RSA and multiple block encryption

chadmichael · February 13th, 2007, 05:05 PM

First of all, let me say that I know this isn't supposed to be done. But I'm being forced into this ;) Money is the root of all evil.

I'm encrypting with RSA. My data is more than one block long. I can post code if necessary but I'll try to show pseudo code first as I will have to obscure some data to post code, and I don't think its necessary anywho.

Can someone tell me what I'm doing wrong? Everything works fine when I do a smaller chunk ( one block or less ) and use doFinal(). But my multi-block implementation isn't working. Details below.

Code:

//key objects and variables 
cipher rsaCipher
int cipherBlockSize

byte[] plainText
int lengthOfPlainText
int remainingBytesToProcess = lengthOfPlainText;

while ( remaingBytesToProcess > cipherBlockSize )
{
    byte[] block = getTheNextSetOfBlockSizeBytesFrom plainText;

    //THIS DOESN'T RETURN ANYTHING?  API SAYS IT DOES BUT I NEVER GET 
    //ANYTIING RETURNED BY UPDATE WITH THIS RSA CIPHER
    rsaCipher.update( block);

}

//EXITING THE BLOCK I SHOULD HAVE JUST A REMAINING CHUNK, LESS THAN BLOCK SIZE

block = remainintBytes //NOTE ITS LESS THAN A FULL BLOCK SIZE;PROBLEM?

//THIS NEXT LINE BLOWS UP WITH THE STACK TRACE INCLUDED BELOW
byte[] cipherText = rsaCipher.doFinal( block );

Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
        at org.bouncycastle.jce.provider.JCERSACipher.engineD oFinal(Unknown Source)
        at javax.crypto.Cipher.doFinal(DashoA12275)
        at com.blackdog.testing.encryption.JFSmartCardTest.ma in(JFSmartCardTest.java:105)

dgh · February 13th, 2007, 05:40 PM

You can only process one block of data with RSA. The amount of data is limited by the key size and the padding mechanism chosen.

With the update, the method will only return something when enough input data has been feed into the cipher.

Regards,

David

chadmichael · February 13th, 2007, 05:53 PM

Quote:

quote:You can only process one block of data with RSA. The amount of data is limited by the key size and the padding mechanism chosen.

So, to do multiple blocks of RSA you essentially have to make a new cipher and do another block. I guess this speaks to the irregularity of what I'm doing. So I'll just put my cipherTextBlocks together after I've created them all. This makes me wonder how my "other party" will decode this.

Quote:

quote:With the update, the method will only return something when enough input data has been feed into the cipher.

Does this imply that the update() method is just not needed by the RSA cipher then?

dgh · February 13th, 2007, 06:46 PM

Update allows you to accumulate data in the cipher, so it's not so much that it's not needed, it's probably not needed in your case.

For what you're trying to do successive calls to doFinal would probably be the way to go, there's no need to create a Cipher object for each step. I'm assuming you've told whoever it is that's making you do this that it reduces the security of the encryption (make sure you get it in writing, if your work gets audited later, special circumstances not withstanding, this will not look good).

Regards,

David

chadmichael · February 14th, 2007, 01:24 PM

Does the RSA with PKCS1Padding *output* a fixed block size? In other words, when decoding a multiple block chunk, is it possible to distinguish the blocks?

dgh · February 14th, 2007, 06:39 PM

Yes - the output size is constant.

Regards,

David

sEgU · June 4th, 2007, 03:17 AM

I have an encrypted byte array which is 66 bytes long.
My private key which I need to decrypt is stored in a file and is 344 bytes long. It supports 64 byte blocks.

All the methods update(), doFinal(), unwrap() do not function. I always get the following (in this case I used unwrap):

Code:

java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
        at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
        at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
        at javax.crypto.Cipher.unwrap(DashoA6275)
        at key.calculateMasterSecret(key.java:494)
        at key.<init>(key.java:100)
        at key.main(key.java:117)

What should I do? I tried to split up the encrypted data into one 64 byte and one 2 byte block and used the 3 methods again, but same failure raised.

The private key is in PKCS#8 DER (binary) format.
The encrypted data are encrypted using "RSA/ECB/PKCS1Padding".

dgh · June 4th, 2007, 07:26 AM

Exactly how many bits is your private key? Assuming it's 512 bits the data size that you have been given does not make any sense. If the data does represent 2 blocks they would be 33 bytes each.

RSA is not a regular block cipher, it should not be used for encrypting multiple blocks one after the other, and even if it was used that way it certainly wouldn't work like this!

Regards,

David

sEgU · June 5th, 2007, 03:51 AM

I only had to use the last 64 bytes of the encrypted data.
I don't know why, but it functioned...