Search code examples
encryptionopensslaesrsa

Faster Encryption of large file public key and three users

It is a large file to encrypt. I am at the encrypting part. The error is showing:

"Error reading password from Bios"

"Error getting password."

Please let me know what to do. Thanks in advance.

I kind of want to remove cbc mode because it is slow. I read it in an article. Also, the directions say to make it faster since it is needed for three users.

I think this is the problem by using 192 instead of 4096 or higher but I need to lower it to make it go faster speed from the question.

openssl genrsa -aes256 -out pubPrivate.key 192

openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pass File: pubPrivate.key

Also, I read somewhere that there are numbers 0000 in front of the code somewhere causing the error if that matters?

Solution

  • It's unclear what you are trying to do. Encrypt a large file, sure. But how? Symmetric with AES, or asymmetric with RSA?

    Your first command, openssl genrsa creates a RSA public/private keypair with length 192, which as Ken White notes is a bad idea, not only is it not a power of 2, but also an incredibly short key length; to give you an estimate of how bad this is, 512 bit RSA keys were broken twenty years ago. In fact, my openssl, version 1.1.1b plainly refuses to even create such a keypair: 

    $ openssl genrsa -aes256 -out foo.key 192
Generating RSA private key, 192 bit long modulus (2 primes)
25769803792:error:04081078:rsa routines:rsa_builtin_keygen:key size too small:crypto/rsa/rsa_gen.c:78:

    Your second command then does something completely different. It tries to encrypt Bigfile.txt using AES256 in CBC mode, which is ok, but you don't give the command a 256bit AES key. Instead, you tell it to look in the RSA key file for a passphrase, which is certainly not what you want. Openssl does not accept this either:

    $ openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pass File: pubPrivate.key
Extra arguments given.
enc: Use -help for summary.

    So let's assume what you want is to encrypt BigFile.txt symmetrically, with AES256 in CBC mode using a key derived from a password. You would then distribute this password to you three recipients. How fast is this? On my laptop, with a 1GB BigFile.txt:

    $ time openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pass pass:start123
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

real    0m3,099s
user    0m1,562s
sys     0m0,968s

    So, openssl encrypts around 330MB/sec, and it also tells us that the key derivation is unsafe, and we should use PBKDF2 instead. Let's do this:

    $ time openssl enc -aes-256-cbc -in BigFile.txt -out cipher.bin -pbkdf2 -pass pass:start123

real    0m3,202s
user    0m1,656s
sys     0m1,077s