Ruby/Rails OpenSSL::PKey::RSAError:数据大于 mod len
我想当我从 MySQL 切换到 PostgreSQL 时我开始收到此错误。 我编写了代码来加密解密包含敏感数据的模型属性,并且让它一直工作到数据库切换为止。
我有以下代码:
@pbk = OpenSSL::PKey::RSA.new File.read("#{RAILS_ROOT}/cert/pb_sandwich.pem")
@pvk = OpenSSL::PKey::RSA.new File.read("#{RAILS_ROOT}/cert/tuna_salad.pem"), 'pass45*'
model.sendata = Base64.encode64 @pbk.public_encrypt(model.sendata)
我在保存时运行该代码。我还尝试过使用 Base64 和不使用 Base64。
然后,当我尝试阅读:
@pvk.private_decrypt Base64.decode64(model.sendata)
我收到此错误:
OpenSSL::PKey::RSAError: data greater than mod len
当我使用 MySQL 时,我以前从未遇到过该错误。我不太记得 MySQL 中sendata 列的数据类型,但在我当前的 PostgreSQL 设置中,该列的数据类型是 bytea,
我假设这就是问题所在,因为它曾经在 MySQL 中正常工作。如果我想跳过 Base64 编码/解码的额外步骤,该列应该是什么数据类型?如果这就是问题所在。
另一件值得注意的事情是,我尝试生成 mod 长度的私钥:2048、4096 和 5120,但我总是得到相同的错误。此外,sendata 字段在编码前并不长,不到 40 个字符。
我现在很困惑,有什么想法吗?
I think I started getting this error when I switched from MySQL to PostgreSQL.
I had written code to encrypt decrypt model attributes containing sensitive data and I had it working until the db switch.
I have the following code:
@pbk = OpenSSL::PKey::RSA.new File.read("#{RAILS_ROOT}/cert/pb_sandwich.pem")
@pvk = OpenSSL::PKey::RSA.new File.read("#{RAILS_ROOT}/cert/tuna_salad.pem"), 'pass45*'
model.sendata = Base64.encode64 @pbk.public_encrypt(model.sendata)
I run that code on save. I've also tried with and with out first using Base64.
Then when I try to read:
@pvk.private_decrypt Base64.decode64(model.sendata)
I get this error:
OpenSSL::PKey::RSAError: data greater than mod len
I never got that before when I used MySQL. I can't really remember what datatype the sendata column was in MySQL but in my current PostgreSQL setup that column is datatype bytea
I'm assuming that is the problem since it used to work fine with MySQL. What datatype should the column be if I wanted to skip having to do that extra step to Base64 encode/decode? If that is the problem that is.
Another thing of note is that I've tried generating the private key with mod lengths: 2048, 4096, and 5120 and I always get the same error. Also, the sendata field isn't very long before encoding, it's under 40 chars.
I'm stumped right now, any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可能没有将密钥正确存储在数据库中。可能有一些字段被截断。
您收到的消息可能意味着数据太长,无法使用如此小的密钥进行加密。如果是这种情况,您应该使用 AES 加密数据并使用 RSA 加密 AES 密钥。然后发送加密数据和加密密钥。
You are probably not storing the keys properly in the Database. There's probably some field that is being truncated.
The message you are getting probably means that the data is too long to be encrypted with such a small key. If this is the case, you should encrypt the data with AES and encrypt the AES key with RSA. Then send both the encryted data and the encrypted key.