SQL Server Performance Forum – Threads Archive

Encryption with RSA_512

I used RSA_512 as my algorithm for encryption CREATE MASTER KEY ENCRYPTION BY PASSWORD=’[email protected]‘
— Create a assymetric key
CREATE ASYMMETRIC KEY aKey
WITH ALGORITHM = RSA_512 DECLARE @encryptedstuff NVARCHAR(100),@key nvarchar(26),@key7 nvarchar(27)
Set @key = N’Parana Palliya Guruge Dinesh Asanka’
SELECT @encryptedstuff = EncryptByAsymKey(AsymKey_ID(‘Asym_Looney_Tunes’),@key )
–CT @encryptedstuff
SELECT CAST(DecryptByAsymKey(AsymKey_ID(‘Asym_Looney_Tunes’), @encryptedstuff) AS NVARCHAR) –CLARE @encryptedstuff NVARCHAR(100),
Set @key = N’Parana Palliya Guruge Dinesh Asanka’
SELECT @encryptedstuff = EncryptByAsymKey(AsymKey_ID(‘Asym_Looney_Tunes’),@key7 )
–SELECT @encryptedstuff
SELECT CAST(DecryptByAsymKey(AsymKey_ID(‘Asym_Looney_Tunes’), @encryptedstuff) AS NVARCHAR) But First one gives me the correct value and second one returns null this is happen only when string is more than 26. When I try with RSA_1024 limitation will increase to 52. why is this? —————————————-

I found a some cluse.
RSA_512 is support only 512 bits. is this the restriction —————————————-

Got an detail answer from MS drop ASYMMETRIC KEY aKey
— [RG] RSA 512, based on the key modulus the plaintext
— will be limited to 53 bytes
—
CREATE ASYMMETRIC KEY aKey WITH ALGORITHM = RSA_512
— [RG] The variables for plaintext have 2 different lenghts
— @key => 26 Unicode characters == 52 bytes
— @key7 => 26 Unicode characters == 54 bytes
—
DECLARE @key nvarchar(26),@key7 nvarchar(27)
— [RG] Based on the asymmetric key modulus, the estimated datalength would be ~64 bytes,
— but I will reserve more space on the variable to make sure there will be no truncation.
— Different algorithms will produce different ciphertext lengths
—
DECLARE @encryptedstuff VARBINARY( 1000 )
— [RG] The plaintext is truncated to the first 26 characters
—
Set @key = N’Parana Palliya Guruge Dinesh Asanka’
— [RG] As the plaintext < than the limit for this particular key, the encryption operation suceeds
—
SELECT @encryptedstuff = EncryptByAsymKey(AsymKey_ID(‘aKey’),@key )
–CT @encryptedstuff
SELECT CAST(DecryptByAsymKey(AsymKey_ID(‘aKey’), @encryptedstuff) AS NVARCHAR)
–CLARE @encryptedstuff NVARCHAR(100),
—
— [RG] The plaintext is truncated to the first 27 characters!!!
—
Set @key7 = N’Parana Palliya Guruge Dinesh Asanka’
SELECT @encryptedstuff = EncryptByAsymKey(AsymKey_ID(‘aKey’),@key7 )
–SELECT @encryptedstuff
— [RG] As the plaintext > than the limit for this particular key, the encryption operation fails, returning null
—
SELECT CAST(DecryptByAsymKey(AsymKey_ID(‘aKey’), @encryptedstuff) AS NVARCHAR)
This behavior is by design and it is a limitation based on the algorithm selected for encryption.
Using asymmetric keys for encrypting data is not recommended. The recommended solution is to use 1 level of indirection: create a SYMMETRIC KEY to encrypt the data (the symmetric algorithms are more efficient and the data length limits are much higher) and protect this key with a CERTIFICATE or an ASYMMETRIC KEY.
One additional note: @encryptedstuff (ciphertext) is an nvarchar instead of varbinary. There is no guarantee that the ciphertext can be interpreted as a Unicode string, so they risk for data corruption if any app is trying to interpret or transform this ciphertext.
I would also like to suggest the following references:
â€¢ Laurentiu Cristofor#%92s blog http://blogs.msdn.com/lcris/)
â€¢ Raul Garcia blog http://blogs.msdn.com/raulga/)
â€¢ SQL Server 2005 Encryption â€“ Encryption and data length limitations http://blogs.msdn.com/yukondoit/archive/2005/11/24/496521.aspx)
â€¢ SQL Server Security fÃ³rum http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=92&SiteID=1)
—————————————-
Contributing Editor, Writer & Forums Moderator
http://www.SQL-Server-Performance.Com Visit my Blog at
http://dineshasanka.spaces.live.com/

]]>