0

This is a piece of my code that encrypts a private key:

string pemContent = File.ReadAllText(pemPath);
csp.ImportFromPem(pemContent);
string test = rsa.GetPrivateKey();
var data = Encoding.UTF8.GetBytes(test);
var cypher = csp.Encrypt(data, false);
Console.WriteLine(Convert.ToBase64String(cypher));

This is the GetPrivateKey() function:

public string GetPrivateKey()
{
    return rsa.ToXmlString(true);
}

I get this error:

Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException: 'Bad Length.'

I know by now that private key is to big to encrypt it with client public key and the question is how to make is possible?

I can't find anything similar to what I am doing, the only clue I have is that wannary used the same technique while its file encryption process.

I use RSACryptoServiceProvider to handle rsa encryption.

EDIT: Maybe i should describe my case more in detail. I am building a simple ransomware (i (i am a cybersecurity enthusiast and i do it just to learn how this viruses works in depth, so it's for educational purposes only). More advanced ransomware uses hybrid encryption. The scheme i am trying to implement is well described in this video. I am stuck in the last step which is encrypting client private key with server public key.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Michał Jankowski
  • 19
  • 5
  • 1
    Your scenario is not quite clear to me. Anyway, with RSA only a limited data size can be encrypted. The maximum data size depends on the modulus of the key used for encryption and the padding applied. If the data is larger, you have two options: You can use a larger key (but this only gives a rather limited increase in size and soon becomes inperformant, [here](https://stackoverflow.com/q/39068473/9014097)) or you can apply a [hybrid scheme](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) (performant, unlimited data size). – Topaco Jul 31 '22 at 08:30
  • First look at https://stackoverflow.com/questions/1496793/rsa-encryption-getting-bad-length then https://stackoverflow.com/questions/40243857/how-to-encrypt-large-file-with-rsa/40244430#40244430 – Rezaeimh7 Jul 31 '22 at 08:32
  • Never send a private key with the message. Like giving a thief the key to you door. Private keys should always be sent separate from the message. It is always good to encrypt a private key with another private key to make it more secure. Public keys are used to encrypt one message and get sent with the data. A private key is not sent with message and is meant for each client/server to encrypt uniquely. It is like using a cell phone. A new public key every time a phone connect to the base station. A private key is used to keep one phone from decrypting another phone at same base station. – jdweng Jul 31 '22 at 09:30

1 Answers1

0

I'm presuming RSA here, it's not directly in the question, but it can be concluded from the code. Also, because of the second parameter of Encrypt being false, I'll assume PKCS#1 v1.5 padding.

There are two ways to do this. One you have already mentioned, and it is the best option: use hybrid encryption. You first create a random encryption key, encrypt the RSA key, and then encrypt that key.

The second way is to simply use a larger RSA key pair for the server. PKCS#1 v1.5 padding has a minimum overhead of 11 bytes, 8 of which are non-zero random. It's better to use 16 bytes of random data though, so then you'd have 19 bytes / 152 bits of overhead. For more information on the overhead of RSA encryption see my answer here.

The encoded private key needs to be in the remaining bits. Now it is best to use the minimum amount of bits to encode the private key. The best way to do this is to encode the modulus and only the private exponent (i.e. without the CRT parameters). Each of these will take as many bits as the key size if you use a constant sized, unsigned big endian encoding. So the key pair needs to be klen * 2 + 152 bits.

Note that this is not necessarily the best option as there could be schemes that allow you to never generate the private key on the client in the first place, until the private key needs to be released for decryption that is.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263