Title: Dumb question.
I second the use of VisualAssist.
 
- Shawn
-----Original Message-----
From: Chris Newcombe [mailto:[EMAIL PROTECTED]
Sent: Monday, April 07, 2003 1:49 PM
To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: RE: Dumb question.

RSA is a fixed/limited length crypto scheme.  For long messages, generate a symmetric session key (e.g. AES-128), encrypt that with RSA, and then encrypt the message with the session key. As a bonus you can MAC the message with the same session key (e.g. HMAC<SHA1>).   Note that some MACs (e.g. CBC) need a different key to the encryption key to avoid leaking key bits - in that case take a hash (SHA1) of the encryption key before using it as the MAC key.
 
 
Try VisualAssist (http://www.wholetomato.com) better IntelliSense in VC++.

 
 -----Original Message-----
From: Julia Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, April 07, 2003 12:28 PM
To: [EMAIL PROTECTED]
Subject: Dumb question.

RSA encryption blows up if you pass it a string that is beyond a certain length.

<rant>This is aggravating. Code samples don't deal with the simple idea of encoding something beyond a few dozen characters. I'd really vote for some sort of effort to create a usability API where calls do what you want to expect. Use the JCE as a basis. What I am finding is that half the time VC++ cannot provide method completion on data values which makes using crypto++ classes very trying. Manual inspection of the documentation takes orders of magnitude more time and effort to follow. It's like going back to 1980 development tools.</rant>

How do I deal with long messages? Does this mean that crypto++ RSA encryption doesn't handle adding random noise into the padding, exposing the encryption to differential attacks (i think that's what can happen .. i don't remember the exact details).


Reply via email to