加密+ RSA公钥加密长文字 [英] crypto++ RSA public key encryption with long plaintext
问题描述
我正在尝试使用cryptopp使用RSA公钥/私钥加密来加密/解密一些长文本。我发现了很多例子,其中包括 http://www.cryptopp.com/wiki/RSA 的官员但是所有的示例都有一个问题:
他们只允许我加密比密钥大小稍短的数据。
所以问题是:我是否真的必须自己分割数据和加密块,否则crypto ++已经提供了一些功能来处理这个问题(比如AES加密中的GCM或CFB模式)?
Thanx
一般来说,您不应该使用RSA加密大型明文。您可以使用ECA加密模式使用RSA-OAEP,但这非常慢,并不会比通常的混合加密模式更有优势。
在混合加密您只需使用安全随机数生成器生成对称数据密钥。一般AES-128位将足够强大。然后使用此密钥对明文进行加密,例如在CBC模式下使用AES;您可以使用零IV和PKCS#7填充。最后,使用RSA-OAEP加密AES密钥;使用PKCS#1 v1.5填充,如果OAEP不能使用。
相反的是,解密AES密钥,解密密文。
$ b
请注意,您需要至少11个字节的填充开销(不仅仅是1位)从PKCS#1 v1.5中使用RSA从密钥大小中减去加密。填充是RSA安全的一部分。
您可以通过签名,然后加密您的数据来添加完整性保护。您可以按照建议使用AES-GCM,但请注意,攻击者可能仍然会对任何数据进行加密,并将其发送到接收器。所以AES-GCM只会提供有限的完整性保护。
i am trying to encrypt/decrypt some long text with RSA public/private key encryption using cryptopp. I found many examples including the official on http://www.cryptopp.com/wiki/RSA but all of the examples have one problem:
They only allow me to encrypt data that is a bit shorter then the key size.
So the question is: Do i really have to split the data and encrypt block for block myself, or does crypto++ already provide some functions to handle this (like GCM or CFB modes on AES encryption)?
Thanx
Generally you should not encrypt large plaintexts using RSA. You can use RSA-OAEP using the ECB mode of encryption, but that's extremely slow and does not give you any advantages over the more common hybrid encryption modes.
In hybrid encryption modes you simply generate a symmetric data key using a secure random number generator. Generally AES-128 bit will be sufficiently strong. You then encrypt the plaintext using this key, e.g. using AES in CBC mode; you may use a zero-IV and PKCS#7 padding. Finally you encrypt the AES key using RSA-OAEP; use either PKCS#1 v1.5 padding if OAEP cannot be used.
The reverse is obvious, decrypt the AES key, decrypt the ciphertext.
Note that you need at least 11 bytes of padding overhead (not just 1 bit) to subtract from the key size to encrypt using RSA in PKCS#1 v1.5. The padding is part of the security of RSA.
You could add integrity protection by signing and then encrypting your data. You could use AES-GCM as you propose, but note that an attacker may still encrypt any data and send it to the receiver. So AES-GCM would only provide limited integrity protection.
这篇关于加密+ RSA公钥加密长文字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
