Rails - Dec 2009 - Encrypt senders pvtkey with data and with recievers pubkey

Hi All,

I wanted to ensure confidentiality by encrypting some information.  I
also wanted to maintain non-reputability by encrypting huge data with
the senders
private RSA key.

Here the data is first encrypted with Senders(lets say A)
private key and then Recievers(lets say B) public key.To decrypt,
''B'' is
the only one who can decrypt the data, and he knows the data came from
''A'' because A''s public RSA key is also needed.

The following is the code:

require ''openssl''

reciever_public_key_file = ''reciever_public.pem''
sender_public_key_file = ''sender_public.pem''

sender = OpenSSL::PKey::RSA.new(File.read(sender_public_key_file))

sender_public_key = sender.public_key

reciever = OpenSSL::PKey::RSA.new(File.read(reciever_public_key_file))
reciever_pub_key = reciever.public_key

password="vamsikrishna"
sender_private_key penSSL::PKey::RSA.new(File.read(private_key_file),password)

string = "Simple encryption example message hope some one may help, lets
hope for better."
#[Here the string may be huge data like a file also, for that i changed
the below line to first_encrypted sender.private_encrypt(File.read(string)) ]

first_encrypted = sender_private_key.private_encrypt(string)
second_encrypted = reciever.public_encrypt(first_encrypted)

first_decrypted = reciever.private_decrypt(second_encrypted)
second_decrypted = sender.public_decrypt(first_decrypted)

puts second_decrypted


But it throws an error:
public_encrypt'': data too large for key size (OpenSSL::PKey::RSAError)


Don''t ''ve any idea right now to overcome this.And let me know
where i''m
going wrong.


Thanks
VK.
-- 
Posted via http://www.ruby-forum.com/.

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

An RSA key can only encrypt data of a certain size, related to the key
size.  What you want to do is not what you are doing.

RSA is rarely used to encrypt data directly.  Instead, a symmetric key
(AES, 3DES, or other secure algorithm) is used to encrypt the data
using a randomly generated key, and then that key is encrypted with
RSA.

Might I suggest you stop doing what you are doing, and find a gem or
other utility that does what you want it to do, and not write your
own?  Chances are you will get it wrong.

--Michael

On Tue, Dec 29, 2009 at 08:24, Vamsi Krishna
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
> Hi All,
>
> I wanted to ensure confidentiality by encrypting some information.  I
> also wanted to maintain non-reputability by encrypting huge data with
> the senders
> private RSA key.
>
> Here the data is first encrypted with Senders(lets say A)
> private key and then Recievers(lets say B) public key.To decrypt,
''B'' is
> the only one who can decrypt the data, and he knows the data came from
> ''A'' because A''s public RSA key is also needed.
>
> The following is the code:
>
> require ''openssl''
>
> reciever_public_key_file = ''reciever_public.pem''
> sender_public_key_file = ''sender_public.pem''
>
> sender = OpenSSL::PKey::RSA.new(File.read(sender_public_key_file))
>
> sender_public_key = sender.public_key
>
> reciever = OpenSSL::PKey::RSA.new(File.read(reciever_public_key_file))
> reciever_pub_key = reciever.public_key
>
> password="vamsikrishna"
> sender_private_key >
penSSL::PKey::RSA.new(File.read(private_key_file),password)
>
> string = "Simple encryption example message hope some one may help,
lets
> hope for better."
> #[Here the string may be huge data like a file also, for that i changed
> the below line to first_encrypted >
sender.private_encrypt(File.read(string)) ]
>
> first_encrypted = sender_private_key.private_encrypt(string)
> second_encrypted = reciever.public_encrypt(first_encrypted)
>
> first_decrypted = reciever.private_decrypt(second_encrypted)
> second_decrypted = sender.public_decrypt(first_decrypted)
>
> puts second_decrypted
>
>
> But it throws an error:
> public_encrypt'': data too large for key size
(OpenSSL::PKey::RSAError)
>
>
> Don''t ''ve any idea right now to overcome this.And let me
know where i''m
> going wrong.
>
>
> Thanks
> VK.
> --
> Posted via http://www.ruby-forum.com/.
>
> --
>
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>


-- 
(Ruby, Rails, Random) blog:  http://skandragon.blogspot.com/

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

I wonder if you are mixing up public key and private key concepts.
A sender uses a public key to encrypt data, and a receiver uses a
private key to decrypt data.

