0

I was looking for a good encryption scheme to encrypt my message and i founded that the Hybrid encryption is good for large and small messages. but i have a problem with the length of the output cipher message which is large.

if the input was "hello", then the length of the output message will be 586, and twice if if the message larger

here is the Encrypt function that i use:

def encrypt(username, msg):
    #get the reciever's public key
    f = open("{}.pem".format(username)) # a.salama.pem
    recipient_key = RSA.import_key(f.read())
    f.close()

    # Encrypt the session key with the reciever's public RSA key
    cipher_rsa = PKCS1_OAEP.new(recipient_key)

    # Encrypt the data with the AES128 session key
    session_key = get_random_bytes(16)  
    cipher_aes = AES.new(session_key, AES.MODE_EAX)
    ciphertext, tag = cipher_aes.encrypt_and_digest(msg)

    #finishing your processing
    encrypted_data = cipher_rsa.encrypt(session_key) + cipher_aes.nonce + tag +  ciphertext 
    encrypted_data = hexlify(encrypted_data).decode("utf-8")
    return encrypted_data
Ahmed Salama
  • 111
  • 2
  • 6

1 Answers1

0

There's a fixed number of extra bytes in the header regardless of the amount of plaintext being encrypted. That's evident from your line of code

encrypted_data = cipher_rsa.encrypt(session_key) + cipher_aes.nonce + tag +  ciphertext

This extra data will be dominated by the RSA-encrypted session key. A more space-efficient choice would be ECIES using a well-known 256-bit elliptic curve.

However, you also have expansion of the data due to encoding. Your choice of encoding is hex encoding which doubles the amount of data. A more efficient and well-supported encoding is base64 encoding. Base64 encoding expands the data by a factor of 4/3. The most space-efficient is avoid encoding altogether and just store and transmit raw bytes. You only need to encode the data if it will transit over channel that cannot handle binary data.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125