[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stealth PGP



There are actually several clever ways that you can get around the
problem with the RSA encrypted data being less than the modulus.  The
simplest is to encrypt it more than once.
Suppose you have a modulus m of legnth n.  You then create a block of
data to encrypt, b, of legnth n. If b is less than m, encrypt it with
RSA.  If not, don't encrypt it.  Then take 2^n-b-1 (which, btw, is the
same as xoring b with all one-bits).  If that result is less than m,
encrypt it with RSA.  Since m is greater than half of 2^n (it must be,
otherwise it would be less than legnth n), all possible plaintexts will
be encrypted at least once with RSA, some twice.  This does leave a
somewhat uneven distribution of values when comparing plaintext and
ciphertext (which can be minimized by more encryptions), but that only
shows up when and if the message is decrypted; as long as you use random
padding properly before encrypting, the encrypted data will look
completely random.

My ideal "Stealth-PGP" would work something like this: Take a file,
encrypt it with a random session key, prepend the session key to the
file, encrypt the first n bytes (which include the session key and part
of the encrypted data) with RSA if it's less than m, XOR it (reverse all
bits), and then encrypt with RSA if that's less than m.

Actually, putting the data inside the RSA might not be a good idea, it
would not work well for small files unless you added a legnth byte. 
Maybe the RSA part could just be filled with random padding...