2

Up to now, I thought that if I have RSA-encrypted data, this data would be easily exchangable between most platforms (.net, java, pc, unix..), because of the commonly used algorithm.

Through investigating for another questions I had, I'm now confused. I have found even between MS-implementations differences (some provider reverse the resulting byte-array). Moreover the padding seems not to follow a standardization.

Can someone with experience in cross platform cryptography give a statement, if RSA-encoded data is relatively simple exchangable (with some obvious pitfalls) or if this is a headache?

Community
  • 1
  • 1
HCL
  • 36,053
  • 27
  • 163
  • 213
  • 1
    Is what you're exchanging portable in unencrypted form? Even plain text files can give you a headache due to encodings, CR/LF conventions, tab handling, etc. – Fred Foo Oct 28 '11 at 17:33
  • @larsmans: The question is more a question for understanding. Its clear that the platform-problems potentialy will arise with the unencrypted data. But until now, I thought that at least RSA.Encrypt(a)=b and RSA.Decrypt(b) =a also if RSA.Decrypt(b) is done on another system. – HCL Oct 28 '11 at 18:36
  • Alright HCL, just checking. I guess I should've spotted your 9500+ rep before asking such a noob-filter question, sorry about that. – Fred Foo Oct 28 '11 at 18:54

2 Answers2

3

Note that RSA encryption is normally not used by itself, but in combination with a symmetric encryption algorithm. So, to make sure to be interoperable, you need to make sure that:

  • Both sides use the same padding scheme for RSA (e.g. the one originally defined in PKCS#1 v1.5, or OAEP). (That does not mean that the padding has to be deterministic, just that the decrypter know which bits of the decrypted text was padding and which were the original message).
  • Both sides use the same format for their messages (e.g. the one in PKCS#7 or its successors).
  • Both sides use the same symmetric algorithm (e.g. AES-128), mode of operation (e.g. CBC) and block cipher padding scheme (e.g. PKCS#5-padding).
  • The encrypting party must use the public key corresponding to the private key used by the decrypting party.
Community
  • 1
  • 1
Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
  • 2
    Actually, for asymmetric encryption, the padding MUST NOT be deterministic, otherwise one could make an exhaustive search on the plaintext. It is normal and expected that encrypting twice the same data with RSA yields two distinct byte strings (but after decryption, the padding can be unambiguously removed, of course). – Thomas Pornin Oct 29 '11 at 12:15
2

The simple answer to your question is no, the cryptographic algorithm itself does not specify how to store or transmit bytes between implementations to ensure interoperability. For that you must use a standard format or protocol that gives these instructions down to the bit level. For example, in Paulo answer he talks about PKCS#7 and PKCS#1. These in turn rely on the DER-encoding rules of ASN.1 that specify exactly how to covert the big integer pieces of RSA into an unambigous sequence of bytes and back again.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125