1

test.iso is a large file ,almost as large as 3G.

ls -al test.iso
-rw-r--r-- 1 debian8 debian8 3076767744 Apr 21 10:56 test.iso

1.Encrypting with gpg. I created pub key and provate key for person1.

gpg   --gen-key
gpg --list-keys
/home/debian8/.gnupg/pubring.gpg
pub   2048R/410AA390 2017-04-20
uid                  person1 (person1) <person1@qq.com>
sub   2048R/FB3A9563 2017-04-20

pub   1024R/C612A324 2017-04-20
uid                  person2 (person2) <person2@qq.com>
sub   1024R/F4E12749 2017-04-20

Now to encrypt it with person2' pub key.

time gpg  -r  C612A324 -o test.iso.gpgasc --encrypt test.iso
real    2m28.337s
user    2m3.752s
sys 0m3.520s

It cost me 2.28 minutes to encrypt the test.iso,i want to do the same task with openssl.

2.Encypting with openssl

openssl genrsa -out private.pem 1024 
openssl rsa -in private.pem -pubout -out public.pem
openssl rsautl -encrypt -pubin -inkey public.pem -in test.iso   -out test.iso.opensslasc

RSA operation error
139916816565904:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:153:

1.Does it mean that gpg is better than openssl to encrypt large file?
2.How to fix my openssl command to encrypt with RSA method?

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
showkey
  • 113
  • 6
  • 3
    gnupg does not encrypt the message with RSA, only the key. And the problem you see with openssl is decribed in [RSA maximum bytes to encrypt, comparison to AES in terms of security?](https://security.stackexchange.com/questions/33434/rsa-maximum-bytes-to-encrypt-comparison-to-aes-in-terms-of-security). Also, changed tag openssh to openssl and added tag rsa. – Steffen Ullrich Apr 21 '17 at 14:36
  • Commandline openssl supports CMS/S/MIME with the `smime` and `cms` commands, including hybrid encryption similar to PGP: the data is symmetrically encrypted under a nonce key (DEK) which is RSA-encrypted under the recipient's X.509 certificate (vs the recipient's signed-public-key for PGP). Note OpenSSL S/MIME always and CMS by default base64-encodes the output making it about 33% larger; GPG does this if you use `-a/--armor` but not by default. – dave_thompson_085 Apr 22 '17 at 04:12

0 Answers0