-2

[Comment in 2020: This was a poorly researched question I asked several years ago, before I started reading about the subject. I returned to clean up the question a bit - since the core thing I wanted to know back then was to understand why the key had to have a certain size. However, when one starts learning something new, I truly believe that asking the wrong questions is an important step, towards asking better and better questions. Therefore I find it unfortunate that this forum is discouraging people from asking questions that do not reflect good understanding. I hope this forum in the future can develop more in that direction. End of comment.]

Specifically, my question is as follows, using PHP and OpenSSL, and the function:

openssl_pkey_new(array $configargs)

In another part of this forum, it was said that "If you tell $configargs that you want a keysize of 256 bits, or such, it is too easy to break." I presume that is why the function doesn't allow a keysize smaller than 384 bits. But how come that is deemed so easy to break?

What I want to do is encrypt 'ARBITRARY_STRING' in browser (at the user's end) with user's private key, and then send this (along with other data) to the server, where I decrypt with the public key. But it would be impractical if the key a user has to enter is that long.

Grateful for any advice! Or recommendations on something more suited for the purpose.

Fom
  • 485
  • 6
  • 14
  • 1
    A UTF-8 character takes up a byte, which is 8 bits. 256 bits is only 32 bytes. That means 256 bits would only allow a 32 character key. – Joseph Evans Jan 19 '18 at 19:12
  • 1
    @JosephEvans: There is no UTF-8 character but there is a character in UTF-8 encoding. And it takes up to 4 bytes, depending on the character. Only if it is a character in the ASCII set it will take a single byte. – Steffen Ullrich Jan 19 '18 at 22:24
  • 1
    *"the output-keys of openssl_pkey_new() are still alphanumeric"* - they are not. Only if you save it in PEM format you get alphanumeric data because this is using the base64 encoding. – Steffen Ullrich Jan 19 '18 at 22:37
  • 2
    *"Bitcoin has far shorter keys"* - bitcoin is using ECC not RSA for its keys. ECC needs way shorter keys than RSA, i.e. 256 bits ECC are comparable to 3072 bits RSA. – Steffen Ullrich Jan 19 '18 at 22:44
  • You seem to be confusing all sorts of public key crypto concepts into a mish-mash. Stackoverflow is not the right place to untangle them. You will have to go elsewhere for tutorials on public key cryptography. Good luck on your quest. – President James K. Polk Jan 20 '18 at 03:54
  • Thank you Joseph Evans and Steffen Ullrich for kindly giving me concrete information, answers and help. But I won't say thanks to James K Polk. Of course a student will confuse concepts before she/he understands them. Obviously a student can't know when she/he has misunderstood something - because that would in itself demand understanding. So with that logic I would never ask anything on Stackexchange because I would constantly assume I had misunderstood something. But thanks to everyone else for your kind help! – Fom Jan 28 '18 at 10:43

1 Answers1

1

You're undoubtedly trying to generate an RSA key pair. RSA is relatively inefficient because the key size does not increase linearly with the security strength offered. As others have indicated, there is therefore a huge difference between EC keys and RSA keys. This difference can also be seen at e.g. https://keylength.com . RSA 384 is absolutely insecure while EC 384 is rather secure until quantum crypto analysis comes off age.

The security of asymmetric primitives depends on the size of certain components within the crypto system. For RSA for instance the key size is determined by the size of the modulus, which is a large integer. Usually the encoding of the keys is much larger than the key size as it includes various other pieces of information, headers and other meta-information. The encoded size of a key says very little about the security strength and comparing the size of the encodings makes no sense at all.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thanks for your answer. I am starting to look into EC now instead. Seems more suited then for this purpose. – Fom Jan 28 '18 at 10:45