Encrypt senders pvtkey with data and with recievers pubkey

11155 · December 29, 2009, 2:24pm

Hi All,

I wanted to ensure confidentiality by encrypting some information. I also wanted to maintain non-reputability by encrypting huge data with the senders private RSA key.

Here the data is first encrypted with Senders(lets say A) private key and then Recievers(lets say B) public key.To decrypt, 'B' is the only one who can decrypt the data, and he knows the data came from 'A' because A's public RSA key is also needed.

The following is the code:

require 'openssl'

reciever_public_key_file = 'reciever_public.pem' sender_public_key_file = 'sender_public.pem'

sender = OpenSSL::PKey::RSA.new(File.read(sender_public_key_file))

sender_public_key = sender.public_key

reciever = OpenSSL::PKey::RSA.new(File.read(reciever_public_key_file)) reciever_pub_key = reciever.public_key

password="vamsikrishna" sender_private_key = penSSL::PKey::RSA.new(File.read(private_key_file),password)

string = "Simple encryption example message hope some one may help, lets hope for better." #[Here the string may be huge data like a file also, for that i changed the below line to first_encrypted = sender.private_encrypt(File.read(string)) ]

first_encrypted = sender_private_key.private_encrypt(string) second_encrypted = reciever.public_encrypt(first_encrypted)

first_decrypted = reciever.private_decrypt(second_encrypted) second_decrypted = sender.public_decrypt(first_decrypted)

puts second_decrypted

But it throws an error: public_encrypt': data too large for key size (OpenSSL::PKey::RSAError)

Don't 've any idea right now to overcome this.And let me know where i'm going wrong.

Thanks VK.

M_Graff · December 30, 2009, 4:52pm

An RSA key can only encrypt data of a certain size, related to the key size. What you want to do is not what you are doing.

RSA is rarely used to encrypt data directly. Instead, a symmetric key (AES, 3DES, or other secure algorithm) is used to encrypt the data using a randomly generated key, and then that key is encrypted with RSA.

Might I suggest you stop doing what you are doing, and find a gem or other utility that does what you want it to do, and not write your own? Chances are you will get it wrong.

--Michael

GT1 · December 31, 2009, 4:03am

I wonder if you are mixing up public key and private key concepts. A sender uses a public key to encrypt data, and a receiver uses a private key to decrypt data.

Please check the following instruction. http://stuff-things.net/2007/06/11/encrypting-sensitive-data-with-ruby-on-rails/

Hope this will help.

Glen

11155 · December 31, 2009, 5:30am

Hey Michael,

what you said is correct, i had already completed the task a week ago using exactly what you mentioned and this is the link where the article is :

http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

I know, what i wanna achieve is some what complicated and bit confusing but its going to be more secure,so doing the best to accomplish

Thanks Michael and Glen

VK.

Aaron_Turner · January 1, 2010, 8:00pm

Excuse me for being blunt but, clearly you have no idea what you're doing regarding crypto, so unless you like introducing major security vulnerabilities by miss-using RSA, AES, etc I can not recommend strongly enough you stop what you're doing and follow two simple rules:

1) Use TLSv1 for secure network communication between hosts

2) Use PGP for securely encrypting files

People like to think "I used <insert name of well known encryption algorithm here> so I'm secure now" without understanding how easy it is to screw up. And no, reading a book like Applied Cryptography doesn't magically make you a crypto expert who can now avoid these mistakes. RSA especially is easy to use incorrectly and reduce its security to virtually nil.

Curtis1 · January 1, 2010, 8:12pm

Hi - I really value this response.

I'm curious about the PGP encryption of the files - who's key would you use?

Curtis1 · January 1, 2010, 8:13pm

Oh - and how would you store the keys.

Aaron_Turner · January 1, 2010, 11:22pm

You would store the key(s) on disk- just like the OP. Usually this is done in the PGP keyring.

Who's key you would use depend on who you're encrypting the file to & who you are signing it as.

Basically, PGP was made specifically for this use case. I can use PGP to encrypt a file to Jack (using Jack's public key) and sign it with my own private key so that Jack knows for certain that I sent him the file and nobody in between made any changes to it.

I don't know if ruby has PGP bindings or not, but you can always fall back to system().

Curtis1 · January 2, 2010, 3:56pm

werd.

thanks Aaron - I appreciate your response.