OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size

Q

Whet is the PKCS#1 v1.5 padding size with OpenSSL "rsautl -encrypt" command? I want to know the largest size of data that I can encrypt with my RSA key.

✍: FYIcenter.com

A

The minimum padding size of PKCS#1 v1.5 padding schema is 11 bytes which contains at least 8 bytes of random string.

So if you are using the "-pkcs" padding option, which is also the default padding option, with the "rsautl -encrypt" command, the input data size is limited to RSA key size minus 11 bytes. The table below lists maximum input data sizes for different RSA key size:

RSA key size   Encryption data size

  32 bits      Not supported
  64 bits      Not supported
 128 bits        5 bytes
 256 bits       21 bytes
 512 bits       53 bytes
1024 bits      117 bytes
2048 bits      245 bytes
4096 bits      501 bytes
...

You can verify this limitation the test below:

C:\Users\fyicenter>dir 11*.txt
   117 117-byte.txt
   118 118-byte.txt

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> pkey -pubin -in my_rsa_pub.key -text -noout
Public-Key: (1024 bit)
...

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 118-byte.txt 
   -out cipher.txt -pkcs
RSA operation error
4480:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for
 key size:.\crypto\rsa\rsa_pk1.c:153:
error in rsautl

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 117-byte.txt 
   -out cipher.txt -pkcs

OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -raw -hexdump
0000 - 00 02 ae 23 28 64 94 e9-7c dd 00 31 32 33 34 35   ...#(d..|..12345
0010 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345
0020 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345
0030 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345
0040 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345
0050 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345
0060 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345
0070 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35   67890abcdef12345

 

OpenSSL "rsautl -encrypt -raw" - No Padding

OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option

OpenSSL "rsautl" Command for RSA Keys

⇑⇑ OpenSSL Tutorials

2017-04-28, 3963👍, 0💬