Google Cloud KMS:纯文本大小限制,可通过非对称公钥加密

时间:2020-03-14 19:14:05

标签: google-cloud-kms

Google Cloud KMS团队您好,是否有要按非对称和对称密钥的密钥类型进行加密的Google Cloud KMS 明文大小限制

因为我们想对前端(浏览器)和后端(REST微服务)之间的REST流进行加密/解密,并希望使用非对称方法(非混合):

  1. 生成前端密钥对数据加密公钥/私钥(使用javascript库)-数据加密公钥未由KEK加密

  2. 生成后端密钥对数据加密公钥/私钥(在Google KMS中使用路障)-数据加密公钥未由KEK加密

  3. 交换数据加密前端和后端之间的公钥,以便能够从前端向后端请求和从后端向后端返回响应

我们想在某些通话期间(在浏览器中)存储前端生成的非对称公钥/私钥,而Google KMS将生成后端非对称公钥/私钥

那么,是否有针对非对称密钥的密钥类型进行加密的Google Cloud KMS纯文本大小限制?

1 个答案:

答案 0 :(得分:3)

除了讨论最适合您的协议设计之外,还要回答以下特定问题:RSA解密的最大有效负载大小取决于密钥大小和填充算法。当前支持的所有RSA加密格式均使用RFC 2437中标准化的OAEP。您将在此处看到消息是:

一个八位字节串,其长度最多为k-2-2hLen,其中k为 模数n和hLen的八位位组是哈希的八位位组长度 EME-OAEP的功能输出

因此这导致m的以下最大长度:

RSA_DECRYPT_OAEP_2048_SHA256:k = 256; hLen = 32; maxMLen = 190
RSA_DECRYPT_OAEP_3072_SHA256:k = 384; hLen = 32; maxMLen = 318
RSA_DECRYPT_OAEP_4096_SHA256:k = 512; hLen = 32; maxMLen = 446
RSA_DECRYPT_OAEP_4096_SHA512:k = 512; hLen = 64; maxMLen = 382

如果您尝试对大于此限制的消息进行加密,则客户端将无法加密,因此将失败,因此对于过长的消息,KMS将会做什么。

这是我的测试,用于验证Cloud KMS是否可以将消息解密为2048位RSA密钥的全长:

# create an rsa2048-256 encryption key

tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keyrings create --location global so-60686427
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys create rsa-2048-256 --keyring so-60686427 --location global --purpose asymmetric-encryption --default-algorithm rsa-decrypt-oaep-2048-sha256
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys versions list --key rsa-2048-256 --keyring so-60686427 --location global
NAME                                                                                                      STATE
projects/kms-test-1367/locations/global/keyRings/so-60686427/cryptoKeys/rsa-2048-256/cryptoKeyVersions/1  ENABLED

# get the public key

tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms keys versions get-public-key 1 --key rsa-2048-256 --keyring so-60686427 --location global > /tmp/rsa-2048-256.pub
tdierks@cloudshell:~ (kms-test-1367)$ cat /tmp/rsa-2048-256.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvN5iBbV7daXKocL0CuB
bM+gaPMEigS6N8Jl9g7AY7ocrvNDONBa5JZzJTuMkNqgq21PZ1CUBD76jJlUOBgY
Nmj+sMNKw1c+slx47fvyK2uVMcmEEAfCcnUt2fK86v7v8UddbH/BNK+SobarkOQC
1kM74qdhKSvFFz+F9kAzrby4VjCxfWsDYCeFhS9Jrkxl6l/Z2WANy34y9ztbgJdi
eSugA7b/VfrlsxYz7xu498UWDbVbOPKs7UGB14icK4SVoF0irk7dWxNvAQD21mJU
YPAFmJ/MTQ+v3l+uEOrdicb9FcM6WNmyTwkN6DYcuD7eJYVwwz1sU8Y631swbjlS
wQIDAQAB
-----END PUBLIC KEY-----

# test it by encrypting a test message and decrypting it

tdierks@cloudshell:~ (kms-test-1367)$ echo "squeamish ossifrage" | openssl pkeyutl -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256.enc
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms asymmetric-decrypt --location global --keyring so-60686427 --key rsa-2048-256 --version 1 --ciphertext-file /tmp/rsa-2048-256.enc --plaintext-file /dev/stdout
squeamish ossifrage

# generate a 190 byte message, encrypt it, and decrypt it, verify by comparing md5sum

tdierks@cloudshell:~ (kms-test-1367)$ dd ibs=190 count=1 < /dev/urandom > /tmp/message-190
1+0 records in
0+1 records out
190 bytes copied, 0.0002066 s, 920 kB/s
tdierks@cloudshell:~ (kms-test-1367)$ ls -l /tmp/message-190
-rw-r--r-- 1 tdierks tdierks 190 Mar 15 14:54 /tmp/message-190
tdierks@cloudshell:~ (kms-test-1367)$ openssl pkeyutl -in /tmp/message-190 -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256-m190.enc
tdierks@cloudshell:~ (kms-test-1367)$ gcloud kms asymmetric-decrypt --location global --keyring so-60686427 --key rsa-2048-256 --version 1 --ciphertext-file /tmp/rsa-2048-256-m190.enc --plaintext-file /dev/stdout | md5sum
4932e23fb11c094c1dd703ba34afc565  -
tdierks@cloudshell:~ (kms-test-1367)$ md5sum /tmp/message-190
4932e23fb11c094c1dd703ba34afc565  /tmp/message-190

# try again with 191 bytes

tdierks@cloudshell:~ (kms-test-1367)$ dd ibs=191 count=1 < /dev/urandom > /tmp/message-191
1+0 records in
0+1 records out
191 bytes copied, 7.2545e-05 s, 2.6 MB/s
tdierks@cloudshell:~ (kms-test-1367)$ ls -l /tmp/message-191
-rw-r--r-- 1 tdierks tdierks 191 Mar 15 14:59 /tmp/message-191
tdierks@cloudshell:~ (kms-test-1367)$ openssl pkeyutl -in /tmp/message-191 -encrypt -pubin -inkey /tmp/rsa-2048-256.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 > /tmp/rsa-2048-256-m191.enc
Public Key operation error
140191432818944:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=/home/tdierks/.rnd
140191432818944:error:0409A06E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1:data too large for key size:../crypto/rsa/rsa_oaep.c:62:

如您所见,OpenSSL未能加密191字节的输入文件。

相关问题
最新问题