Collections:
Other Resources:
OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size
Whet is the PKCS#1 v1.5 padding size with OpenSSL "rsautl -encrypt" command? I want to know the largest size of data that I can encrypt with my RSA key.
✍: FYIcenter.com
The minimum padding size of PKCS#1 v1.5 padding schema is 11 bytes which contains at least 8 bytes of random string.
So if you are using the "-pkcs" padding option, which is also the default padding option, with the "rsautl -encrypt" command, the input data size is limited to RSA key size minus 11 bytes. The table below lists maximum input data sizes for different RSA key size:
RSA key size Encryption data size 32 bits Not supported 64 bits Not supported 128 bits 5 bytes 256 bits 21 bytes 512 bits 53 bytes 1024 bits 117 bytes 2048 bits 245 bytes 4096 bits 501 bytes ...
You can verify this limitation the test below:
C:\Users\fyicenter>dir 11*.txt 117 117-byte.txt 118 118-byte.txt C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> pkey -pubin -in my_rsa_pub.key -text -noout Public-Key: (1024 bit) ... OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 118-byte.txt -out cipher.txt -pkcs RSA operation error 4480:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:.\crypto\rsa\rsa_pk1.c:153: error in rsautl OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 117-byte.txt -out cipher.txt -pkcs OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -raw -hexdump 0000 - 00 02 ae 23 28 64 94 e9-7c dd 00 31 32 33 34 35 ...#(d..|..12345 0010 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0020 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0030 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0040 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0050 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0060 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0070 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345
⇒ OpenSSL "rsautl -encrypt -raw" - No Padding
⇐ OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option
2017-04-28, 4487🔥, 0💬
Popular Posts:
Renewing a certificate with a new key allows you to continue using an existing certificate and its a...
How to find the Java Keytool on my Windows system? I think I have Java installed. Keytool is nice fr...
How to specify those intermediate CA certificates that form the signing chain for the server certifi...
Certificate Summary: Subject: www.amazon.co.jp Issuer: VeriSign Class 3 Secure Server CA - G3 Expira...
Certificate summary - Owner: EMAILADDRESS=eDell_Produ ction_Management@dell.co m,www.dell.com, IT, De...