未使用RSA加密进行加密的大数据 [英] Large data not encrypted with RSA Encryption

问题描述

我的问题:

我的加密代码 可以在64个字符以下正常工作 .但是如果超过64个字符，我会出现以下错误

My encryption code working fine for below 64 characters. but if it exceeds 64 character I got following error

javax.crypto.IllegalBlockSizeException: input must be under 64 bytes

加密代码

        cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding);
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        encryptedBytes = cipher.doFinal(message.getBytes(StandardCharsets.UTF_8));
        rsaEncrypted= Base64.encodeToString(encryptedBytes, Base64.NO_WRAP);

密钥生成代码

      KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
      keyGen.initialize(512);
      KeyPair keypair = keyGen.genKeyPair();
      PublicKey pub = keypair.getPublic();
      byte[] pubs = pub.getEncoded();

我的问题:

可以用512位密钥加密大文本吗?我的代码有任何错误吗?

It's possible encrypt large text with 512 bits of keys? Any mistake in my code?

注意:如果有人想要完整的代码，我将在以后进行更新.

Note: If anyone want full of code I will update later.

推荐答案

此处是Ferguson，Schneier和Kohno撰写的名为 Cryptography Engineering 的开创性书籍的直接引文，

Here is a direct quote from the seminal book titled Cryptography Engineering by Ferguson, Schneier, and Kohno,

加密消息是RSA的典型应用，但在实践中几乎从未使用过.原因很简单:可以使用RSA加密的邮件的大小受n大小的限制.在实际系统中，您甚至不能使用所有位，因为编码功能会产生开销.对于大多数应用程序来说，这种有限的消息大小太不切实际，并且由于RSA操作在计算方面非常昂贵，因此您不想将邮件分割成较小的块，并使用单独的RSA操作对其进行加密.

Encrypting a message is the canonical application of RSA, yet it is almost never used in practice. The reason is simple: the size of the message that can be encrypted using RSA is limited by the size of n. In real systems, you cannot even use all the bits, because the encoding function has an overhead. This limited message size is too impractical for most applications, and because the RSA operation is quite expensive in computational terms, you don’t want to split a message into smaller blocks and encrypt each of them with a separate RSA operation.

换句话说，对于n位RSA密钥，RSA可以加密的最大数据长度(以字节为单位)

In other words, for a n-bit RSA key, the maximum length of data RSA can encrypt in bytes is

Floor(n/8) - 11 

其中11个字节用于填充

where 11 bytes is for padding

因此对于512位的密钥大小，可以加密的最大数据长度为

So for a key size of 512 bits, the maximum length of data that can be encrypted is,

512/8 - 11 = 53 bytes

同样是 Cryptography Engineering ，

几乎所有地方都使用的解决方案是选择一个随机密钥K，并使用RSA密钥对K进行加密.然后，使用块密码或流密码使用密钥K对实际消息m进行加密.因此，您发送的不是E _RSA (m)，而是发送E _RSA (K)，E _K (m).

The solution used almost everywhere is to choose a random secret key K, and encrypt K with the RSA keys. The actual message m is then encrypted with key K using a block cipher or stream cipher. So instead of sending something like E_RSA(m), you send E_RSA(K),E_K(m).

基本上，它告诉您执行以下操作来克服RSA的局限性，

Basically, it's telling you do the following to get over the limitation of RSA,

1. 使用诸如AES之类的算法生成密钥 K .
2. 使用新生成的密钥对明文 m 进行加密，以获取密文，例如E _K (m).
3. 用RS​​A公钥E _RSA (K)加密密钥.
4. 向客户端发送密文E _K (m)和加密密钥E _RSA (K).
5. 客户端可以使用RSA私钥解密E _RSA (K)，以获得 K .
6. 然后，客户端用 K 解密密文E _K (m)，以获得 m .

1. Generate a secret key, K using an algorithm such as AES.
2. Encrypt the plaintext, m, with the newly generated secret key to get cipher text, say E_K(m).
3. Encrypt the secret key a RSA public key, E_RSA(K).
4. Sent the client the cipher text, E_K(m), and the encrypted key E_RSA(K).
5. The client can decrypt E_RSA(K) with the RSA private key to get K.
6. The client then decrypt the cipher text, E_K(m) with K to get m.

这篇关于未使用RSA加密进行加密的大数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！