2

I wish to have my server encrypt messages to clients who have each provided the server with an RSA public key, as well as having the clients authenticate their messages to the server using their matching private key. Before starting development—to help me and the other developers understand what would be involved—I created toy scripts that performed each step using OpenSSL (v0.9.8zg July 2015).

When figuring out what the OpenSSL commands would be, I used this page as a reference, but it left me with two questions:

  1. Why is the generated key used for AES-256 encoded in Base64 prior to its use in AES-256 and its encryption under RSA?
  2. Is it even safe to encrypt a 256-bit key without knowing how large the RSA key is? According to this answer, if it’s a 2048-bit RSA key, at most I would be able to use AES-192. (As pointed out by @AgentME, this was based on a misreading of that answer.)
Community
  • 1
Jason Whittle
  • 195
  • 1
  • 8
  • About point #2: you're mixing up bits and bytes. "the maximum size of data which can be encrypted with RSA is 245 bytes" is more than enough for a 256-bit key for AES. – Macil Mar 29 '16 at 23:33
  • Thank you, @AgentME, I have struck the second question as based on an incorrect reading. – Jason Whittle Mar 30 '16 at 00:31

1 Answers1

3

Short answer: because it isn't actually a key, it's a password, and passwords have to be made up of printable characters.

In this line, which encrypts the file:

openssl enc -aes-256-cbc -salt -in SECRET_FILE -out SECRET_FILE.enc -pass file:./key.bin

the -pass file:filename option to the openssl enc command is used for passing in a password or passphrase, not for passing in the actual 256-bit AES key that the file will be encrypted with. The key itself is derived from the password by OpenSSL using a key derivation algorithm.

In the example you posted, key.bin very much looks like it could be a binary encryption key, but it's actually just a very misleadingly named file.

The reason for generating a encryption password like they are doing is that if the password does not have to be remembered by a user or typed in (in this case it's being stored in a file encrypted using an RSA public key), you may as well generate a random one with the same number of bits of entropy as the key that will be derived from it (any more is a waste of time), to make it as strong as possible.

samgak
  • 2,058
  • 1
  • 8
  • 11