Reputation: 1765
How to encrypt/decrypt larger file using RSA/AES
Okay so i'm looking for a way to encrypt/decrypt larger files using RSA and AES. I don't quite understand what I need to do.
The scenario is that i've got larger files (anywhere from 200kb - 50mb). I want to be able to encrypt specific files leaving a key (private key) in the current directory as well as the encrypted file. The user can then save the key, take it with them and come back to decrypt the file at a later time.
I just don't quite understand how to use AES/RSA together to achieve this. I have some code to do simple RSA encryption/decryption and some working AES code. I got this code from other SO questions.
I'm using Openssl with C++.
Current AES program: (from online)
int main() {
int bytes_read, bytes_written;
unsigned char indata[AES_BLOCK_SIZE];
unsigned char outdata[AES_BLOCK_SIZE];
/* ckey and ivec are the two 128-bits keys necesary to
en- and recrypt your data. Note that ckey can be
192 or 256 bits as well */
unsigned char ckey[] = "thiskeyisverybad";
unsigned char ivec[] = "dontusethisinput";
/* data structure that contains the key itself */
AES_KEY key;
/* set the encryption key */
AES_set_encrypt_key(ckey, 128, &key);
/* set where on the 128 bit encrypted block to begin encryption*/
int num = 0;
FILE *ifp = fopen("out.txt", "rb");
FILE *ofp = fopen("outORIG.txt", "wb");
while (true) {
bytes_read = fread(indata, 1, AES_BLOCK_SIZE, ifp);
AES_cfb128_encrypt(indata, outdata, bytes_read, &key, ivec, &num,
AES_DECRYPT); //or AES_DECRYPT
bytes_written = fwrite(outdata, 1, bytes_read, ofp);
if (bytes_read < AES_BLOCK_SIZE)
break;
}
Upvotes: 0
Views: 8481
Answers (1)
Reputation: 102205
Okay so i'm looking for a way to encrypt/decrypt larger files using RSA and AES. I don't quite understand what I need to do...
All you need to do is:
- Generate random AES key
- Encrypt large file under AES key
- Encrypt AES key under RSA key
Also, encryption alone is usually not enough. That means your choice of AES/CFB could be improved. That's because CFB (and other modes like CBC) provide confidentiality only. You cannot detect accidental and malicious tampering.
To improve upon the mode, you should select a mode that provides confidentiality and authenticity. AES/GCM would be a good choice. There's an example of it on the OpenSSL wiki at EVP Authenticated Encryption and Decryption.
You can read more about Authenticated Encryption on the Crypto++ wiki at Authenticated Encryption. Its a different library and different wiki, but it provides the information on authenticated encryption.
In an ideal world, OpenSSL would provide an Integrated Encryption Scheme like Shoup's Elliptic Curve Integrated Encryption Scheme (ECIES) or Abdalla, Bellare and Rogaway's Diffie-Hellman Authenticated Encryption Scheme (DHAES). An integrated encryption schemes does it all for you.
By the way, Crypto++ is a C++ crypto library that provides both integrated encryption schemes. Maybe you should consider switching security libraries. Here's the documentation with sample code on ECIES.
Upvotes: 6
Related Questions
- How to encrypt a large file in openssl using public key
- How to encrypt large file with RSA?
- Use OpenSSL to encrypt file contents in c++
- encrypting and decryption large file using rsa in java
- Encrypting and decrypting a small file using openssl
- How to encrypt large data in C++ using RSA encryption
- Decrypting file in C++, which was encrypted with openssl -aes-128-cbc
- how to decrypt a large file in java / android
- RSA encryption change the data size
- How to decrypt data without plaintext size? - openssl encryption c++ ubuntu environment