Monday, December 26, 2016

Teknik Penerapan Enkripsi RSA ada File Biner

Pada tulisan sebelumnya
http://www.softscients.web.id/2016/12/teknik-penerapan-enkripsi-rsa-untuk.html
kita telah mempelajari teknik enkripsi text dengan RSA, apakah kita melakukan enkripsi sebuah file biner? Seperti *.jpg, *.bmp, *.exe,*.bin menggunakan RSA?
Kamu bisa membaca ini http://www.softscients.web.id/2016/12/encrypt-file-using-rsa-java.html
Walau tidak efektif sih sebenarnya karena bisa menjadi bengkak ukuran file nya. Kita harus mengerti dari format base64 sebagai berikut:
https://blog.aldebaran.web.id/2016/01/03/120/
https://hxpinter.wordpress.com/2011/06/21/enkripsi-data-dan-script-dengan-php-part-base64/

Tuesday, December 6, 2016

Buku Belajar Machine Learning dengan Java - Mengapa RSA tidak cocok untuk enkripsi file binary



Seiring dengan meningkatnya traffic dan kemudahan dalam mengelola content, kami mengucapkan banyak terima kasih kepada para pembaca setia pada blog www.softscients.web.id

Per 19 Maret 2020, kami sedang melakukan migrasi ke domain dan hosting yang lebih baik yaitu
Semoga dengan alamat domain dan hosting terbaru akan semakin memudahkan para pembaca dalam mencari materi/content. Migrasi dilakukan secara bertahap yang membutuhkan waktu yang cukup lama jadi jangan kuatir selama migrasi akan dilakukan secara hati-hati untuk memimalkan broken link












Mengapa RSA tidak cocok / pas untuk enkripsi sebuag file binary Berikut penjelasannya:

referensi : http://stackoverflow.com/questions/16546959/how-to-do-encryption-and-decryption-of-a-file

RSA is not designed to encrypt files. Just use a symmetric algorithm (AES, Blowfish, etc.) to encrypt your file, and use RSA only on that symmetric key, if you need symmetric encryption.

You cannot encrypt a file using RSA because RSA (well, to be more precise, the implementation of RSA in Java) does not let you encrypt more data than the length of the key. For a 1024 bits key, you can only encrypt 1024 bits that is to say 128 bytes (actually a bit less for padding reasons).
In all cases, it is bad practice to encrypt a large piece of data using a public-key algorithm (asymmetric cryptography) for two main reasons.
  1. The is no practical, appropriate and secure cryptographic mode/padding to encrypt large amounts of data using RSA (ie it is not really secure to do that).
  2. Public-key algorithms require a large key to be secure (1024 bits, 2048 bits) and are therefore much slower than symmetric-key algorithms (which only require 128 to 256 bits keys to be secure).
If you want more details on why you should not use solely RSA to encrypt large amounts of data, see these two great stacktexchange posts :
  1. http://crypto.stackexchange.com/questions/14/how-can-i-use-asymmetric-encryption-such-as-rsa-to-encrypt-an-arbitrary-length/126#126
  2. http://crypto.stackexchange.com/questions/2789/is-rsa-in-a-ecb-like-mode-safe-for-bulk-encryption

You cannot encrypt a file using RSA because RSA (well, to be more precise, the implementation of RSA in Java) does not let you encrypt more data than the length of the key. For a 1024 bits key, you can only encrypt 1024 bits that is to say 128 bytes (actually a bit less for padding reasons).
In all cases, it is bad practice to encrypt a large piece of data using a public-key algorithm (asymmetric cryptography) for two main reasons.
  1. The is no practical, appropriate and secure cryptographic mode/padding to encrypt large amounts of data using RSA (ie it is not really secure to do that).
  2. Public-key algorithms require a large key to be secure (1024 bits, 2048 bits) and are therefore much slower than symmetric-key algorithms (which only require 128 to 256 bits keys to be secure).
If you want more details on why you should not use solely RSA to encrypt large amounts of data, see these two great stacktexchange posts :
If you want to encrypt a large amount of data, the standard way to proceed is to generate a session key (a cryptographically secure random number used once). You encrypt the session key with the public key. Then you encrypt the file (the large amount of data) with a symmetric algorithm (such AES) using the unencrypted session key. You then store the encrypted session key and the encrypted data altogether in the final file. That's the way PGP (or GnuPG) proceeds when it sends an encrypted mail. SSL/TLS also works in a similar way. Lastly, properly using cryptography is complicated (pretty much anything can create a security flaw : encryption modes, padding, etc...) so I would advise you to be very careful and make sure your code is going to be reviewed by someone knowledgeable in crypto matters. Here is a piece of code that shows the general process :




// 1. Generate a session key
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128)
SecretKey sessionKey = keyGen.generateKey();

// 2. Encrypt the session key with the RSA public key
Cipher rsaCipher = Cipher.getInstance("RSA");
rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey)
byte[] encryptedSessionKey = rsaCipher.doFinal(sessionKey.getEncoded());

// 3. Encrypt the data using the session key (unencrypted)
Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, sessionKey); <-- sessionKey is the unencrypted
//                                                   session key.
// ... use aesCipher to encrypt your data

// 4. Save the encrypted data along with the encrypted 
// session key (encryptedSessionKey).
// PLEASE NOTE THAT BECAUSE OF THE ENCRYPTION MODE (CBC),
// YOU ALSO NEED TO ALSO SAVE THE IV (INITIALIZATION VECTOR).
// aesCipher.aesCipher.getParameters().
//     getParametersSpec(IvParameters.class).getIV();