RSA Decryption

Hi, I’m using encryption to store a database for an app, it’s about 16k compressed. Decrypting this is taking about 12s on a 6-core 2018 mac mini.

Is this an expected amount of time for a relatively small piece of data?

Cheers

Yes, RSA complexity grows fast with the size of data.
I believe you would getter a better performance (and also less dependant on the size of the data), by encrypting with RSA the key for a symmetric algorithm, and use that symmetric algorithm and key for bulk data encryption/decryption instead.

IIRC, thats more or less the approach used for secure connections: use asymmetric cryptography to exchange a session key, and then use a symmetric algorightm with that key to encrypt all the traffic

1 Like

Yes, digital cinema (DCP) also works that way.
The payload is encrypted with a fast symmetric AES but the key is secured using the asymmetric RSA. That makes sharing the keys secure and the symmetric key is never exposed in clear text.

thanks for the replies guys - what does juce offer in the way of the fast symmetric encryption?

thx

Juce implements Blowfish as symmetric encryption, but I am not sure about fast.
TBH since encryption and security is not one of the core competence, I would tend to use 3rd party libraries.

I used libsodium and was quite happy with that. It is very advanced (at least at the time when I used it a few years ago). Symmetric encryption is here called “Secret key cryptography” as opposed to public key cryptography.

License is ISC.

2 Likes

I have no speed problems with Blowfish encryption in JUCE. I use typical RSA + Blowfish combination (as @yfede already described) for massive database client-server communication. It works really well and fast, I have no reports something is wrong.

2 Likes

thanks everyone.

I would advise against using the Blowfish implementation from Juce. It uses the MUCH weaker ECB mode instead of the CBC mode.

The difference can be seen here. Scroll down to the Tux image (the Linux penguin)

2 Likes

Very interesting. Should we understand that the ECB mode is kind of obsolete right now? I wonder how data will look like after coding a block of text instead of a picture…

With text it would probably be fine. But if you’ve any recognizable pattern in your data, that after encryption the same pattern would still be visible when using ECB. When using CBC then it doesn’t matter if you have recognizable patterns in there or not. After encryption is looks like noise.

it’s actually a zipped up xml file, so sounds like that would be ok from your description?

Yeah, when it’s zipped, it’s practically noise already.

1 Like