Encrypting large files using a public key

Asked 16/8, 2010 at 8:2 Answered 23/8, 2010 at 20:20

public-key-encryption encryption-asymmetric

I need to encrypt a 100KB file using a public key. I've been reading some posts claiming that it is not practical to directly encrypt large files using a public key, and that the preferred method is to encrypt the file using a symmetric key and then encrypt this symmetric key using the public key. It seems that a naive solution would be to break the large file to pieces and encrypt each one of them using the same public key. My question is whether and why this solution is wrong?

Smukler answered 16/8, 2010 at 8:2 Comment(0)

The hybrid approach you mention (generate a random symmetric key, use this to encrypt the data, and encrypt only the key asymmetrically) has a massive performance advantage.

You could "break the large file to pieces and encrypt each one of them using the same public key" as well, there is nothing wrong with that, but it is much slower.

Pluralize answered 16/8, 2010 at 8:8 Comment(3)

It is bad idea to splitting file, en.wikipedia.org/wiki/Watermarking_attack – Hyacinthia 16/8, 2010 at 8:48

@TBH: Yes, come to think of it, one could easily spot repeating blocks and such. On the other hand, this problem could be overcome by throwing in some random padding. I still maintain that the principal difference is performance only. – Pluralize 16/8, 2010 at 9:30

In the performance point of view, the best you can do is exchange the AES (or Serpent) encryption key, and encrypt these data with symetrical-key. – Hyacinthia 16/8, 2010 at 10:54

If I understand you right, you want to encrypt the file with someone else's public key, to be decrypted by their private key?

The advantage of using symmetric encryption and only using public key cryptography for the (symmetric) key is performance: symmetric cryptography is computationally much less resource-intensive (trade-off: you have to keep the key secret -- and that's what the second, asymmetric step is for).

Breaking up the file adds management overhead (how can you be sure how many chunks there will be? that you have transmitted them all?) and doesn't add any security. On the contrary.

Rawlings answered 16/8, 2010 at 8:6 Comment(3)

keeping the shared key secret is solved by randomly generating a new one for every message, transmitting it to the recipient public-key-encrypted and then throwing it away. – Pluralize 16/8, 2010 at 8:10

An alternative is to combine both. Step 1: Create any Randome-Key, for exampel a 64 Char String (512 Bit) Step 2: symetric encrypt your file with the Key from Step 1 Step 3: encrypt the Key with any asymetric-encryption (public key) Step 4: add the result from Step 3 at the end of your enrypted file. To decrypt: Step 1: read and remove the last XXX Bit form the file Step 2: decrypt the data from Step 1 with your private key Step 3: decrypt the file with the key who are the result of Step 2 – Lancinate 16/8, 2010 at 8:14

Yup, I clarified the response - I was speaking in general terms about keeping the key secret, and that's what the publickey step is for. – Rawlings 16/8, 2010 at 9:4

Asymmetric cryptography is too slow, the most used approach is to encrypt random symmetric key with asymmetric, and encrypt your data with that symmetric key. And, as well, the best way is to use well-known protocol/standard for that purpose (OpenPGP for instance).

Grati answered 23/8, 2010 at 20:20 Comment(1)

And GnuPG too - GnuPG is one of the implementations of OpenPGP stanard. There are also other commercial implementations, which can be more flexible and usable. – Grati 24/8, 2010 at 13:0

Aside from the speed-boost of symmetric key encryption, there's another possible benefit: By first encrypting the message with a random securely-generated symmetric key, you can then encrypt the symmetric key for multiple recipients, once in each recipient's own public asymmetric key, without having to re-encrypt the entire message.

Greenquist answered 16/8, 2010 at 8:2 Comment(0)

Splitting file into smaller pieces and then encrypting them with some asymmetric cipher has nothing to do with the runtime cost of the encryption process. Best practice is encrypting the data with a good symmetric cipher using a relatively strong key and encrypting the secret key you used in symmetric encryption with an asymmetric cipher(using your public key).

Makeshift answered 16/8, 2010 at 8:13 Comment(2)

If performance does not factor in, why is hybrid encryption a best practice? – Pluralize 16/8, 2010 at 9:31

I mean performance would not increase if you split the file and again use asymmetric encryption. In hybrid approach you have the advantage of encrypting large data with a symmetric cipher, because symmetric ciphers are relatively more time-efficient in contrast to asymmetric ciphers. And say your secret key is 256-bits/32-bytes, you only have to encrypt 32-bytes of data with your asymmetric cipher. This approach is better than encrypting the whole file with an asymmetric cipher. – Makeshift 16/8, 2010 at 11:24

Recommended topics

Hot tags