RSA in practice

Question

I know how decryption and encryption in RSA works when I have a plaintext $m$ represented as an integer. But how will (in practice, not in theory) a text be converted into an integer? I guess there has to be a method that is used universally, or otherwise decryption would yield an integer and the receiver would not know the corresponding text?

Answer 1

In fact, in practice we do not encrypt arbitary messages using RSA. This is a misconception that's propagated in a lot of text books.

What usually happens is that we use AES or some other symmetric cipher (I'll call it) $E(K,m)$ to encrypt a message $m$ with a (long enough and random etc.) key $K$. We then actually send $E_{\text{RSA}}(K)$ together with $E(K,m)$. So the receiver than RSA-decrypts the key and then decrypts the message with that key $K$. This has several advantages:

• RSA is slow and this way we only do one encryption and one decryption per "session".
• We can re-use that key for a period to keep sending messages (as is done in online https sessions, or ssh-sessions etc.)
• Symmetric ciphers systems have support for long/short messages (so independent of the size of the modulus we use in RSA) and we can add authentication tags etc.

In short, more efficient and more secure. A lot of standards are based on this "hybrid" idea: RSA (or Diffie-Hellman) to get a key across safely, and symmetric encryption for actual data.

This reduces your question to "how do we send keys" in RSA? Well, typically RSA-moduli are about 2048 bits (256 bytes) and keys 32 bytes or 256 bits. So easily within range. It's a bit like the modulus is around 1000 and we only want to send numbers smaller than 40, say. So typically we randomise the 32 bytes key which is a 256 bit number (we're working with computers, so decimal representations aren't used, again a text book idea to get small numbers; don't be misled by this!) to a number of the size of the RSA modulus in a uniquely reconstructible way and then work in RSA with that encoded number from which the key of 32 bytes can be uniquely found back again.

Answer 2

So there is not a singular solution. You can implemente this on many ways. You can use ASCII, UNICODE, or maybe some other code that makes sense only to you (and reciver must use it, of cource), it doesn't metter. It is on you how to implement it! If you make some untrivial code, it can be more difficult to do decription and to intercept your data. You only need to transform letters to numbers (you can easy pair, for an example: (A - 1), (B - 2)... or do some method as I mentioned before). Then you need a formaula to do encryption.

The process by which this is done is that a message, for example “Hello World” is encoded as numbers (This could be encoding as ASCII or as a subset of characters {a=01,b=02,...,z=26}). This yields a string of numbers, generally referred to as "numerical plaintext". For example, “Hello World” encoded with a=1,...,z=26 by hundreds would yield 08051212152315181204.

More of this you can find in this article. Hope it helps!