Please check the following instruction.
http://stuff-things.net/2007/06/11/encrypting-sensitive-data-with-ruby-on-rails/

Hope this will help.


Glen

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Hey Michael,

 what you said is correct, i had already completed the task a week ago 
using exactly what you mentioned and this is the link where the article 
is :

http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/

I know, what i wanna achieve is some what complicated and bit confusing 
but its going to be more secure,so doing the best to accomplish ;)

Thanks Michael and  Glen :)

VK.
-- 
Posted via http://www.ruby-forum.com/.

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Tue, Dec 29, 2009 at 6:24 AM, Vamsi Krishna
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
> Hi All,
>
> I wanted to ensure confidentiality by encrypting some information.  I
> also wanted to maintain non-reputability by encrypting huge data with
> the senders
> private RSA key.
>
> Here the data is first encrypted with Senders(lets say A)
> private key and then Recievers(lets say B) public key.To decrypt,
''B'' is
> the only one who can decrypt the data, and he knows the data came from
> ''A'' because A''s public RSA key is also needed.
>
> The following is the code:
>
> require ''openssl''
>
> reciever_public_key_file = ''reciever_public.pem''
> sender_public_key_file = ''sender_public.pem''
>
> sender = OpenSSL::PKey::RSA.new(File.read(sender_public_key_file))
>
> sender_public_key = sender.public_key
>
> reciever = OpenSSL::PKey::RSA.new(File.read(reciever_public_key_file))
> reciever_pub_key = reciever.public_key
>
> password="vamsikrishna"
> sender_private_key >
penSSL::PKey::RSA.new(File.read(private_key_file),password)
>
> string = "Simple encryption example message hope some one may help,
lets
> hope for better."
> #[Here the string may be huge data like a file also, for that i changed
> the below line to first_encrypted >
sender.private_encrypt(File.read(string)) ]
>
> first_encrypted = sender_private_key.private_encrypt(string)
> second_encrypted = reciever.public_encrypt(first_encrypted)
>
> first_decrypted = reciever.private_decrypt(second_encrypted)
> second_decrypted = sender.public_decrypt(first_decrypted)
>
> puts second_decrypted
>
>
> But it throws an error:
> public_encrypt'': data too large for key size
(OpenSSL::PKey::RSAError)
>
>
> Don''t ''ve any idea right now to overcome this.And let me
know where i''m
> going wrong.
Excuse me for being blunt but, clearly you have no idea what you''re
doing regarding crypto, so unless you like introducing major security
vulnerabilities by miss-using RSA, AES, etc I can not recommend
strongly enough you stop what you''re doing and follow two simple
rules:

1) Use TLSv1 for secure network communication between hosts

2) Use PGP for securely encrypting files

People like to think "I used <insert name of well known encryption
algorithm here> so I''m secure now" without understanding how
easy it
is to screw up.  And no, reading a book like Applied Cryptography
doesn''t magically make you a crypto expert who can now avoid these
mistakes.  RSA especially is easy to use incorrectly and reduce its
security to virtually nil.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Hi - I really value this response.

 I''m curious about the PGP encryption of the files - who''s key
would you use?


