > secure symmetric algorithm to use? > > Thanks, > Mike. > Well, BLOWFISH-CBC would be pretty good given that you'll only use the key once anyways... Aki Tuomi
|
|
04-18-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote:
[...[ >> >> Oh, I see. What, then is the most >> secure symmetric algorithm to use? >> >> Thanks, >> Mike. >> > > Well, BLOWFISH-CBC would be pretty good given that you'll only use the > key once anyways... > > Aki Tuomi Is BLOWFISH-CBC just "pretty good..." or is it, as I asked, "the most secure symmetric algorithm" available? Mike.
|
|
04-18-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
On 18.04.2006, Mike - EMAIL IGNORED <m_d_berger_1900@yahoo.com> wrote:
> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote: > > [...[ >>> >>> Oh, I see. What, then is the most >>> secure symmetric algorithm to use? >>> >>> Thanks, >>> Mike. >>> >> >> Well, BLOWFISH-CBC would be pretty good given that you'll only use the >> key once anyways... >> >> Aki Tuomi > > Is BLOWFISH-CBC just "pretty good..." or is it, as I asked, > "the most secure symmetric algorithm" available? How would you define "the most secure"? -- Feel free to correct my English Stanislaw Klekot
|
|
04-18-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
On Tue, 18 Apr 2006 00:57:50 +0000, Stachu 'Dozzie' K. wrote:
> On 18.04.2006, Mike - EMAIL IGNORED <m_d_berger_1900@yahoo.com> wrote: >> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote: >> >> [...[ >>>> >>>> Oh, I see. What, then is the most >>>> secure symmetric algorithm to use? >>>> >>>> Thanks, >>>> Mike. >>>> >>> >>> Well, BLOWFISH-CBC would be pretty good given that you'll only use the >>> key once anyways... >>> >>> Aki Tuomi >> >> Is BLOWFISH-CBC just "pretty good..." or is it, as I asked, >> "the most secure symmetric algorithm" available? > > How would you define "the most secure"? I would not attempt a precise definition; I am sure that people who know more about it than I do have done that. I idea I intend to convey is one of difficulty in breaking the code. The positivist view, popular in the mid 20th century, that precise definition is required to convey meaning with language is obviously false and has been discredited by many modern philosophers. If it is pertinent, whoever answers the question could clarify the way in which this or that algorithm is more secure. Mike.
|
|
04-18-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
On Mon, 17 Apr 2006 21:49:21 -0400, Mike - EMAIL IGNORED wrote:
> On Tue, 18 Apr 2006 00:57:50 +0000, Stachu 'Dozzie' K. wrote: > >> On 18.04.2006, Mike - EMAIL IGNORED <m_d_berger_1900@yahoo.com> wrote: >>> On Mon, 17 Apr 2006 23:49:53 +0300, Aki Tuomi wrote: >>> >>> [...[ >>>>> >>>>> Oh, I see. What, then is the most >>>>> secure symmetric algorithm to use? >>>>> >>>>> Thanks, >>>>> Mike. >>>>> >>>> >>>> Well, BLOWFISH-CBC would be pretty good given that you'll only use the >>>> key once anyways... >>>> >>>> Aki Tuomi >>> >>> Is BLOWFISH-CBC just "pretty good..." or is it, as I asked, >>> "the most secure symmetric algorithm" available? >> >> How would you define "the most secure"? > > I would not attempt a precise definition; I am sure > that people who know more about it than I do have done > that. I idea I intend to convey is one of difficulty > in breaking the code. The positivist view, popular in > the mid 20th century, that precise definition is required > to convey meaning with language is obviously false and > has been discredited by many modern philosophers. If it > is pertinent, whoever answers the question could clarify > the way in which this or that algorithm is more secure. > > Mike. Pardon me for saying so, but I think you are mildly in need of an attitude transplant. Nobody here owes you a damned thing - you are aware of that aren't you? You can read about Blowfish on its homepage, here: http://www.schneier.com/blowfish.html I'm no cryptographer but I don't think there has ever been a report of anyone successfully cracking Blowfish. It seems to be a favourite of the people behind OpenBSD and OpenSSH if that counts. In addition to being "strong enough" (apparently) it is also known for its speed.
|
|
04-18-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
John <John@somewhere.com> (06-04-18 03:00:47):
> You can read about Blowfish on its homepage, here: > > http://www.schneier.com/blowfish.html > > I'm no cryptographer but I don't think there has ever been a report of > anyone successfully cracking Blowfish. It seems to be a favourite of > the people behind OpenBSD and OpenSSH if that counts. In addition to > being "strong enough" (apparently) it is also known for its speed. According to that, Blowfish is one of the secure and well performing ciphers. However, currently I only use it for swap encryption (because of its speed). For the rest of my hard-disk I use AES (aka Rijndael). The opinions are very different here. Virtually Blowfish and any AES candidate would suffice, but Rijndael has won and there must be a reason. Now to the vulnerabilities. One vulnerability of Blowfish is known. There are certain weak keys, which you shouldn't use. They are unlikely, but not impossible. AES (Rijndael) has also one purely theoretical vulnerability: the XSL attack. It doesn't seem to be practical however, and it also doesn't seem to get practical in the next few decades either. Regards.
|
|
04-18-2006
|
|||
|
|||
|
Re: openssl rsa encryption problem
Ertugrul Soeylemez wrote:
> John <John@somewhere.com> (06-04-18 03:00:47): > >> You can read about Blowfish on its homepage, here: >> >> http://www.schneier.com/blowfish.html >> >> I'm no cryptographer but I don't think there has ever been a report of >> anyone successfully cracking Blowfish. IIRC both Twofish (son of Blowfish) and Rijndael (and several others) were candidates for the AES title. Blowfish is certainly fast. How did we manage to go from asymmetric to symmetric so quickly? C.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:04 AM.
