Asymmetric encryption of transaction log file: is RSA the correct algorithm

Joseph Larson

1/23/24, 6:10 PM

I want to produce a transaction log that is encrypted while being produced. I'd prefer asymmetric encryption. It is possible that my program will terminate without writing any closing blocks, so my output can't depend upon being able to write any end-of-file blocks the encryption scheme may require.

I can open new transaction logs as needed and do not require the ability to append to a previous one.

I believe I can do this by storing the public key on the server (and hiding the private key), choosing the proper algorithm, and using a stream encryption writer in my output.

Later, when viewing the transaction log, I can just do everything in reverse. And in this way, my transaction logs are always stored encrypted at rest.

Is RSA the correct algorithm? If not, what should I use instead?

Coding is in C++. I presume I can do what I need to do with crypto++.

174

2 + 1

Maarten Bodewes

1/24/24, 8:18 PM

Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/142308/discussion-on-question-by-joseph-larson-asymmetric-encryption-of-transaction-log).

Score:3

Crypto

Swashbuckler

1/23/24, 6:29 PM

You probably want to use hybrid encryption, i.e. a combination of public key and symmetric encryption. Public key encryption is very limited in the amount of data that can be encrypted. For example, with RSA the amount of data that can be encrypted is somewhat less than the key size, so with a 2048 bit RSA key you're going to be able to encrypt somewhere around 230-240 bytes. I'm guessing your transaction log is longer than that.

With hybrid encryption (used in things like PGP, S/MIME, etc.) you generate a random symmetric key and encrypt your "big" data with that. You then encrypt the symmetric key along with identity other information using the public key. The private key can then be used to decrypt that header which includes the symmetric key and that key can then be used to decrypt the "big" data.

+ 0

Score:2

Crypto

Amit

1/23/24, 6:31 PM

It's understandable that you want to use public key encryption to separate the encrypting key from the decrypting one, but that doesn't mean you can't utilize symmetric encryption.

Probably your best option is to use something like a stream cipher (such as AES-256 in CTR mode or any other suitable algorithm you prefer) which is capable of encrypting each bit independently, but then make sure that the symmetric encryption key is protected via the public (say RSA) key.

Then, when you want to retrieve the logs and decrypt them on the machine that contains the private key, first you decrypt the symmetric key, and then use it to decrypt the logs.

Apart from that, note that in general encrypting a massive amount of information via public key encryption is undesirable due to performance and in most cases also security reasons.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Asymmetric encryption of transaction log file: is RSA the correct algorithm

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.