On Fri, Jan 1, 2010 at 1:00 PM, Aaron Turner
<synfinatic-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Tue, Dec 29, 2009 at 6:24 AM, Vamsi Krishna
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:
>> Hi All,
>>
>> I wanted to ensure confidentiality by encrypting some information.  I
>> also wanted to maintain non-reputability by encrypting huge data with
>> the senders
>> private RSA key.
>>
>> Here the data is first encrypted with Senders(lets say A)
>> private key and then Recievers(lets say B) public key.To decrypt,
''B'' is
>> the only one who can decrypt the data, and he knows the data came from
>> ''A'' because A''s public RSA key is also
needed.
>>
>> The following is the code:
>>
>> require ''openssl''
>>
>> reciever_public_key_file = ''reciever_public.pem''
>> sender_public_key_file = ''sender_public.pem''
>>
>> sender = OpenSSL::PKey::RSA.new(File.read(sender_public_key_file))
>>
>> sender_public_key = sender.public_key
>>
>> reciever = OpenSSL::PKey::RSA.new(File.read(reciever_public_key_file))
>> reciever_pub_key = reciever.public_key
>>
>> password="vamsikrishna"
>> sender_private_key >>
penSSL::PKey::RSA.new(File.read(private_key_file),password)
>>
>> string = "Simple encryption example message hope some one may
help, lets
>> hope for better."
>> #[Here the string may be huge data like a file also, for that i changed
>> the below line to first_encrypted >>
sender.private_encrypt(File.read(string)) ]
>>
>> first_encrypted = sender_private_key.private_encrypt(string)
>> second_encrypted = reciever.public_encrypt(first_encrypted)
>>
>> first_decrypted = reciever.private_decrypt(second_encrypted)
>> second_decrypted = sender.public_decrypt(first_decrypted)
>>
>> puts second_decrypted
>>
>>
>> But it throws an error:
>> public_encrypt'': data too large for key size
(OpenSSL::PKey::RSAError)
>>
>>
>> Don''t ''ve any idea right now to overcome this.And let
me know where i''m
>> going wrong.
>
> Excuse me for being blunt but, clearly you have no idea what
you''re
> doing regarding crypto, so unless you like introducing major security
> vulnerabilities by miss-using RSA, AES, etc I can not recommend
> strongly enough you stop what you''re doing and follow two simple
> rules:
>
> 1) Use TLSv1 for secure network communication between hosts
>
> 2) Use PGP for securely encrypting files
>
> People like to think "I used <insert name of well known encryption
> algorithm here> so I''m secure now" without understanding
how easy it
> is to screw up.  And no, reading a book like Applied Cryptography
> doesn''t magically make you a crypto expert who can now avoid these
> mistakes.  RSA especially is easy to use incorrectly and reduce its
> security to virtually nil.
>
> --
> Aaron Turner
> http://synfin.net/
> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
>    -- Benjamin Franklin
> "carpe diem quam minimum credula postero"
>
> --
>
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Oh - and how would you store the keys.


