Google Cloud KMS:通过非对称 public 密钥加密的明文大小限制
Google Cloud KMS: plaintext size limitations to encrypt by asymmetric public key
您好Google Cloud KMS 团队,是否有任何Google Cloud KMS 明文大小限制 可以通过密钥类型为 非对称加密 和对称密钥?
因为我们想 encrypt/decrypt 前端(浏览器)和后端(REST 微服务)之间的 REST 流,并且想使用 非对称 方法(不是混合):
生成前端密钥对数据加密 Public/Private 密钥(使用 javascript 库)- 数据加密 Public 密钥未被 KEK 加密
生成后端密钥对数据加密 Public/Private 密钥(使用带有 Google KMS 的路障)- 数据加密 Public 密钥未被 KEK 加密
在前端和后端之间交换数据加密 Public 密钥,以便能够加密从前端到后端的请求以及从后端到前端的响应
我们想在某些调用会话期间(在浏览器中)存储前端生成的非对称 public/private 密钥,后端非对称 public/private 密钥将由 google KMS
那么,对于非对称密钥,按密钥类型加密是否有任何 Google Cloud KMS 明文大小限制?
除了讨论什么是最适合您的协议设计之外,回答具体问题:RSA 解密的最大负载大小取决于密钥大小和填充算法。当前支持的所有 RSA 加密格式都使用 OAEP,在 RFC 2437 中标准化。您会在那里看到消息是:
an octet string of length at most k-2-2hLen, where k is the length in
octets of the modulus n and hLen is the length in octets of the hash
function output for EME-OAEP
因此这导致以下 m 的最大长度:
RSA_DECRYPT_OAEP_2048_SHA256: k = 256; hLen = 32; maxMLen = 190
RSA_DECRYPT_OAEP_3072_SHA256: k = 384; hLen = 32; maxMLen = 318
RSA_DECRYPT_OAEP_4096_SHA256: k = 512; hLen = 32; maxMLen = 446
RSA_DECRYPT_OAEP_4096_SHA512: k = 512; hLen = 64; maxMLen = 382
如果您尝试加密大于此限制的消息,您的客户端将因无法加密而失败,因此毫无疑问 KMS 将如何处理太长的消息。
这是我的测试,用于验证 Cloud KMS 是否可以将消息解密为 2048 位 RSA 密钥的完整长度:
# create an rsa2048-256 encryption key
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keyrings create --location global so-60686427
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys create rsa-2048-256 --keyring so-60686427 --location global --purpose asymmetric-encryption --default-algorithm rsa-decrypt-oaep-2048-sha256
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys versions list --key rsa-2048-256 --keyring so-60686427 --location global
NAME STATE
projects/kms-test-1367/locations/global/keyRings/so-60686427/cryptoKeys/rsa-2048-256/cryptoKeyVersions/1 ENABLED
# get the public key
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys versions get-public-key 1 --key rsa-2048-256 --keyring so-60686427 --location global > /tmp/rsa-2048-256.pub
tdierks@cloudshell:~ (kms-test-1367)$ cat /tmp/rsa-2048-256.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvN5iBbV7daXKocL0CuB
bM+gaPMEigS6N8Jl9g7AY7ocrvNDONBa5JZzJTuMkNqgq21PZ1CUBD76jJlUOBgY
Nmj+sMNKw1c+slx47fvyK2uVMcmEEAfCcnUt2fK86v7v8UddbH/BNK+SobarkOQC
1kM74qdhKSvFFz+F9kAzrby4VjCxfWsDYCeFhS9Jrkxl6l/Z2WANy34y9ztbgJdi
eSugA7b/VfrlsxYz7xu498UWDbVbOPKs7UGB14icK4SVoF0irk7dWxNvAQD21mJU
YPAFmJ/MTQ+v3l+uEOrdicb9FcM6WNmyTwkN6DYcuD7eJYVwwz1sU8Y631swbjlS
wQIDAQAB
-----END PUBLIC KEY-----
