Just curious: Putting speed aside, what is the security risk by encrypting a "large file" chunk by chunk using RSA public key? (e.g. using chain mode like what is done in symmetric block cipher)
> On 12/14/05, Amir (sent by Nabble.com) <[EMAIL PROTECTED]> wrote: >> >> Thank you for your reply, >> >> I do not undrestand the last paragraph very well. I know how to encrypte >> a >> file using a symmetric algorithm. But i dont know what do you mean by >> "then >> encrypting with the RSA key" >> >> Encrypting by by a symmetric al will give me a file with the same size. >> >> I all want to do is to give a public key to someone to encrypt large >> files >> and send it to me. >> >> Amir >> ------------------------------ >> Sent from the OpenSSL - >> User<http://www.nabble.com/OpenSSL---User-f981.html>forum at >> Nabble.com: >> Re: How to encrypt a large file by a public >> key?<http://www.nabble.com/How-to-encrypt-a-large-file-by-a-public-key--t724858.html#a1951256> > > > OK, this is what you want to do: > > Imagine that you want your friend to send you an arbitrarily large file > F > encrypted. We assume that your friend has your public key PubK. He > proceeds > as follows: > > 1) Randomly generate a key K to be used with some symmetric algorithm, > e.g. AES. > 2) Encrypt F with AES (not RSA) and key K. > 3) Encrypt K with RSA, using key PubK. > 4) Send the encrypted F and K to you. > > You would proceed as follows: > > 1) Decrypt the encrypted K with RSA, using your private key PrK. > 2) Decrypt the encrypted F with AES, using the K just decrypted. > > Your friend could potentially use RSA to encrypt the whole F. This, > however, > would be terribly inefficient: not only would he have to do the encryption > in chunks, as described in my previous note, but, in addition, RSA is > hundreds of times slower than AES. On your side, things would be even > worse, > for the RSA private key operation is an order of magnitude slower than its > public key counterpart. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
