Python Crypto, RSA Public/Private key, with large file

Jack Feng picture Jack Feng · Feb 10, 2015 · Viewed 20.6k times · Source

I now know that RSA Public/Private key can only encrypt very short input at once, but can anyone provide a way to encrypt any type of file(.txt, .phf, .exe, etc) with only the public/private key? I do not want to have additional AES key.

Here is my code, I am not getting the original content back after my encryption and decryption with the pair of public & private key. I do not care about how safe is my encryption or decryption, I just want the simple encrypt decrypt working on any input that it might take, no matter how long or large it is.

from Crypto.PublicKey import RSA
from Crypto import Random


random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
public_key = key.publickey()

f = open('C:\Users\Administrator\Desktop\jack.txt','r').read()

print 'original content: '+ f

enc_data = public_key.encrypt(f, 32)
print 'encrypted data: '
print enc_data

dec_data = key.decrypt(enc_data)
print 'decrypted data: '+ dec_data

Here is the output:

original content: Python Cryptography Toolkit

A collection of cryptographic modules implementing various algorithms and protocols.

Subpackages:

Crypto.Cipher
Secret-key (AES, DES, ARC4) and public-key encryption (RSA PKCS#1) algorithms
Crypto.Hash
Hashing algorithms (MD5, SHA, HMAC)
Crypto.Protocol
Cryptographic protocols (Chaffing, all-or-nothing transform, key derivation functions). This package does not contain any network protocols.
Crypto.PublicKey
Public-key encryption and signature algorithms (RSA, DSA)
Crypto.Signature
Public-key signature algorithms (RSA PKCS#1)
Crypto.Util
Various useful modules and functions (long-to-string conversion, random number generation, number theoretic functions)
encrypted data: 
('\x08\xe3\x9d\x03\x1e\xe9(\xe2\xc7\xc6e\x0b5\x02\xc0\xd8G\x1f\xf5\xb8\x9cMC\x93Z\x982\xa5\x97\xec\xab4\x18\xc2\xc8\xd9\xd3\x99aX\xd96b\x19\x96\xdc\x1d|F\xe0\xa9\xa9\xea\x03\x10>0g\x83\xdb\xeb\xdb\x13\x91\xc6\xd8\xf6\x95\xedE@A\x0bc\xae\xbe\xbe\xf0\xde\xcc\xcexk\x10\xb3\x86\xd3\xdd\xd0\xca@T2\x9a\x8a6ut\xb1\xaf\x07\x1f\xa2M\r\xf0D\xa2`h\xc3\x89\x18\x0e\xd4\xca\xee\xf5\xfc\x01\xed\x95}X\x1f\x13 1',)
decrypted data: ���J�rPX �����ju�a,�xm�'�]��ٟ�?y;�)��tĹ�,�D4^�ba�8����9q
+�i��l �q]Kd�Y���u��S�B���Ϲ�^�A3
.7��j��m�
�6�dl� qU

Answer

Artjom B. picture Artjom B. · Feb 10, 2015

RSA can only encrypt a limited amout of input. How much that is depends on the key size of RSA (1024-bit in your case) and the used padding. Everything bigger than that (128 byte when no padding is used and less if padding is used) and you cannot recover it anymore.

The solution is to use hybrid encryption.

  1. Generate a random byte string 16, 24 or 32 bytes to be used as the AES key,
  2. Encrypt the actual data with AES using the previously generated key and
  3. Encrypt the AES key with RSA.

AES encryption:

from Crypto.Cipher import AES
from Crypto import Random

aeskey = Random.new().read(32)
iv = Random.new().read(AES.block_size)
cipher = AES.new(aeskey, AES.MODE_CFB, iv)
msg = iv + cipher.encrypt(b'Attack at dawn')

RSA encryption (use a proper padding like OAEP, because textbook RSA is horribly broken):

from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA

message = aeskey
random_generator = Random.new().read
rsakey = RSA.generate(1024, random_generator)
cipher = PKCS1_OAEP.new(rsakey.publickey())
ciphertext = cipher.encrypt(message)

And only send msg and ciphertext. The decryption is similar, but backwards, because you first have to recover the AES key from the RSA ciphertext. Don't forget to slice off the IV when decryption with AES.