# test it by encrypting a test message and decrypting it
tdierks@cloudshell:~ (kms-test-1367)$ echo "squeamish ossifrage" | openssl pkeyutl -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256.enc
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms asymmetric-decrypt --location global --keyring so-60686427 --key rsa-2048-256 --version 1 --ciphertext-file /tmp/rsa-2048-256.enc --plaintext-file /dev/stdout
squeamish ossifrage
# generate a 190 byte message, encrypt it, and decrypt it, verify by comparing md5sum
tdierks@cloudshell:~ (kms-test-1367)$ dd ibs=190 count=1 < /dev/urandom > /tmp/message-190
1+0 records in
0+1 records out
190 bytes copied, 0.0002066 s, 920 kB/s
tdierks@cloudshell:~ (kms-test-1367)$ ls -l /tmp/message-190
-rw-r--r-- 1 tdierks tdierks 190 Mar 15 14:54 /tmp/message-190
tdierks@cloudshell:~ (kms-test-1367)$ openssl pkeyutl -in /tmp/message-190 -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256-m190.enc
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms asymmetric-decrypt --location global --keyring so-60686427 --key rsa-2048-256 --version 1 --ciphertext-file /tmp/rsa-2048-256-m190.enc --plaintext-file /dev/stdout | md5sum
4932e23fb11c094c1dd703ba34afc565 -
tdierks@cloudshell:~ (kms-test-1367)$ md5sum /tmp/message-190
4932e23fb11c094c1dd703ba34afc565 /tmp/message-190
# try again with 191 bytes
tdierks@cloudshell:~ (kms-test-1367)$ dd ibs=191 count=1 < /dev/urandom > /tmp/message-191
1+0 records in
0+1 records out
191 bytes copied, 7.2545e-05 s, 2.6 MB/s
tdierks@cloudshell:~ (kms-test-1367)$ ls -l /tmp/message-191
-rw-r--r-- 1 tdierks tdierks 191 Mar 15 14:59 /tmp/message-191
tdierks@cloudshell:~ (kms-test-1367)$ openssl pkeyutl -in /tmp/message-191 -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256-m191.enc
Public Key operation error
140191432818944:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=/home/tdierks/.rnd
140191432818944:error:0409A06E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1:data too large for key size:../crypto/rsa/rsa_oaep.c:62:
如您所见,OpenSSL 未能加密 191 字节的输入文件。
您好Google Cloud KMS 团队,是否有任何Google Cloud KMS 明文大小限制 可以通过密钥类型为 非对称加密 和对称密钥?
因为我们想 encrypt/decrypt 前端(浏览器)和后端(REST 微服务)之间的 REST 流,并且想使用 非对称 方法(不是混合):
生成前端密钥对数据加密 Public/Private 密钥(使用 javascript 库)- 数据加密 Public 密钥未被 KEK 加密
生成后端密钥对数据加密 Public/Private 密钥(使用带有 Google KMS 的路障)- 数据加密 Public 密钥未被 KEK 加密
在前端和后端之间交换数据加密 Public 密钥,以便能够加密从前端到后端的请求以及从后端到前端的响应
我们想在某些调用会话期间(在浏览器中)存储前端生成的非对称 public/private 密钥,后端非对称 public/private 密钥将由 google KMS
那么,对于非对称密钥,按密钥类型加密是否有任何 Google Cloud KMS 明文大小限制?
