I need to encrypt large string is it possible to do it with RSA public key private key ?
Depending on how large the string you're wanting to encrypt is - if it's larger than the modulo - it's usually best to just encrypt a randomly generated string of x bytes that serves as the key to a symmetric algorithm and then use that symmetric algorithm to encrypt the "large string".
eg. encrypt a 16 byte (128 bit) key for AES and then encrypt the "large string" not with RSA but with AES and append it to the RSA encrypted AES key.
Or you could use a larger modulo, too, but the larger the modulo the more time it'd take to perform encryption / decryption.
Related
The Hypothesis: my encryption/decryption mechanism malfunctioned in such a way that integer plaintext message Pi1 was encrypted and got later decrypted into an integer plaintext Pi2.
The technical circumstance: I use AES 128-bit with random IV for encryption/decryption. The key is changed everyday. I use openssl php extension.
The actual problem: I encrypted Pi1, but then I decrypted it to Pi2. Those are numbers around 120000 and 120100 respectively. I do not know whether key(somedayago) or key(today) was used to decrypt the message.
The question: is it possible that
Pi1 encrypted with k was decrypted using k to Pi2? or
Pi1 encrypted with k(today-n) was decrypted using k(today) to Pi2?
Thanks
I am using aes256 with php to encrypt data.
In the various documents I see various ways to generate a key, Like:
$key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
Or
$Key = "what ever, plain string";
Or
$Key = "123456789abcdef";//128bit
What is the point of the first example, as opposed to the others?
Why not simply use a random string, 128 or 256 long?
I am using the example here http://php.net/manual/en/function.mcrypt-encrypt.php with each of the different key generating methods above.
You have three different key lengths. AES is specified for the following three key lengths: 128-bit (16 byte), 192-bit (24 byte) and 256-bit (32 byte). I'm not going to go into detail about the strength of different key sizes.
Let's take them apart:
$key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
This is a hex encoded which is 64 characters long in encoded form. The key itself will be 32 bytes long which means that when the key is passed to mcrypt_encrypt() AES-256 is used automatically.
$Key = "what ever, plain string";
This is a 23 character string which can be used as a key for PHP versions before 5.6.0. This is not a valid length for a key in AES. MCrypt will pad the key with \0 up to the next valid key size which is 24 byte for AES-192. So this key is actually a valid key for PHP 5.6 in this form:
$Key = "what ever, plain string\0";
$Key = "123456789abcdef"; //128bit
This is a 15 character "key". As with the previous example, it will be padded to reach 16 bytes so that AES-128 is used.
Generating a key
Since you're asking about key generation, this question contains some approaches. Keys should be random and consist of all possible bytes. Using keys that are only alphanumeric or only contain printable characters is not good if you want to be safe against brute-force attacks on your key.
Since it's not possible to directly hard-code arbitrary bytes as a key in a code file, you should use the first approach of hard-coding an encoded version of the key and decode it programmatically.
Using hard-coded keys
There are only a handful of scenarios where hard-coding a symmetric key in the code can be used:
testing cryptographic implemetations (during development)
encryption data at rest where the data is not on the same machine as the encryption key (otherwise, it's just data obfuscation)
If your scenario doesn't match to the above, you're either happy with obfuscation or you should think about how you can employ public-key-encryption with a hybrid encryption approach.
I'm currently study Laravel4.2 and start to compared with Codeigniter
But I found some problem on Encryption Key character as below code
I've used this key to testing in Laravel 4.2 but it don't work because I got messages
"mcrypt_encrypt(): Size of key is too large for this algorithm"
But it's work perfect when I've used the same Encryption Key in Codeigniter latest version.
My question:How does Larave 4.2 secure if I used MCRYPT_RIJNDAEL_256 of Encryption Key
'key' =>
'SdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrdSdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrd',
'cipher' => MCRYPT_RIJNDAEL_256,
AES keys need to be indistinguishable from random and either 16, 24 or 32 bytes in length. It seems Laravel adds an additional check for the AES key to be a valid size.
Basically what the PHP's mcrypt does (not sure about the C-code) is that it extends the key data with 00 valued bytes if the key is smaller than 32 bytes, until it gets to the first legal AES key size. If the key is larger than 32 bytes it simply cuts it to 32 bytes. This is absolutely against any good practice with regards to handling keys.
So your AES key is likely just interpreted as 'SdRlCcZtE2ujlTZv5S3JZKN5bJvGQkrd', encoded as ASCII. This kind of key certainly does not provide the full security of AES-256 as the key reduces the key space significantly (with slightly more than 8 bytes if a 62 character alphabet is used, assuming each value within the alphabet is equally likely).
And note that MCRYPT_RIJNDAEL_256 is not AES, so you will only be able to decrypt it with libraries that support Rijndael with a block size of 256.
I have a function to encrypt and decrypt the data. I want to get the IV of the encrypted string while decrypting.
Is there any possible way to extract the iv of an encrypted string in php?
I am using php's mcrypt_encrypt function with RIJNDAEL_128.
The IV will not be included in the encrypted output. It is your responsibility to pass this IV value to whomever needs to decrypt your data.
A common approach is prepend the IV to the ciphertex, so that the first sixteen bytes will be the IV for your AES decryption operation.
As mentioned in the comments, IV values should be randomly generated. Hard-coding an IV will lessen the security of your system.
Short question: I have encrypted a string with AES-256 with the openssl commandline tool. How can I decrypt this with PHP's openssl library? (since Rijndael-256 and AES-256 are not the same, and there is no AES-256 option)
Thanks in advance,
Jori.
You should use MCRYPT_RIJNDAEL_128 instead of MCRYPT_RIJNDAEL_256 but you should use a 256 bit key, preferably the one you encrypted the data with.
The X in MCRYPT_RIJNDAEL_X is the block size of the cipher. Rijndael has several block and key sizes, but only Rijndael with a block size of 128 bits and a key size of 128, 192 or 256 bits (and the key size specific vectors and number of rounds) should be called AES.
Make sure you also match the encryption mode (the unsafe ECB or CBC encoding) and make sure your (un)padding is correct.
Shouldn't it be acceptable to use any routine to decrypt, as long as it decrypts AES-256?
Try this, previously seen on stackoverflow... it was just a google away... PHP AES encrypt / decrypt