views:

109

answers:

3

Hi,

I am using PHP Crypt_RSA (http://pear.php.net/package/Crypt_RSA) for encrypting and decrypting the contents. Contents are of 1kb size. Following are the results:


  1. keylength = 1024
  2. Encryption function takes time: 225 secs

  1. keylength = 2048
  2. Encryption function takes time: 115 secs

I need to reduce this execution time as most of the live apache servers have 120 sec limit for execution time. How to reduce this execution time? RSA alorithm docs says the only 1024 - 2048 keys are generated. I ACTUALLY tried to generate larger key, but it always results in execution timeout.

How do i work on reducing encryption - decryption execution time?

Thanks, Nila

A: 

Do not use RSA to encrypt content, use RSA to encrypt a symmetric key that is then used to encrypt the content.

The symmetric cipher AES uses a key length of 256 bits, which is 32 bytes, about 30 times less data to encrypt/decrypt using RSA than the kilobyte of data you encrypt now.

So the 115 seconds will be reduced to 3-4 secs plus the encryption/decryption time used for AES which is much faster than RSA.

Ernelli
Yes, thats true, with this method, encryption is faster exactly as expected. Now i am on server side trying decryption of this data.Encryption sequence: get the symmetric key, encrypt with RSA public key, encrypt the contents with RSA-encrypted Symmetric keyNow when i go to server side with this data..... I have encryped contents. To decrypt this, how am i going to use servers private key?? I can again generate RSA-encrypted Symmetric key and decrypt the contents. But that wont be secure.... Where does the Private key comes into picture???
Nilambari
You don't encrypt the contents with the "RSA-encrypted Symmetric key". You encrypt the contents with the *original* symmetric key, but you pass the RSA-encrypted symmetric key to the recipient. The recipient uses their private key to derive the original symmetric key from the RSA-encrypted version, and then uses that original symmetric key to decrypt the data.
caf
Thanks, that solved my problem :-)
Nilambari
this is strenge....... Some times my code executes correctly, but sometime throws error: "The number of bytes reported as being padded (172) is invalid (block size = 8) in /DES.php line 540" Why is this strenge behaviour ? why the code is not executing same everytime??
Nilambari
A: 

You may consider to use mcrypt or openssl instead for your encryption/decryption needs. See openssl_public_encrypt for examples. That will be much faster than the PHP implementation done in Crypt_* (even if they use bigint or other C large integer implementation like gmp).

Pierre
+1  A: 

Make your key bigger :) According to your numbers, you halve the time by doubling the key size. I am sure it's an error.

First thing to do is to switch to OpenSSL, which is an extension in C. If you use the correct build, the public key operations are done in assembly so it's much, much faster than PHP code. In my experience, it's at least 10 times faster.

The 2nd thing to do is to use a standard envelope like PKCS#7 (OpenSSL supports this). It will use symmetric key to encrypt and encrypt the key using public key. It has lots of overhead for small message but you will benefit in long run.

ZZ Coder
This is good advice; the relevant functions for standard envelope encryption are `openssl_seal()` and `openssl_open()` (although "unseal" would have been more logical...).
caf