Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Give more descriptive error messages to encrypt() and decrypt() #423

Open
habics opened this issue Mar 26, 2024 · 1 comment
Open

Give more descriptive error messages to encrypt() and decrypt() #423

habics opened this issue Mar 26, 2024 · 1 comment

Comments

@habics
Copy link

habics commented Mar 26, 2024

For example when using a 2048 bits key and call decrypt() on a ciphertext that more than 256 bytes long, we get a generic error message that says Err value: Decryption a more appropriate message would also tell that the cipher text is too long for this key.

Thank you.

@tarcieri
Copy link
Member

The reason it's a bit scary to add different types of decryption errors is because the information sidechannel they introduce can potentially be leveraged by an attacker. Example: https://en.wikipedia.org/wiki/Padding_oracle_attack

A modulus size mismatch for the ciphertext is probably ok. We could potentially introduce a new e.g. CiphertextSize variant to Error which shouldn't leak any information useful to the attacker since the only property of the private key it relies on is the public modulus.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants