8

I am wanting to encrypt a file with my public key, my friend told me that this is not a good idea but did not explain why. Can someone explain please.

Anders
  • 64,406
  • 24
  • 178
  • 215
Kōdo no musō-ka
  • 315
  • 4
  • 11
  • Public key cryptography is generally slower than symmetric cryptography, and unless the person doing the encrypting and the person doing the decryption are different there is no point in using it. In fact, when using public key cryptography it is common to only encrypt a symmetric key with it, that in turn is used to encrypt the data being sent. – Anders Apr 29 '16 at 13:39
  • It's not possible. Public key cryptography can only encrypt data _up to the size of the key_. – Boris the Spider Apr 29 '16 at 14:28
  • @BoristheSpider there are hybrid ways of using RSA on large files http://www.czeskis.com/random/openssl-encrypt-file.html – schroeder Apr 29 '16 at 15:42
  • @schroeder yes, of course. But that isn't "_encrypt[ing] a file with my public key_" at all. It's encrypting a file with a symmetric key and then encrypting that key with your asymmetric key. – Boris the Spider Apr 29 '16 at 15:44
  • @BoristheSpider Yeah, but that's what people mean when say "encrypting a file with my public key". If you actually use RSA on anything larger than a couple kb, then you're an idiot. – Mike Ounsworth Apr 30 '16 at 15:06
  • Given that the answers here have more upvotes, I am voting to close the other question as a duplicate of this one. – Mike Ounsworth Apr 30 '16 at 15:09

3 Answers3

8

Your friend is correct in that private key encryption is not the tool for the job. This answer on Cryptography.SE does a good job of explaining why. Some highlights:

Any public-key encryption schemes is bound to increase the size of the data that it enciphers.

While there are more efficient schemes, it is safe to say that a symmetric scheme is orders of magnitude faster and less power hungry than an asymmetric one, at least for decryption.

Private key cryptography is used when the person doing the encryption is different from the person doing the decryption - a situation symmetric cryptography can not handle if the parties can not easily exchange keys.

When private key cryptography is used for transfering larger volumes of data (like in TLS), you normally first encrypt the data with a random symmetric key. Then you encrypt the symmetric key with the recievers public key so that they and nobody else will be able to read it and decrypt the data.

Community
  • 1
Anders
  • 64,406
  • 24
  • 178
  • 215
7

Asymmetric cryptography has two common use cases:

  • Encryption: You process a message or file with the public key of somebody else. Only he/she can decrypt it with his/her private key.
  • Signature: You process a message or file with your own private key. The message or file itself can be transmitted unencrypted. It is common to process/sign only a hash of the message/file. Thus everybody can verify with your public key that it was processed by you, because only you (should) have access to your private key.

Encrypting a file with your own public key is none of the above use cases. It doesn't make sense if you store that encrypted file on your computer, because a hacker on your computer can have access to your private key as well.

But your idea makes totally sense, if you want to store your file (for example a backup) on a less secure cloud storage, but keep your private key as secret as it should be. A hacker who breaks in into your cloud storage cannot decrypt the file without breaking in also into your computer.

In short, if you keep your private key separate from your encrypted file I don't see any disadvantage.

Fred42vid
  • 193
  • 3
  • If you use a cryptographically sound storage device for your key its even a smart and easy way, such a device like a smart card or alike can do this for you. – LvB Apr 29 '16 at 12:23
  • I don't understand why the key management problem (where to store the private or symmetric key) is a factor here? It is an important question, sure, but I don't understand why it would be a factor when deciding between private key or symmetric encryption. – Anders Apr 29 '16 at 13:42
  • I think your conclusion that there is no disadvantage is incorrect. See my answer. – Anders Apr 29 '16 at 13:49
  • You're also forgetting that asymmetric crypto is incredibly slow on large data sets. Algorithms such as RSA have a requirement that the data being "encrypted" is smaller than the key. Trying to encrypt even a few tens of kilobytes would take a huge amount of computing time. By comparison, symmetric algorithms are incredibly fast. – Polynomial Apr 29 '16 at 14:33
  • @Polynomial I often read "incredibly slow", instead of a specific factor, which is understandable, since it's said to be not directly comparable. However, [an SO answer](http://stackoverflow.com/a/118488/3041008) suggests symmetric crypto is in the ballpark of being 1000x faster than asymmetric crypto. – mucaho Apr 29 '16 at 21:12
-1

The only disadvantage of Public key encryption is a key distribution problem: if you need to verify/check your file by multiple software instances, i.e. you're signing an upgrade patch, it's a problem to pass your key untampered to the clients, so forging/MitM will be impossible.

If you're about to just encrypt a file - I'd recommend you to use a symmetric key algorithm like AES, because it's hardware accelerated nowadays, almost everywhere. If someone will break in to your cloud or FTP storage and have a file - it will still have the same problem: the decryption key, and if the hacker will break into your PC - it will have full keyset either way. AES256, for example, will be just a way faster to do.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11