0

I am implementing a server that contains most of the information the clients have to retrieve. Sensitive information has to be exchanged between client and server, and due to this, I would like to have this information encrypted.

I came up with the idea of encrypting all sensitive information using RSA (PKCS1_OAEP) by having every client and server generating and exchanging their public keys to encrypt, and to be decrypted by the receiver.

What is the catch here? Is it unsafe to do this?

I understand https exists, I am just wondering about this solution.

I understand size is a "limitation", but one way of going around this is encrypting packets, then joining all the packets in a single string to then be decrypted in the same way.

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • This will let you encrypt data on the order of a few hundred bytes (depending on key size). RSA encryption is used for small inputs (eg: a symmetric key or a hash), not for large amounts of data. You should **absolutely not** do this. Use TLS instead, that's what it's there for (it also provides more than just encryption) – Marc Aug 22 '20 at 06:41
  • I have edited my question due to your comment, what do you think? I thought of another way which is somewhat related with what you said: Encrypting all sensitive data with a hash, and then encrypting this hash in the heather using RSA. What is your opinion on this? – Diogo Landau Aug 22 '20 at 06:55
  • 1
    @DiogoLandau: I really recommend to not start with practically no real knowledge in crypto, but invent your own crypto scheme here and refine it on feedback. Instead look at the design of existing schemes, assume that there is a reason they were designed this way and try to understand the reason for the particular design details. Crypto is not a trivial thing. – Steffen Ullrich Aug 22 '20 at 06:58
  • 1
    Still don't do it, please read Steffen's answer for why. And "encrypting with a hash" doesn't mean anything, at best that would be "encrypting the hash output with the RSA private key", which is a signature, not encryption, you can't get the data back. Given your level of understanding of this, I recommend using commonly-used and proven protocols such as TLS. A lot of people have gone through the trouble of making this work well, you won't do better. – Marc Aug 22 '20 at 06:58
  • Absolutely right, its just that I was trying to implement security without a good background in in this topic! What would youh recommend as good reading material on this topic, and how would you recommend I encrypt the data? – Diogo Landau Aug 22 '20 at 07:03
  • I recommend you start by reading about [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) to see what it provides and how it works. Then use that for privacy (encryption), data integrity (signatures), and authentication (either just the server, or both parties). – Marc Aug 22 '20 at 07:06

1 Answers1

1

Just don't do it, for many reasons:

  • RSA by itself should not be used to encrypt many bytes - RSA maximum bytes to encrypt, comparison to AES in terms of security?
  • Assuming that you are using RSA together with a symmetric cipher as it is usually case the (in)security depends on the details - i.e. symmetric algorithm, key size, integrity protection etc. There are many pitfalls here.
  • Apart from that the RSA keys not only need to be exchanged first but also each has to be sure that it has the correct key of the peer and not the key of some man in the middle who injected itself during the key exchange.
  • And it does not provide any forward secrecy, i.e. once a key is compromised (private key leaked) all previous messages can be decrypted.

And these are only the more obvious points. Crypto is a really complex issue and even experts get it wrong. Don't even try to design your own system unless you understand the design of established systems and why they were done this way.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Thank you for your response! What would you recommend I read about to help me in my situation? – Diogo Landau Aug 22 '20 at 07:05
  • @DiogoLandau: *"... help me in my situation?"* - This depends on your goal. If you just want to use use encryption use established methods with existing libraries, i.e. use TLS for transport encryption etc. If you want to learn about crypto read books like the classic Applied Cryptography. If you want help with a specific problem then describe the problem and threat vectors as detailed as possible. – Steffen Ullrich Aug 22 '20 at 07:10