search

hohl / MIHCrypto

OpenSSL wrapper for Objective-C [cryptography]
MIT License
341 stars 68 forks source link

RSA encrypting data which is larger then the key causes an uninformative error message #24

Closed hohl closed 9 years ago

hohl commented 9 years ago

Using RSA with large blocks of data seems to be a common issue. Some wrappers handle this by splitting the data into smaller blocks and encrypting every block separately. But since RSA isn't intended to encrypt large blocks of data this won't be implemented in this wrapper. (Better combine RSA with something like AES if you need features of both worlds.)

At the moment (RELEASE-0.3.2) the error message is:

 error: Error Domain=MIHOpenSSLErrorDomain Code=67522668 "OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)" UserInfo=0x170275700 {NSLocalizedDescription=OpenSLL internal error! (Code=67522668,Description=error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len)}

But it would be more informative if it would be something more descriptive.

Writing some sample and/or wiki page on how to use AES and RSA in combination would be a good idea too.

hohl commented 9 years ago

Related issues: #23, #17

dvidlui commented 8 years ago

Hi Michael, Can you let me know how to use RSA in combination with AES in current MIHCrypto ios library?

hohl commented 8 years ago

I don't have any sample, but it's quite simple. Guess you can figure it out by looking at the following steps yourself:

A does: Generate a random key for use with AES (like [MIHAESKeyFactory generateKey]) B does: Generate a private/public key pair for RSA (like [MIHRSAKeyFactory generateKeyPair]) A does: Download the public key of B (it's up to yours how to transport the key, maybe via HTTP?) A does: Encrypt the generated AES key via the public RSA key of B (like [MIHRSAPublicKey encrypt:aesKeyData]) A does: Send the encrypted AES key to B (again it's up to yours how to send the keys between A and B) B does: Decrypt the shared AES key with it's private RSA key (like [MIHRSAPrivateKey decrypt:encryptedAesKeyData]) A does: Encrypt the data with the shared AES key and send it to B (like [MIHAESSymmetricKey encrypt:yourData]) B does: Receive the data and decrypt it with the shared AES key (like [MIHAESSymmetricKey decrypt:yourEncryptedData])

Note: For sending keys it may be relevant to know that every key (RSA, AES and every other class which implements MIHCoding) has a -dataValue and -initWithDataValue: method which allows you to serialize keys into binary data (NSData) which can be send over the network.

dvidlui commented 8 years ago

Thank you for your detailed instructions.