开发者

RSA implementations for Java, alternative to BC

开发者 https://www.devze.com 2023-01-01 08:53 出处:网络
The RSA implementation that ships with Bouncy Castle only allows the 开发者_Go百科 encrypting of a single block of data.

The RSA implementation that ships with Bouncy Castle only allows the 开发者_Go百科 encrypting of a single block of data. The RSA algorithm is not suited to streaming data and should not be used that way. In a situation like this you should encrypt the data using a randomly generated key and a symmetric cipher, after that you should encrypt the randomly generated key using RSA, and then send the encrypted data and the encrypted random key to the other end where they can reverse the process (ie. decrypt the random key using their RSA private key and then decrypt the data).

I can't use the workaround of using symmetric key. So, are there other implementations of RSA than Bouncy Castle?


This restriction isn't just something randomly invented by Bouncy Castle, and using a symmetric key isn't a "workaround": it's correct practice.

The RSA algorithm is intrinsically not suited to encrypting large quantities of data. If you really really really really really want to use it on a large quantity of data, then you could just about split your data up into blocks small enough, and encrypt each one. But this is not standard practice and you could run into security issues you haven't thought of, whereas block ciphers such as AES have standard means for dealing with the issues you may come across (look at block modes-- essentially there's a security issue for example encrypting the same data with the same key multiple times, and block modes are a built in way to deal with this).

I would really just stick to the standard practice of streaming with symmetric encryption and encrypting the symmetric key (and essentially nothing else) with RSA.


Yes, the JDK comes with one but it won't do you any good. Typically, this is the way encryption is done when using RSA. You generate a random symmetric key and encrypt your data with that. You encrypt the symmetric key with RSA and transmit.

If you want to encrypt only with RSA and leave out the symmetric part you can do that (with BC or without) but be warned that it's going to be awfully slow to encrypt or decrypt and take up a LOT more space than the typical alternative.


All RSA implementations would have a similar caveat. That's the nature of the RSA algorithm.

Using a symmetric key as described isn't a "workaround". It's "correct." If there's any possibility of applying a better encryption technique, it would be worth pursuing.


You can invoke RSA once for each data "block". Don't do this.

  • RSA isn't a block cipher. It accepts inputs in the range [0,p×q], not [0,2n−1]. In the obvious implementation, each output block is at least 1 bit larger than an input block, which is not ideal.
  • RSA is multiplicative. Using RSAe() to mean RSA encryption with key e,
    • RSAe(0) = 0
    • RSAe(1) = 1
    • RSAe(a*b) = RSAe(a) × RSAe(a)

Why can't you generate a symmetric key?

0

精彩评论

暂无评论...
验证码 换一张
取 消