-1

I received what I thought to be a very strange requirement from a vendor for my latest project and before I go back to them asking for new requirements or clarification I thought I would bounce it off the stackoverflow crowd to make sure I wasn't completely wrong myself.

We're sending a file to a vendor with sensitive information in it. The vendor has told us that we need to encrypt the file with RSA 2048 bit encryption. I repeated the requirement 3 times to them to get clarification on exactly what they needed and each time they confirmed that simply encrypting the file contents is not what they were asking for but instead they needed me to encrypt the entire file.

My primary development language is C# and so I have looked for a way to do this using C#, then broadened my search just to find anything that would indicate how this may be done but I can't find anything. Furthermore my colleague has tried using RSA 2048 in a proof of concept to encrypt the contents of a file but is running into a character encryption limitation of 246 characters making me think it's not even possible. After the 246th character is added we get a crash error: "Key not valid for use in specified state".

Appreciate any help!

omatase
  • 1,551
  • 1
  • 18
  • 42
  • 1
    What's the difference between encrypting the file contents and encrypting the whole file? Besides, asymmetric encryption algorithms (like RSA) typically suffer from certain flaws that symmetric algorithms don't have. The SSL/TLS protocol uses RSA only to send an AES key. – zneak Mar 29 '11 at 15:56
  • 2
    Ask him the difference between "whole file" and "file contents" – Jus12 Mar 29 '11 at 15:57
  • How big will those files (or their contents :) be? – H H Mar 29 '11 at 16:00
  • You might also want to read (or have your client read) the answers on this question over security.se: http://security.stackexchange.com/questions/2581/are-there-any-security-measures-that-are-resistant-to-a-brute-force-attack – zneak Mar 29 '11 at 16:02
  • Yeah these are all good questions. zneak,jus12 - I'm going to ask him what the difference is when I talk to him next. – omatase Mar 29 '11 at 16:21
  • Henk - The files will be CSV format about 10 fields per row. Until the system is up and running I don't know how many rows will be in each file but it could be as many as 10,000 rows. – omatase Mar 29 '11 at 16:22
  • Did they mean encrypting the hash of that file with RSA? – Predator Mar 29 '11 at 16:23
  • Gens - the more I research it, the more I think that must be the case. I have enough information from these responses to go back and tell them we need more information. It seems clear that my initial feelings were correct and that we didn't get the correct information. – omatase Mar 29 '11 at 16:33
  • @omat: 10k rows -> way to big for RSA. – H H Mar 29 '11 at 17:11
  • This question appears to be off-topic because it is not valuable to any future readers because it's based on a fallacious premise that "whole-file" encryption is possible with anything other than drive-level or file system-level encryption. It should not have ever been asked and was just a mis-communication from a bank on what their requirements were. – omatase Aug 27 '14 at 22:34

3 Answers3

4

You don't normally use RSA to directly encrypt data; it's much too slow. The usual practice is to generate a random key for a fast symmetric cryptosystem, use that to encrypt the data, and use RSA to encrypt the symmetric key. That's probably why you're running into this size limit.

PGP will do what you need.

Tom Zych
  • 13,329
  • 9
  • 36
  • 53
  • I am guessing this is what their actual requirement is. I'll know more when I contact them again. – omatase Mar 29 '11 at 16:34
2

Well, your vendor understands nothing in cryptography. But if you are really willing to follow this bizarre requirements from their side... encrypt file in chunks. RSA cannot operate on content more than it's modulus size minus few bytes. IN your case it is 256 bytes minus like 11 bytes I suppose depending on padding scheme used.

Also you can do some freak CBC chaining over blocks to further increase security and without doubt your vendor will consider you a brilliant specialist after you explain him how to decrypt a file. ;) Never heard about RSA-CBC but it's an absolutely brilliant idea ;)

Vladislav Rastrusny
  • 29,378
  • 23
  • 95
  • 156
  • 1
    Snerk. Hey, tell them it's RSA-ECB. If they seem impressed, it's pretty well proven they don't have a clue. – Tom Zych Mar 30 '11 at 20:45
0

Whole file maybe just like zipped file, namely including directory path, filename, and file content. If your client requirement is just like that, then just zip the file and then encrypt it. You may need to increase the RSA keysize in order to do that.

UPDATE: The following is the VB.net function to calculate the required RSA keysize. I just copy from my old project. This function assumes you are using optimal asymmetric encryption padding (OAEP):

Public Function CalculateRequireRsaKeyLength(ByRef ByteArrayToEncrypt As Byte()) As Int32


    Try
        Dim TotalBytesEncryptable As Int32

        'TotalBytesEncryptable = ((KeyLength - 384) / 8) + 7

        TotalBytesEncryptable = ByteArrayToEncrypt.Length - 7
        TotalBytesEncryptable = TotalBytesEncryptable * 8
        TotalBytesEncryptable = TotalBytesEncryptable + 384
        If TotalBytesEncryptable <= 384 Then
            Return 384
        End If

        If TotalBytesEncryptable >= 16384 Then
            'means error
            Return 0
        End If

        Return TotalBytesEncryptable
    Catch ex As Exception
        'System.IO.File.WriteAllText("e:\qqwwee.txt", ex.ToString)
        Return 0
    End Try
End Function

UPDATE: Here is the link for calculating RSA keysize: how to use RSA to encrypt files (huge data) in C#

Community
  • 1
  • 1
Predator
  • 1,267
  • 3
  • 17
  • 43