On Fri, Jan 1, 2010 at 1:12 PM, Curtis Jennings Schofield
<curtis.schofield-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hi - I really value this response.
>
>  I''m curious about the PGP encryption of the files -
who''s key would you use?
>
>
> On Fri, Jan 1, 2010 at 1:00 PM, Aaron Turner
<synfinatic-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> On Tue, Dec 29, 2009 at 6:24 AM, Vamsi Krishna
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:
>>> Hi All,
>>>
>>> I wanted to ensure confidentiality by encrypting some information.
 I
>>> also wanted to maintain non-reputability by encrypting huge data
with
>>> the senders
>>> private RSA key.
>>>
>>> Here the data is first encrypted with Senders(lets say A)
>>> private key and then Recievers(lets say B) public key.To decrypt,
''B'' is
>>> the only one who can decrypt the data, and he knows the data came
from
>>> ''A'' because A''s public RSA key is also
needed.
>>>
>>> The following is the code:
>>>
>>> require ''openssl''
>>>
>>> reciever_public_key_file = ''reciever_public.pem''
>>> sender_public_key_file = ''sender_public.pem''
>>>
>>> sender = OpenSSL::PKey::RSA.new(File.read(sender_public_key_file))
>>>
>>> sender_public_key = sender.public_key
>>>
>>> reciever =
OpenSSL::PKey::RSA.new(File.read(reciever_public_key_file))
>>> reciever_pub_key = reciever.public_key
>>>
>>> password="vamsikrishna"
>>> sender_private_key >>>
penSSL::PKey::RSA.new(File.read(private_key_file),password)
>>>
>>> string = "Simple encryption example message hope some one may
help, lets
>>> hope for better."
>>> #[Here the string may be huge data like a file also, for that i
changed
>>> the below line to first_encrypted >>>
sender.private_encrypt(File.read(string)) ]
>>>
>>> first_encrypted = sender_private_key.private_encrypt(string)
>>> second_encrypted = reciever.public_encrypt(first_encrypted)
>>>
>>> first_decrypted = reciever.private_decrypt(second_encrypted)
>>> second_decrypted = sender.public_decrypt(first_decrypted)
>>>
>>> puts second_decrypted
>>>
>>>
>>> But it throws an error:
>>> public_encrypt'': data too large for key size
(OpenSSL::PKey::RSAError)
>>>
>>>
>>> Don''t ''ve any idea right now to overcome this.And
let me know where i''m
>>> going wrong.
>>
>> Excuse me for being blunt but, clearly you have no idea what
you''re
>> doing regarding crypto, so unless you like introducing major security
>> vulnerabilities by miss-using RSA, AES, etc I can not recommend
>> strongly enough you stop what you''re doing and follow two
simple
>> rules:
>>
>> 1) Use TLSv1 for secure network communication between hosts
>>
>> 2) Use PGP for securely encrypting files
>>
>> People like to think "I used <insert name of well known
encryption
>> algorithm here> so I''m secure now" without
understanding how easy it
>> is to screw up.  And no, reading a book like Applied Cryptography
>> doesn''t magically make you a crypto expert who can now avoid
these
>> mistakes.  RSA especially is easy to use incorrectly and reduce its
>> security to virtually nil.
>>
>> --
>> Aaron Turner
>> http://synfin.net/
>> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix
& Windows
>> Those who would give up essential Liberty, to purchase a little
temporary
>> Safety, deserve neither Liberty nor Safety.
>>    -- Benjamin Franklin
>> "carpe diem quam minimum credula postero"
>>
>> --
>>
>> You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
>> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
>>
>>
>>
>
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

You would store the key(s) on disk- just like the OP.   Usually this
is done in the PGP keyring.

Who''s key you would use depend on who you''re encrypting the
file to &
who you are signing it as.

Basically, PGP was made specifically for this use case.   I can use
PGP to encrypt a file to Jack (using Jack''s public key) and sign it
with my own private key so that Jack knows for certain that I sent him
the file and nobody in between made any changes to it.

I don''t know if ruby has PGP bindings or not, but you can always fall
back to system().

On Fri, Jan 1, 2010 at 12:13 PM, Curtis Jennings Schofield
<curtis.schofield-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Oh - and how would you store the keys.
>
>
> On Fri, Jan 1, 2010 at 1:12 PM, Curtis Jennings Schofield
> <curtis.schofield-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> Hi - I really value this response.
>>
>>  I''m curious about the PGP encryption of the files -
who''s key would you use?

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

werd.

thanks Aaron - I appreciate your response.


On Fri, Jan 1, 2010 at 4:22 PM, Aaron Turner
<synfinatic-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> You would store the key(s) on disk- just like the OP.   Usually this
> is done in the PGP keyring.
>
> Who''s key you would use depend on who you''re encrypting
the file to &
> who you are signing it as.
>
> Basically, PGP was made specifically for this use case.   I can use
> PGP to encrypt a file to Jack (using Jack''s public key) and sign
it
> with my own private key so that Jack knows for certain that I sent him
> the file and nobody in between made any changes to it.
>
> I don''t know if ruby has PGP bindings or not, but you can always
fall
> back to system().
>
> On Fri, Jan 1, 2010 at 12:13 PM, Curtis Jennings Schofield
> <curtis.schofield-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> Oh - and how would you store the keys.
>>
>>
>> On Fri, Jan 1, 2010 at 1:12 PM, Curtis Jennings Schofield
>> <curtis.schofield-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>> Hi - I really value this response.
>>>
>>>  I''m curious about the PGP encryption of the files -
who''s key would you use?
>
>
> --
> Aaron Turner
> http://synfin.net/
> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
>    -- Benjamin Franklin
> "carpe diem quam minimum credula postero"
>
> --
>
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.