Removing Keyczar's output header
25 views
Skip to first unread message
Tyler Oderkirk
Jul 16, 2016, 5:47:46 PM7/16/16
to Keyczar Discuss, Scott Carlson
Hello All.
We'd like to use Keyczar's Python bindings to encrypt small messages. Using the code below, we get ciphertext output of 261 bytes.
-------------------------------------------------------
import keyczar
encrypter = keyczar.Encrypter.Read(RSA_PUBKEY_PATH)
encrypter.set_encoding(encrypter.NO_ENCODING)
ciphertext = encrypter.Encrypt(PLAINTEXT)
-------------------------------------------------------
Are there any options available for reducing the size of the ciphertext output?
We'd like to reduce it to 256 bytes if possible - that's convenient for our message transport protocol.
It seems that the 261 byte output we're seeing is 256 bytes plus a 5 byte header:
1 byte for the Keyczar version
4 bytes of key hash
... as per section 5.4 "Output Headers" https://keyczar.googlecode.com/files/keyczar05b.pdf
Thanks for your help,
-Tyler
Further discussion on this topic here:
https://groups.google.com/forum/#!searchin/keyczar-discuss/header/keyczar-discuss/TbRErQEpFQQ/s8zW999fdJUJ (especially Steve Weis's comment)
Steve Weis
Jul 16, 2016, 8:52:01 PM7/16/16
to keyczar...@googlegroups.com
Hi Tyler. Short answer: No, there are no options to reduce RSA ciphertext size as Keyczar is written.
The RSA payload itself is 256 bytes, so the only way you can reduce to that size is to manually drop the version and key hash bytes. You'd need to splice those bytes back on at the receiving end or modify keyczar to ignore the missing headers and try to decrypt with all available keys. If you only have one key, the latter is probably fine.
Note, there is an "unversioned" signer and verifier in Java that does not use a header, and on verification tries all keys. There isn't an analogous class for encrypters.
The RSA payload itself is 256 bytes, so the only way you can reduce to that size is to manually drop the version and key hash bytes. You'd need to splice those bytes back on at the receiving end or modify keyczar to ignore the missing headers and try to decrypt with all available keys. If you only have one key, the latter is probably fine.
Note, there is an "unversioned" signer and verifier in Java that does not use a header, and on verification tries all keys. There isn't an analogous class for encrypters.
--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at https://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.
devin lundberg
Jul 18, 2016, 12:11:06 PM7/18/16
to keyczar...@googlegroups.com
You should also note that if you ever want to do rotation (you probably want this; breaches happen) some sort of extra data is required. If you are defining a protocol, you could probably include version bits elsewhere (theres a lot of good reasoning to include versioning in a protocol) and somehow preshare key hashes for the applicable version, but that might make things more complicated for your protocol.
Reply all
Reply to author
Forward
0 new messages