1

I am new to cryptography, so please excuse any "obvious" beginner mistakes.

I need to send a file larger than one MB to Bob, but my RSA keys are only 1024 bit large. I believe this means I can't use it to encrypt the data.

I know the public key of Bob. Can I create a certificate with his public key, so that Bob can then decrypt the data using his private key?

Or am I on the completely wrong track?

David_helo
  • 113
  • 3
  • 2
    I suggest you to read about [GnuPG](https://www.gnupg.org/), and the basics of public-key cryptography. –  Oct 09 '19 at 10:09
  • I also edited your question. Please feel free to roll back to your own version should you feel like I misunderstood your question. –  Oct 09 '19 at 10:28
  • Why do you want to encrypt a file with RSA? That's not what it is intrended for. – schroeder Oct 09 '19 at 12:19

1 Answers1

5

In theory, this can be done with an additional layer of encryption:

  1. Generate a key of appropriate length

  2. Encrypt the message (file) with a symmetric-key algorithm using this key

  3. Encrypt this key with an asymmetric-key encryption using Bob's public key

If you then send the encrypted file and encrypted key to Bob, he will be able to decrypt the key and then the file using this key.

This approach is implemented in most cryptography software. From the user's point of view, you choose the file and the key of the recipient, and get the encrypted file which usually contains metadata (e.g. public key hash), so the recipient (or any other person) may check whether he has the correct private key without actually decrypting the data.

This scheme combines the obvious benefits of public-key cryptography with the speed of symmetric-key encryption (asymmetric encryption is considerably slower).

As A. Hersean pointed out, you should not implement this scheme from scratch (unless this is your homework assignment, or you are just curious), but rely on widely-used packages like GnuPG. This software often includes GUI, so it can be used by a beginner.

lpVoid
  • 66
  • 3
  • ...And make many mistakes in the way because you are reinventing the wheel without expertise. Mistakes that *will* defeat your objective. Instead, the OP should use existing software such as GnuPG or Libsodium, and RTFM (*read the fucking manual*) before using them. – A. Hersean Oct 09 '19 at 12:15
  • Correct. I tried to explain the theory, how do you encrypt large messages with short RSA keys. – lpVoid Oct 09 '19 at 14:38
  • Then maybe you could edit your answer, to explain that it's how is works in theory, but that in practice there are many more details, so using existing high-level software written by experts is the way to go (this means avoiding openssl). – A. Hersean Oct 09 '19 at 14:54
  • 1
    Done. (I think the OP is asking about the theory.) – lpVoid Oct 09 '19 at 15:39