 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / July 2004Encryption with multiple RSA keys
Hello. I've got a system where a client requests some data. To protect the data, they're encrypted with a symmetric session key (of length let's say 186 bit). The session key itself has to be encrypted with several different public RSA keys, because the client has to prove that (s)he possesses all corresponding private keys. The problem is that javax.crypto.Cipher (together with BouncyCastle RSA) produces a byte [] with length 128 (RSA key length is 1024 bit). So _sometimes_ the subsequent intents to encrypt this byte [] fail with: org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher. at org.bouncycastle.crypto.engines.RSAEngine.processBlock(RSAEngine.java:96) But this is not always the case -- how can it be so undeterministic? Even with the "NoPadding" option the problem remains: Cipher.getInstance("RSA/ECB/NoPadding", new org.bouncycastle.jce.provider.BouncyCastleProvider()); With what does the RSA algorithm fill the byte []? Is there a possibility not to produce a 128 byte output during the first encryption steps and create the 128 byte output only in the last step? Any help will be appreciated Lena > I've got a system where a client requests some data. To protect the data, > they're encrypted with a symmetric session key (of length let's say 186 [quoted text clipped - 18 lines] > Is there a possibility not to produce a 128 byte output during the first > encryption steps and create the 128 byte output only in the last step? Rather than serially encrypting with one RSA key after another, for a total of n encryptions with n different RSA public keys, you could Make up n-1 random dummy keys of the same length as the one true symmetric key you're trying to communicate. Encrypt each of those n-1 dummy keys with one of the n-1 of the RSA keys, separately. Encrypt the exclusive-or of all those n-1 dummy keys and the one true symmetric key with the last RSA key. Send n RSA encryptions' output. If each RSA key is 1024 bits, that's n*1024 bits total. The recipient does all n decryptions, and exclusive-ors together all the resulting keys, and the result is the one true symmetric key. --Mike Amling > The recipient does all n decryptions, and exclusive-ors together all > the resulting keys, and the result is the one true symmetric key. > > --Mike Amling Thanks a lot Mike. I got it working that way! Do you mind if I mention your name in the acknowledgements section of my thesis? ;-) Lena >> The recipient does all n decryptions, and exclusive-ors together all >>the resulting keys, and the result is the one true symmetric key. [quoted text clipped - 4 lines] > Do you mind if I mention your name in the acknowledgements section of my > thesis? ;-) It's OK with me. My name's already in one cryptography paper. :) --Mike Amling Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.