源文本，Go中用于加密/解密的密钥大小关系

In the code below (also at http://play.golang.org/p/77fRvrDa4A but takes "too long to process" in the browser there) the 124 byte version of the sourceText won't encrypt because: "message too long for RSA public key size" of 1024. It, and the longer 124 byte sourceText version, work with 2048 bit key size.

My question is how does one exactly calculate the key size in rsa.GenerateKey given the byte length of the source text? (A small paragraph size of text takes nearly 10 seconds at 4096 key size, and I don't know the length of the sourceText until runtime.)

There's a very brief discussion of this at https://stackoverflow.com/a/11750658/3691075, but it's not clear to me as I'm not a crypto guy.

My goal is to encrypt, store in a DB and decrypt about 300-byte long JSON strings. I control both the sending and the receiving end. Text is encrypted once, and decrypted many times. Any hints of strategy would be appreciated.

package main

import (
    "crypto/md5"
    "crypto/rand"
    "crypto/rsa"
    "fmt"
    "hash"
    "log"
    "time"
)

func main() {
     startingTime := time.Now()
     var err error
     var privateKey *rsa.PrivateKey
     var publicKey *rsa.PublicKey
     var sourceText, encryptedText, decryptedText, label []byte

    // SHORT TEXT 92 bytes
     sourceText = []byte(`{347,7,3,8,7,0,7,5,6,4,1,6,5,6,7,3,7,7,7,6,5,3,5,3,3,5,4,3,2,10,3,7,5,6,65,350914,760415,33}`)
     fmt.Printf("
sourceText byte length:
%d
", len(sourceText))

    // LONGER TEXT 124 bytes
    // sourceText = []byte(`{347,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,65,350914,760415,33}`)
    // fmt.Printf("
sourceText byte length:
%d
", len(sourceText))

    if privateKey, err = rsa.GenerateKey(rand.Reader, 1024); err != nil {
         log.Fatal(err)
    }

    // fmt.Printf("
privateKey:
%s
", privateKey)

    privateKey.Precompute()

    if err = privateKey.Validate(); err != nil {
         log.Fatal(err)
    }

     publicKey = &privateKey.PublicKey

     encryptedText = encrypt(publicKey, sourceText, label)
     decryptedText = decrypt(privateKey, encryptedText, label)

     fmt.Printf("
sourceText: 
%s
", string(sourceText))
     fmt.Printf("
encryptedText: 
%x
", encryptedText)
     fmt.Printf("
decryptedText: 
%s
", decryptedText)

     fmt.Printf("
Done in %v.

", time.Now().Sub(startingTime))
}

func encrypt(publicKey *rsa.PublicKey, sourceText, label []byte) (encryptedText []byte) {
     var err error
     var md5_hash hash.Hash
     md5_hash = md5.New()
     if encryptedText, err = rsa.EncryptOAEP(md5_hash, rand.Reader,           publicKey, sourceText, label); err != nil {
         log.Fatal(err)
     }
     return
}

func decrypt(privateKey *rsa.PrivateKey, encryptedText, label []byte) (decryptedText []byte) {
     var err error
     var md5_hash hash.Hash
     md5_hash = md5.New()
     if decryptedText, err = rsa.DecryptOAEP(md5_hash, rand.Reader, privateKey, encryptedText, label); err != nil {
         log.Fatal(err)
     }
     return
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
donglang7236 2015-06-01 16:33
关注
One does not usually calculate the RSA key size based on payload. One simply needs to select one RSA key size based on a compromise between security (bigger is better) and performance (smaller is better). If that is done, use hybrid encryption in conjunction with AES or another symmetric cipher to actually encrypt the data.

If the payload doesn't exceed 300 bytes and you're using OAEP (at least 42 bytes of padding), then you can easily calculate the minimum key size:

(300 + 42) * 8 = 2736 bit

That's already a reasonable size key. It provides good security according to today's norms and is fairly fast. There is no need to apply a hybrid encryption scheme for this.

Now, you may notice that the key size isn't a power of 2. This is not a problem. You should however use a key size that is a multiple of 64 bit, because processors use 32-bit and 64-bit primitives to do the actual calculation, so you can increase the security without a performance penalty. The next such key size would be:

ceil((300 + 42) * 8 / 64.0) * 64 = 2752 bit

Here are some experimental results what some languages/frameworks accept (not performance-wise) as the key size:

Golang: multiple of 1 bit and >= 1001 (sic!) [used ideone.com]

PyCrypto: multiple of 256 bit and >= 1024 [local install]

C#: multiple of 16 bit and >= 512 [used ideone.com]

Groovy: multiple of 1 bit and >= 512 [local install]

Java: multiple of 1 bit and >= 512 [used ideone.com: Java & Java7]

PHP/OpenSSL Ext: multiple of 128 bit and >= 640 [used ideone.com]

Crypto++: multiple of 1 bit and >= 16 [local install with maximal validation toughness of 3]

Before you decide to use some kind of specific key size, you should check that all frameworks support that size. As you see, there are vastly varying results.

I tried to write some performance tests of key generation, encryption and decryption with different key sizes: 512, 513, 514, 516, 520, 528, 544, 576. Since I don't know any go, it would be hard to get the timing right. So I settled for Java and Crypto++. The Crypto++ code is probably very buggy, because key generation for 520-bit and 528-bit keys is up to seven orders of magnitude faster than for the other key sizes which is more or less constant for the small key size window.

