If your RSA key is too small to encrypt your symmetric key, then your RSA key is too small to be secure. A 512-bit RSA key can already be broken today. 1024 is now the minimum recommended for security, and it should be sufficient for all common symmetric key lengths.
On Tue, Oct 12, 2004 at 04:09:15PM +0200, Cornel Maftuleac wrote: > Hello all. > I have the following questions: > I have to encrypt using RSAES_OAEP_SHA a block of data. > Data length is larger then the admisible length for the selected key and > length. > For example for a key length of 512bits we can encode 22 bytes of data. > For this purpose I am using the following well-known scheme: > 1. Encrypt the message using a symmetric cipher. > 2. Encrypt the symetric's key using RSA publik key, and append it to the > encrypted message in first step. > > [MSG]sk + [sk]pk > sk - symmetric key > pk - assymmetric public key > > This all works fine, but until we have cases when the key itself is > bigger than the admisible msg size for RSA. > What to do in this case?:) > The easyest way is to split symmetric key in blocks not bigger than the > max admisible msg length for the selected key, and encrypt every block > with RSA public key, and along with a biggger assymmetric key, 1024, > 4098 etc. How do you think this is secure enough? > Maybe there exist other ways of doing this?
