I am using PKCS1_OAEP crypto algorithm to encrypt a file. The file is encrypted successfully but unable to decrypt file, getting the error "Ciphertext with incorrect length."
Encryption Algorithm is here:
#!/usr/bin/python
from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA
import zlib
import base64
fd = open('test.doc', 'rb')
message = fd.read()
fd.close()
print "[*] Original File Size: %d" % len(message)
#message = 'To be encrypted'
key = RSA.importKey(open('pubkey.der').read())
cipher = PKCS1_OAEP.new(key)
compressed = zlib.compress(message)
print "[*] Compressed File Size: %d" % len(compressed)
chunk_size = 128
ciphertext = ""
offset = 0
while offset < len(compressed):
chunk = compressed[offset:offset+chunk_size]
if len(chunk) % chunk_size != 0:
chunk += " " * (chunk_size - len(chunk)) # Padding with spaces
ciphertext += cipher.encrypt(chunk)
offset += chunk_size
print "[*] Encrypted File Size: %d" % len(ciphertext)
encoded = ciphertext.encode("base64")
print "[*] Encoded file size: %d" % len(encoded)
fd = open("enc.data", 'wb')
fd.write(encoded)
fd.close()
print "[+] File saved successfully!"
Decryption Algorithm is here:
#!/usr/bin/python
from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA
import zlib
import base64
key = RSA.importKey(open('privkey.der').read())
cipher = PKCS1_OAEP.new(key)
fd = open('enc.data', 'rb')
encoded = fd.read().strip('\n')
fd.close()
decoded = encoded.decode("base64")
chunk_size = 128
offset = 0
plaintext = ""
while offset < len(decoded):
plaintext += cipher.decrypt(decoded[offset:offset+chunk_size])
offset += chunk_size
#plaintext = cipher.decrypt(decoded)
decompress = zlib.decompress(plaintext)
fd = open('decr.doc', 'wb')
fd.write(decompress)
fd.close()
Using the following script to generate key
from Crypto.PublicKey import RSA
new_key = RSA.generate(2048, e=65537)
public_key = new_key.publickey().exportKey("PEM")
private_key = new_key.exportKey("PEM")
fileWrite(fileName, data):
fd = open(fileName, 'wb')
fd.write(data)
fd.close()
fileWrite('privkey.der', private_key)
fileWrite('pubkey.der', public_key)
You encrypt with a 2048 bit RSA key, which gives encrypted blocks of 2048 bites (256 bytes). Your decrypt implementation assumes the encrypted blocks are 128 bytes where they are actually 256 bytes, and thus you get the 'incorrect length' error. Notice how your encrypted files size (64512) is more than double of the compressed file size (32223).
In general you would not use RSA for bulk encryption (as it's quite slow) but would instead combine it with a symmetric encryption like AES. You would then encrypt the data with a random AES key, and then encrypt the AES key with the RSA key. This way you get the speed of AES and the two keys of RSA. This is known as Hybrid Encryption.
