| Subject | Re: [Firebird-Architect] PKCS and RSA keys |
|---|---|
| Author | Mark O'Donohue |
| Post date | 2005-05-01T01:50:47Z |
Hi Jim
I think you've either misunderstood something in PKCS or have got
confused over the usages of one of the PKCS packages.
Jim Starkey wrote:
package) are working fine and are secure.
Mind you, since the public key is "public" being able to compute the
public key from a package that contains the private key, wouldn't be a
real loss of information anyway.
But can you be a bit more specific. ie, which private key format are you
talking about?
Assuming it's PKCS7/smine you are talking about:
In a PKCS7/smime document, which you may be sending to several people,
instead of encrypting the whole document once for each recipient using
their RSA public key (which if sending to 10 people, would then result
in an 10x increase in the package size). Instead you generate a random
key for 3DES or AES, then encrypt the (possibly large) document once
with the symetric 3DES/AES cipher. Then finally just the 3DES/AES key
is encrypted using each recipients public RSA key.
Each recipient can then independantly decrypt the DES/AES key and then
go on and decrypt the body of the document. So the document is
available to all in the distribution list, but noone else.
A side benefit of doing it this way, is that since RSA encryption is
relatively costly compared to symmetric ciphers, is you save a bit of
cpu doing this way as well.
The hash your talking about is if you want to digitally sign the
document as well as or instead of encrypting it.
But perhaps a bit more info will help to explain exactly where.
Cheers
Mark
I think you've either misunderstood something in PKCS or have got
confused over the usages of one of the PKCS packages.
Jim Starkey wrote:
> A good time back I said that within the RSA cryptosystem neither theAs far as Im aware, this is not the case, RSA (and the whole PKCS7/smime
> public nor private keys can be feasibly computed from the other. While
> this is correct in theory, it is not true in practive. One of the two
> private key formats used by RSA contains redundant information from
> which the public key can be trivially computed.
>
package) are working fine and are secure.
Mind you, since the public key is "public" being able to compute the
public key from a package that contains the private key, wouldn't be a
real loss of information anyway.
But can you be a bit more specific. ie, which private key format are you
talking about?
> The base RSA crypto system consists of a modulus (public), which is theYes, pretty much.
> product of two or more large primes, and two integers. Cleartext is
> represented as an integer. The message is encrypted by raising it to
> the power on one integer and dividing by the modulus. The remainder is
> the cryptotext. Cryptotext is decrypted by raising it to the power of
> the other integer and dividing by the modulus. The remainder is the
> cleartext. Note that the operation is symmetrical, and each integers
> can decrypt a message encrypted by the other.
>
> It isn't quite this simple in practice, however, since an official RSAThis is where I think you've misunderstood something.
> encryption requires that the clear text be encoded with a random number
> and secure hash before encryption and decoded after decryption. But the
> process is still symmetric if the short form of keys are used.
>
Assuming it's PKCS7/smine you are talking about:
In a PKCS7/smime document, which you may be sending to several people,
instead of encrypting the whole document once for each recipient using
their RSA public key (which if sending to 10 people, would then result
in an 10x increase in the package size). Instead you generate a random
key for 3DES or AES, then encrypt the (possibly large) document once
with the symetric 3DES/AES cipher. Then finally just the 3DES/AES key
is encrypted using each recipients public RSA key.
Each recipient can then independantly decrypt the DES/AES key and then
go on and decrypt the body of the document. So the document is
available to all in the distribution list, but noone else.
A side benefit of doing it this way, is that since RSA encryption is
relatively costly compared to symmetric ciphers, is you save a bit of
cpu doing this way as well.
The hash your talking about is if you want to digitally sign the
document as well as or instead of encrypting it.
> If, however, you encrypt with a public key thinking that an embedded butThat statment, Im pretty sure is untrue.
> retrievable secret key is going to be secure, you are going to be sorely
> disappointed.
>
But perhaps a bit more info will help to explain exactly where.
Cheers
Mark