除了讨论什么是最适合您的协议设计之外,回答具体问题:RSA 解密的最大负载大小取决于密钥大小和填充算法。当前支持的所有 RSA 加密格式都使用 OAEP,在 RFC 2437 中标准化。您会在那里看到消息是:
an octet string of length at most k-2-2hLen, where k is the length in octets of the modulus n and hLen is the length in octets of the hash function output for EME-OAEP
因此这导致以下 m 的最大长度:
RSA_DECRYPT_OAEP_2048_SHA256: k = 256; hLen = 32; maxMLen = 190
RSA_DECRYPT_OAEP_3072_SHA256: k = 384; hLen = 32; maxMLen = 318
RSA_DECRYPT_OAEP_4096_SHA256: k = 512; hLen = 32; maxMLen = 446
RSA_DECRYPT_OAEP_4096_SHA512: k = 512; hLen = 64; maxMLen = 382
如果您尝试加密大于此限制的消息,您的客户端将因无法加密而失败,因此毫无疑问 KMS 将如何处理太长的消息。
这是我的测试,用于验证 Cloud KMS 是否可以将消息解密为 2048 位 RSA 密钥的完整长度:
# create an rsa2048-256 encryption key
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keyrings create --location global so-60686427
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys create rsa-2048-256 --keyring so-60686427 --location global --purpose asymmetric-encryption --default-algorithm rsa-decrypt-oaep-2048-sha256
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys versions list --key rsa-2048-256 --keyring so-60686427 --location global
NAME STATE
projects/kms-test-1367/locations/global/keyRings/so-60686427/cryptoKeys/rsa-2048-256/cryptoKeyVersions/1 ENABLED
# get the public key
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys versions get-public-key 1 --key rsa-2048-256 --keyring so-60686427 --location global > /tmp/rsa-2048-256.pub
tdierks@cloudshell:~ (kms-test-1367)$ cat /tmp/rsa-2048-256.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvN5iBbV7daXKocL0CuB
bM+gaPMEigS6N8Jl9g7AY7ocrvNDONBa5JZzJTuMkNqgq21PZ1CUBD76jJlUOBgY
Nmj+sMNKw1c+slx47fvyK2uVMcmEEAfCcnUt2fK86v7v8UddbH/BNK+SobarkOQC
1kM74qdhKSvFFz+F9kAzrby4VjCxfWsDYCeFhS9Jrkxl6l/Z2WANy34y9ztbgJdi
eSugA7b/VfrlsxYz7xu498UWDbVbOPKs7UGB14icK4SVoF0irk7dWxNvAQD21mJU
YPAFmJ/MTQ+v3l+uEOrdicb9FcM6WNmyTwkN6DYcuD7eJYVwwz1sU8Y631swbjlS
wQIDAQAB
-----END PUBLIC KEY-----
# test it by encrypting a test message and decrypting it
tdierks@cloudshell:~ (kms-test-1367)$ echo "squeamish ossifrage" | openssl pkeyutl -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256.enc
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms asymmetric-decrypt --location global --keyring so-60686427 --key rsa-2048-256 --version 1 --ciphertext-file /tmp/rsa-2048-256.enc --plaintext-file /dev/stdout
squeamish ossifrage
# generate a 190 byte message, encrypt it, and decrypt it, verify by comparing md5sum
tdierks@cloudshell:~ (kms-test-1367)$ dd ibs=190 count=1 < /dev/urandom > /tmp/message-190
1+0 records in
0+1 records out
190 bytes copied, 0.0002066 s, 920 kB/s
tdierks@cloudshell:~ (kms-test-1367)$ ls -l /tmp/message-190
-rw-r--r-- 1 tdierks tdierks 190 Mar 15 14:54 /tmp/message-190
tdierks@cloudshell:~ (kms-test-1367)$ openssl pkeyutl -in /tmp/message-190 -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256-m190.enc
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms asymmetric-decrypt --location global --keyring so-60686427 --key rsa-2048-256 --version 1 --ciphertext-file /tmp/rsa-2048-256-m190.enc --plaintext-file /dev/stdout | md5sum
4932e23fb11c094c1dd703ba34afc565 -
tdierks@cloudshell:~ (kms-test-1367)$ md5sum /tmp/message-190
4932e23fb11c094c1dd703ba34afc565 /tmp/message-190
# try again with 191 bytes
tdierks@cloudshell:~ (kms-test-1367)$ dd ibs=191 count=1 < /dev/urandom > /tmp/message-191
1+0 records in
0+1 records out
191 bytes copied, 7.2545e-05 s, 2.6 MB/s
tdierks@cloudshell:~ (kms-test-1367)$ ls -l /tmp/message-191
-rw-r--r-- 1 tdierks tdierks 191 Mar 15 14:59 /tmp/message-191
tdierks@cloudshell:~ (kms-test-1367)$ openssl pkeyutl -in /tmp/message-191 -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256-m191.enc
Public Key operation error
140191432818944:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=/home/tdierks/.rnd
140191432818944:error:0409A06E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1:data too large for key size:../crypto/rsa/rsa_oaep.c:62:
如您所见,OpenSSL 未能加密 191 字节的输入文件。