RSA Message too long Javascript JSBN

Question

I am using JSBN in javascript to encrypt a set of string (message) of facebook data to securely send them to my server (PHP) and decrypt them there.

Some users are experiencing "Message too long" on something like

"&fbemail='+fbemail+'&gender='+fbgender+'&birthday='+fbbirthday+'&name='+fbname+'&surname='+fbsurname+'&fbuser='+fbuserid"

I have generate a private key through:

$privateKey = openssl_pkey_new(array(
          'private_key_bits' => 1024,
          'private_key_type' => OPENSSL_KEYTYPE_RSA,
        ));

Why am I getting that message? The message is not that long.

I have looked at the following post, yet I dont understand how to use AES in javascript without having the AES passphrase compromised.

RSA Encryption Problem [Size of payload data]

You can make a hybrid encryption with [crypto-js](https://code.google.com/p/crypto-js/#AES) for AES encryption, and [window.crypto.getRandomValues](https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues) for getting cryptographically random keys. — Tomer, Nov 19 '13 at 16:03

score 7 · Accepted Answer · edited May 23 '17 at 12:02

Without generating a symmetric key and encrypting the full message? Use a bigger key. 1024-bit keys can only encrypt 117 bytes without some sort of padding, but a 2048-bit one can handle up to 245 bytes, and a 4096-bit key up to 501 bytes. That could make your script handle bigger and accented names (non-ASCII characters uses two or more bytes per character).

I ended up with a similar problem, but Thoman Pornin answer to RSA Encryption Problem [Size of payload data] was great in explaining the reason of this limitation.

Also gave up trying to split up the message in several encrypted chunks after reading (the same) Thomas Pornin answer to Does RSA padding have to be unpredictable if the payload is?

RSA Message too long Javascript JSBN

1 Answers1