Add support for session keys (was: javax.crypto.IllegalBlockSizeException)

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Try to encrypt a String or Byte larger than 214 bytes, like the example
below:

try {
    encrypter = new Encrypter(publickey);
    decrypter = new Crypter(privatekey);
    byte[] b = new byte[500];
    encrypter.encrypt(b);   
} catch (KeyczarException e1) {
    e1.printStackTrace();
} 

This generate the following error:

328  [AWT-EventQueue-0] INFO  org.keyczar.Encrypter  - Cifrando 500 bytes.
org.keyczar.exceptions.KeyczarException:
javax.crypto.IllegalBlockSizeException: Data must not be longer than 214 bytes
    at org.keyczar.RsaPublicKey$RsaStream.doFinalEncrypt(RsaPublicKey.java:98)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:164)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:113)
    at com.lossurdo.cipherchat.CipherChat.<init>(CipherChat.java:59)
    at com.lossurdo.cipherchat.CipherChat$9.run(CipherChat.java:390)
    at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:597)
    at
java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273
)
    at
java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183)
    at
java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173
)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:121)
Caused by: javax.crypto.IllegalBlockSizeException: Data must not be longer
than 214 bytes
    at com.sun.crypto.provider.RSACipher.a(DashoA13*..)
    at com.sun.crypto.provider.RSACipher.engineDoFinal(DashoA13*..)
    at javax.crypto.CipherSpi.a(DashoA13*..)
    at javax.crypto.CipherSpi.engineDoFinal(DashoA13*..)
    at javax.crypto.Cipher.doFinal(DashoA13*..)
    at org.keyczar.RsaPublicKey$RsaStream.doFinalEncrypt(RsaPublicKey.java:96)
    ... 12 more

2. I have used the following commands to generate the keys:

java -classpath keyczar05b-1.6-090208.jar;gson-1.2.jar;log4j-1.2.15.jar
org.keyczar.KeyczarTool create --purpose=crypt --asymmetric=rsa
--location=./rsakeys

java -classpath keyczar05b-1.6-090208.jar;gson-1.2.jar;log4j-1.2.15.jar
org.keyczar.KeyczarTool addkey --location=./rsakeys --status=primary

java -classpath keyczar05b-1.6-090208.jar;gson-1.2.jar;log4j-1.2.15.jar
org.keyczar.KeyczarTool pubkey --location=./rsakeys --status=active
--destination=./rsakeys/publickeys/

Original issue reported on code.google.com by lossu...@gmail.com on 29 Sep 2008 at 6:00

[GoogleCodeExporter]

This is expected behavior. RSA-OAEP payloads have a maximum size that depends 
on the
key length. You'd typically use this to encrypt a symmetric session key.

So, I changed this to a feature request to add support for session keys that 
would
allow you to encrypt arbitrary length messages with a public key.

Original comment by stevew...@gmail.com on 29 Sep 2008 at 11:12

• Changed title: Add support for session keys (was: javax.crypto.IllegalBlockSizeException)
• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Any update on this one? I just got bitten by the max payload size - go figure, 
in my
application I'm over by a single byte!? argh :P

Similar to above, I've generated an rsa keypair (public/private) with a key 
length of
2048 and using the public key to encrypt a string which will ultimately be 
decrypted
by the private string. Below is exception msg: 

110  [http-8888-Processor4] INFO  org.keyczar.Encrypter  - Encrypting 215 bytes.
org.keyczar.exceptions.KeyczarException: 
javax.crypto.IllegalBlockSizeException: Data
must not be longer than 214 bytes

Thanks Todd

Original comment by 3le...@gmail.com on 28 Oct 2008 at 10:06

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Hi. I haven't had a chance to work on adding session key support. I'll try to 
get to
it as soon as I can.

Original comment by stevew...@gmail.com on 29 Oct 2008 at 12:40

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Original comment by stevew...@gmail.com on 6 Nov 2008 at 6:54

• Added labels: Priority-High
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Adding support for session keys would really be nice. After all, the actual 
payload 
you typically want to encrypt is almost always more than 214 lousy bytes...

Original comment by skjervold@gmail.com on 23 Feb 2009 at 4:09

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Adding support for session keys  when using RSA would be very nice.

I was thinking of hacking together something for the python implementation.

Is there a spec for how the session keys would work?

Original comment by paul.que...@gmail.com on 14 Aug 2009 at 10:40

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

I checked in some experimental code for hybrid encryption. Documentation 
updates are 
forthcoming.

Original comment by stevew...@gmail.com on 18 Dec 2009 at 2:53

• Changed state: Started
• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Original comment by stevew...@gmail.com on 21 Oct 2010 at 6:35

• Changed state: Fixed
• Added labels: ****
• Removed labels: ****