[erlang-questions] Private key encryption

Martin Karlsson <>
Tue Apr 14 00:54:38 CEST 2015


Hi Marcus,

The encrypt_private is doing an RSA encryption using PKCS1 padding by
default.

RSA can't encrypt large payloads (i.e. 256 bytes - 11 for padding for 2048
bit RSA keys) so this is the likely reason you can only encrypt small
portions of the file.

Normally you use public key crypto to encrypt a symmetrical key and then
encrypt the large payload with the symmetric key using AES or something.

In addition you don't want to encrypt using the private key but rather the
public key, otherwise anyone with access to your public key can decrypt the
cipher. Private key encryption is usually only used for signatures.

Crypto is hard to get right, especially if you are only working with RSA
primitives (you need to think about padding, hashing, MDCs, signatures).
You might want to have a look a NaCl (https://github.com/jloius/enacl for a
binding to erlang) which is much friendlier to use.

Cheers,
Martin


On Tuesday, 14 April 2015, Marcus Nilsson <> wrote:

> I'am trying to encrypt a bigger file with the public_key module.
> Everything works fine as long as the content of the file is small.
>
> But when the size of the binary exceed's a certain size I get a
> **error:encrypt_failed. I guess this has to do with the padding parameter.
>
> But I have not been able to find any documentation how to compute the
> padding to get this working any help would be very welcomed!
>
> I use this code to perform the encryption
>
> public_key:encrypt_private(Input, PrivKey);
>
> /Marcus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150414/465a3d38/attachment.html>


More information about the erlang-questions mailing list