RSA Encrypt String longer than key

Question

Hei Guys,

i'm encryping Strings with JS and a Public Key. I use the JSBN code but the problem is in creating a BigInt.

RSA.js does:

// Copyright (c) 2005  Tom Wu
var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3); // getting the Bigint
if(m == null) return null; // nullcheck
var c = this.doPublic(m); // encrypting the BigInt

The problem is in "pkcs1pad2". The function has a check, if the text is longer den the BitLength of the key. If so, return, else create a BigInt.

// Copyright (c) 2005  Tom Wu
if(n < s.length + 11) { // TODO: fix for utf-8
  alert("Message too long for RSA");
  return null;
}
var ba = new Array();
var i = s.length - 1;
while(i >= 0 && n > 0) {
  var c = s.charCodeAt(i--);
  if(c < 128) { // encode using utf-8
    ba[--n] = c;
  } else if((c > 127) && (c < 2048)) {
    ba[--n] = (c & 63) | 128;
    ba[--n] = (c >> 6) | 192;
  } else {
    ba[--n] = (c & 63) | 128;
    ba[--n] = ((c >> 6) & 63) | 128;
    ba[--n] = (c >> 12) | 224;
  }
}
ba[--n] = 0;
var rng = new SecureRandom();
var x = new Array();
while(n > 2) { // random non-zero pad
  x[0] = 0;
  while(x[0] == 0) rng.nextBytes(x);
  ba[--n] = x[0];
}
ba[--n] = 2;
ba[--n] = 0;
return new BigInteger(ba);

I can't figure out, what the author means with "// TODO: fix for utf-8". Can anyone explain this? &/ give a working answer?

Answer 1

This tries to implement PKCS#1 v1.5 padding as defined in PKCS#1 . The input of PKCS#1 v1.5 padding for encryption must be 11 bytes smaller than the size of the modulus :

M : message to be encrypted, an octet string of length mLen, where mLen <= k - 11

If the message is larger then RSA encryption cannot continue. Usually that is not a problem: you encrypt using a symmetric cipher with a random key and then encrypt that random key using RSA. This is called a hybrid cryptosystem .

The reason why the comment is there is that JavaScript - like many scripting languages - has some trouble distinguishing between bytes and text. If s is text then s.length is likely to return the amount of characters not bytes. This is deliberate for languages that implement weak typing , but it doesn't make it easier to create and use cryptographic algorithms in JavaScript.

If you use a multi-byte encoding such as UTF-8, then characters that encode to 2 bytes will increase the total plaintext size (in bytes). So the calculation may fail at that point. Either that, or you will loose the characters that cannot be encoded in single bytes - if I take a quick look at the code that is what will likely happen if you go beyond the ASCII (7 bit, values 0..127) range of characters.