Re: Simple way to use PKI for larger data sets
snacktime wrote: [...] I could generate a random key for each request, encyrpt it, and stick it in the database with the request, but I was hoping for a simpler solution. Are there any asymmetric ciphers in openssl that don't have the same limitation on the amount of data that can be encrypted? The data still isn't that large, probably 20 times the key size at most, so I don't think performance would be an issue, or would it? The other way would be to encrypt your data in packets which are equal to the key size (like it is done with most symmetric protocols), but you indeed may run into performance problems. Usually the hybrid way of combining symmetric and asymertic ciphers is used because of performance reasons. And just to straighten out terminology: what you are talking about has nothing to do with PKI (Public Key Infrastrucure)... ;) Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
RE: Simple way to use PKI for larger data sets
Hi, Can you use GPGME instead of OpenSSL? Perhaps it provides a High-Level Crypto API including hybrid encryption. Yoshiki FUKUBA -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of snacktime Sent: Sunday, August 27, 2006 3:23 AM To: openssl-users Subject: Simple way to use PKI for larger data sets I have an application that processes credit cards. It uses a database to store the data. On a less secure (accepts outside connections to process requests) server I run a copy that only has the public key, which it uses to encrypt the cards after authorization. On another server that doesn't accept any incoming requests, I run a copy with the private key that captures the authorizations, decrypting the cards and sending the batch to the bank. Using rsa this works great for the cards themselves, but I also want to encrypt and store the raw transmission data we send for future auditing/debugging. Since rsa was only designed to encrypt the key and not the payload this presents a problem (data larger than key size). I'd rather not make the software any more complicated then it has to be. I could generate a random key for each request, encyrpt it, and stick it in the database with the request, but I was hoping for a simpler solution. Are there any asymmetric ciphers in openssl that don't have the same limitation on the amount of data that can be encrypted? The data still isn't that large, probably 20 times the key size at most, so I don't think performance would be an issue, or would it? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Simple way to use PKI for larger data sets
I have an application that processes credit cards. It uses a database to store the data. On a less secure (accepts outside connections to process requests) server I run a copy that only has the public key, which it uses to encrypt the cards after authorization. On another server that doesn't accept any incoming requests, I run a copy with the private key that captures the authorizations, decrypting the cards and sending the batch to the bank. Using rsa this works great for the cards themselves, but I also want to encrypt and store the raw transmission data we send for future auditing/debugging. Since rsa was only designed to encrypt the key and not the payload this presents a problem (data larger than key size). I'd rather not make the software any more complicated then it has to be. I could generate a random key for each request, encyrpt it, and stick it in the database with the request, but I was hoping for a simpler solution. Are there any asymmetric ciphers in openssl that don't have the same limitation on the amount of data that can be encrypted? The data still isn't that large, probably 20 times the key size at most, so I don't think performance would be an issue, or would it? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
