Most efficient encoding for encryption

Question

I am using a Chrome extension to encrypt data and post it over HTTPS to a PHP script that stores them into a MySQL database. Then, the database is dumped and sent to a secure environment where the data is decrypted.

For encryption I'm using a RSA-2048 public key that I ship with the extension.

The data is just an array of bytes (represented as integers) and the length of the array is always a multiple of five. Something like this:

var data = [255, 24, 16, 0, 34];

In RSA-2048 I can only encrypt up to 245 bytes. I don't want to encode these bytes in base64 because I will only be able to store 120 bytes of the original data. What is the most efficient encoding that is safe for transport in this case?

Answer 1

For encryption I'm using a RSA-2048 public key that I ship with the extension.

Why RSA?

Many security experts actively discourage the use of RSA in new protocols.

In RSA-2048 I can only encrypt up to 245 bytes. I don't want to encode these bytes in base64 because I will only be able to store 120 bytes of the original data. What is the most efficient encoding that is safe for transport in this case?

Commenter "Dan D" said (correctly): "Use RSA to encrypt a key for a say AES and then encrypt the data with that key. Then store RSA(pub, sk)+AES(sk, data)" to which you responded "I don't want to use hybrid encryption".

WHY?

If you're going to use RSA (which you really shouldn't!), the only way to do this safely and securely is to use hybrid encryption.

Interestingly, the 245 byte restriction you're alluding to in your question implies you're using PKCS#1 v1.5 padding, which is vulnerable to chosen-ciphertext attacks.

You have three choices here, really:

1. Use libsodium.
2. Use hybrid encryption.
3. Be insecure.