In Java the key generation was pretty clear in that the generation of a 513-bit key was 2-3 times slower than for a 512-bit key. Other than that the results are nearly linear. The graph is normalized and the numbers of iterations is 1000 for the full keygen-enc-dec cycle.

The decryption makes a little dip at 544-bit which is a multiple of 32-bit. Since it was executed on a 32-bit debian, this might mean that indeed there are some performance improvements, but on the other hand the encryption was slower for that key size.

Since this benchmark wasn't done in Go, I won't give any advice on how small the overhead can be.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

源文本，Go中用于加密/解密的密钥大小关系
2015-06-01 15:39

回答 1 已采纳 One does not usually calculate the RSA key size based on payload. One simply needs to select one R
已知RSA的模数和指数，如何实现加密/解密 c++
2021-12-21 17:11

回答 1 已采纳 RSA函数方式3.1 步骤 i. 生成RSA的key，包括三部分：公钥指数、私钥指数和模数（这些需要先了解一下RSA算法的原理） ii. 将这三个数存
Android加密/解密 android java php
2018-10-24 20:07

回答 1 已采纳 Let's start with basic stuff: never store an IV/KEY in the source code or unencrypted within the
memories:LINE的密钥恢复攻击，用于Android的聊天备份加密
2021-05-15 11:38

回忆LINE的密钥恢复攻击，用于Android的聊天备份加密。 LINE for Android具有将单个聊天备份到ZIP文件的功能。每个备份都包含纯文本图像和一个弱加密的聊天数据库，这些数据库最多可以在支持的CPU上恢复15分钟。...
PHP - 无论如何在PHP中加密/解密哈希？ [关闭] php
2017-06-08 11:40

回答 2 已采纳 Hashing algorithms are not encryption algorithms. Hashing algorithms have the following principles
如何在Go中使用RSA密钥加密和解密纯文本？
2013-01-18 17:56

回答 1 已采纳 Keep in mind that RSA is not designed to be a block cipher. Usually RSA is used to encrypt a symm
加密/解密数据php php
2016-12-28 17:36

回答 1 已采纳 The problem is this lines //for decrypt almost the same thing $password = $_POST['password'];
DevOps - （3）使用SOPS 和Terraform来加密/解密敏感信息文件
2023-05-31 10:32

Proficloud&Greenpro的博客每个人都想将自己的敏感数据以加密格式存储在一个安全的地方。...让我们利用Mozilla ...SOPS是一个加密文件编辑器，支持YAML, JSON, ENV, INI和BINARY格式，并可以通过AWS KMS, GCP KMS, Azure密钥库、PGP、age等加密。
尝试使用PHP OpenSSL_encrypt / OpenSSL_decrypt加密/解密数据 php
2017-12-10 17:45

回答 1 已采纳 Constants do not require the $ suffix that a variable name does. So simply remove the $ from your
Cookie加密/解密 php
2014-01-17 01:57

回答 1 已采纳 Storing the password in the cookie itself is a really bad idea, don't do that. At a very high lev
如何使用libsodium php使用salt加密/解密密码 php
2017-05-23 09:59

回答 2 已采纳 If you dont need specifically use libsodium, with this function you should be able to store the da
对称加密AES代码实现，实现文件加密与解密
2021-07-04 18:09

程序员界的小趴菜的博客 1、建立两个文件jiami.py ...import operator # 导入 operator，用于比较原始数据与加解密后的数据 import time from argparse import ArgumentParser AES_BLOCK_SIZE = AES.block_size # AES 加密数据块大小, 只能
如何在RSA体制中，试求出解密密钥d和密文C？其他
2021-11-11 23:20

回答 1 已采纳 1、第一步求欧拉函数，其值为φ(N) =（p-1）(q-1)=20，其中N＝pq＝33；2、第二步求私钥，de = 1 mod 20，利用辗转相除法或者试算，可以得到d = 3；3、第三步计算密文，C
Golang：加密解密算法
2021-11-15 09:15

owenzhang24的博客我参与11月更文挑战的第9天，活动详情查看：2021最后一次更文挑战给大家看看我上个月获得奖品吧哈哈哈 0. 摘要在项目开发过程中,当操作...当需要读取数据时,把加密后的数据取出来,再通过算法解密. 1. 关于...
Golang AES 加密解密
2021-06-08 16:08

dodod2012的博客对称加密 AES 算法（Advanced Encryption Standard ,AES）优点算法公开、计算量小、加密速度快、加密效率高。缺点发送方和接收方必须商定好密钥，然后使双方都能保存好密钥，密钥管理成为双方...
没有解决我的问题, 去提问

悬赏问题

¥15 安卓adb backup备份应用数据失败
¥15 eclipse运行项目时遇到的问题
¥15 关于#c##的问题：最近需要用CAT工具Trados进行一些开发
¥15 南大pa1 小游戏没有界面，并且报了如下错误，尝试过换显卡驱动，但是好像不行
¥15 没有证书，nginx怎么反向代理到只能接受https的公网网站
¥50 成都蓉城足球俱乐部小程序抢票
¥15 yolov7训练自己的数据集
¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)（相关搜索：51单片机|单片机|测试代码）
¥15 电力市场出清matlab yalmip kkt 双层优化问题
¥30 ros小车路径规划实现不了，如何解决？(操作系统-ubuntu)

源文本，Go中用于加密/解密的密钥大小关系

1条回答 默认 最新

悬赏问题

1条回答默认最新