0

Diffie-Hellman won't really work here, since only one side has a public key, one side has the private. It must be this way to prevent decryption when the data is at-rest on one of the sides before transmission.

Currently, I am using RSA-2048 only, which limits the payload size to 245 bytes. I want to support much larger sizes of data, so a RSA/AES hybrid makes sense.

I know that it would work if I generate a random AES key, encrypt that AES key using the RSA public key, encrypt the real payload using the AES key, and then serialize them in sequence (this has to be transmitted as one chunk) like so...

<RSA-encrypted-AES-key> <some-delimiter> <data-encrypted-with-AES>

My question is... should I just use the above format with the delimiter? Seems pretty straight forward. Perhaps there is a more standard / expected way to serialize these two together?

Wisteso
  • 101
  • 1
    I don't think you need a standard. In this case, you can concatenate it the way you want, use JSON, XML, use MIME Encoding, whatever works for you. – ThoriumBR Aug 06 '20 at 15:51
  • 1
    I'm not even sure that you need a delimiter if the encrypted key is the same size every time. – user Aug 06 '20 at 15:56
  • good point on fixed size. might use one just in case we want longer keys alter – Wisteso Aug 06 '20 at 16:59
  • 1
    RSA-KEM little explanation, [here](https://crypto.stackexchange.com/a/76090/18298) or [rfc5990](https://tools.ietf.org/html/rfc5990) – kelalaka Aug 06 '20 at 17:08
  • RFC 5990 looks interesting. Though it seems to expect both sides to have their own public/private key (so two sets total), while the approach I'm using is uni-directional so there is only one set. – Wisteso Aug 06 '20 at 18:02
  • Does it two way communication? – kelalaka Aug 06 '20 at 18:20
  • 1
    Dupe https://security.stackexchange.com/questions/233290/ and https://security.stackexchange.com/questions/233293/ . Also remember Stevens: "the great thing about standards is there are so many to choose from". – dave_thompson_085 Aug 07 '20 at 03:02
  • Thanks, Dave. That’s exactly what I was looking for. Had no luck searching for it myself somehow. – Wisteso Aug 08 '20 at 01:51

0 Answers0