I am trying to implement PKI. I want encrypt large string using RSA in java without using bouncy castle. Problem i am getting is Data must not be longer than 117 bytes. I tried seaching for the solution where i failed. I am newbie in this encryption. Please help me out by giving an large string as an example and explain it.
Asked
Active
Viewed 6.1k times
18
-
3Security, and especially cryptography, is **hard**. You should use existing high-level packages instead of raw crypto APIs, or learn the details of how they work. Otherwise, you are likely to write insecure code. – SLaks Nov 21 '12 at 19:12
-
1please post your code. we can work from there. – Frank Nov 21 '12 at 19:52
-
Don't encrypt the data directly with RSA. Generate a random AES key, encrypt the data with AES, and the AES key with RSA. – CodesInChaos Nov 21 '12 at 20:17
-
RSA is only to encrypt small data and encrypt the keys which are used to encrypt the data? – RecklessSergio Nov 22 '12 at 05:20
2 Answers
35
You cannot use an RSA encryption decryption on more than approx 128 bytes at a time. You must split up the data and do it in a loop pretty much writing the bytes to String/Array as you go. If your only problem is the size of the data, you probably don't have much more to go. Just splitting the data.
A great example, possibly more complete for you, dealing with strings larger than 128 bytes: http://www.stellarbuild.com/blog/article/encrypting-and-decrypting-large-data-using-java-and-rsa
If you need more explanation on RSA encryption in general:
The following code demonstrates how to use KeyPairGenerator to generate an RSA key-pair in Java:
// Get an instance of the RSA key generator
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
// Generate the keys — might take sometime on slow computers
KeyPair myPair = kpg.generateKeyPair();
This will give you a KeyPair object, which holds two keys: a private and a public. In order to make use of these keys, you will need to create a Cipher object, which will be used in combination with SealedObject to encrypt the data that you are going to end over the network. Here’s how you do that:
// Get an instance of the Cipher for RSA encryption/decryption
Cipher c = Cipher.getInstance("RSA");
// Initiate the Cipher, telling it that it is going to Encrypt, giving it the public key
c.init(Cipher.ENCRYPT_MODE, myPair.getPublic());
After initializing the Cipher, we’re ready to encrypt the data. Since after encryption the resulting data will not make much sense if you see them “naked”, we have to encapsulate them in another Object. Java provides this, by the SealedObject class. SealedObjects are containers for encrypted objects, which encrypt and decrypt their contents with the help of a Cipher object.
The following example shows how to create and encrypt the contents of a SealedObject:
// Create a secret message
String myMessage = new String("Secret Message");
// Encrypt that message using a new SealedObject and the Cipher we created before
SealedObject myEncryptedMessage= new SealedObject( myMessage, c);
The resulting object can be sent over the network without fear, since it is encrypted. The only one who can decrypt and get the data, is the one who holds the private key. Normally, this should be the server. In order to decrypt the message, we’ll need to re-initialize the Cipher object, but this time with a different mode, decrypt, and use the private key instead of the public key.
This is how you do this in Java:
// Get an instance of the Cipher for RSA encryption/decryption
Cipher dec = Cipher.getInstance("RSA");
// Initiate the Cipher, telling it that it is going to Decrypt, giving it the private key
dec.init(Cipher.DECRYPT_MODE, myPair.getPrivate());
Now that the Cipher is ready to decrypt, we must tell the SealedObject to decrypt the held data.
// Tell the SealedObject we created before to decrypt the data and return it
String message = (String) myEncryptedMessage.getObject(dec);
System.out.println("foo = "+message);
Beware when using the getObject method, since it returns an instance of an Object (even if it is actually an instance of String), and not an instance of the Class that it was before encryption, so you’ll have to cast it to its prior form.
msj121
- 2,812
- 3
- 28
- 55
-
1
-
I chose to do the split the message in 100 bytes parts, did I do a bad idea? – Felipe Valdes Jun 09 '18 at 15:33
-
At best, splitting a message into chunks and trying to apply RSA like a block cipher is **horribly inefficient.** At worst, **it's insecure:** because it's unconventional, no one has bothered to study what vulnerabilities this mode introduces. For example, actual block ciphers like AES are used in certain modes that provide different properties to the encryption scheme. Who can say what properties this home-brew RSA mode has. – erickson Jun 20 '18 at 16:46
-
Also see [Is RSA in a ECB-like-mode safe for bulk encryption?](https://crypto.stackexchange.com/q/2789/10496) on [Cryptography Stack Exchange](http://crypto.stackexchange.com/). The [Handbook of Applied Cryptography](http://cacr.uwaterloo.ca/hac/) also discourages the practice. – jww May 25 '19 at 13:24
-
-
1
9
RSA is not intended for bulk data encryption. Instead, use a symmetric cipher, like AES, to encrypt your "large string". Then, encrypt the symmetric key used for AES with the RSA key.
BouncyCastle supports two protocols for doing this: S/MIME and PGP. All sensible privacy protocols use asymmetric algorithms for key transport or key exchange in this manner.
The message size that can be encrypted with RSA depends on the modulus of the key, less some bytes required for securely padding the message.
erickson
- 265,237
- 58
- 395
- 493
-
1
-
16
-
1An example simple enough for a StackOverflow answer would be blindly copied and used without understanding all the issues around it required to obtain real security. Public key message encryption is best implemented with a widely-used and well-maintained library. – erickson Jun 20 '18 at 16:53