Collections:
Other Resources:
OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size
Whet is the PKCS#1 v1.5 padding size with OpenSSL "rsautl -encrypt" command? I want to know the largest size of data that I can encrypt with my RSA key.
✍: FYIcenter.com
The minimum padding size of PKCS#1 v1.5 padding schema is 11 bytes
which contains at least 8 bytes of random string.
So if you are using the "-pkcs" padding option, which is also the default padding option, with the "rsautl -encrypt" command, the input data size is limited to RSA key size minus 11 bytes. The table below lists maximum input data sizes for different RSA key size:
RSA key size Encryption data size 32 bits Not supported 64 bits Not supported 128 bits 5 bytes 256 bits 21 bytes 512 bits 53 bytes 1024 bits 117 bytes 2048 bits 245 bytes 4096 bits 501 bytes ...
You can verify this limitation the test below:
C:\Users\fyicenter>dir 11*.txt 117 117-byte.txt 118 118-byte.txt C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> pkey -pubin -in my_rsa_pub.key -text -noout Public-Key: (1024 bit) ... OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 118-byte.txt -out cipher.txt -pkcs RSA operation error 4480:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:.\crypto\rsa\rsa_pk1.c:153: error in rsautl OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 117-byte.txt -out cipher.txt -pkcs OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -raw -hexdump 0000 - 00 02 ae 23 28 64 94 e9-7c dd 00 31 32 33 34 35 ...#(d..|..12345 0010 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0020 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0030 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0040 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0050 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0060 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345 0070 - 36 37 38 39 30 61 62 63-64 65 66 31 32 33 34 35 67890abcdef12345
⇒ OpenSSL "rsautl -encrypt -raw" - No Padding
⇐ OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option
2017-04-28, 4787🔥, 0💬
Popular Posts:
How to import a CA (Certificate Authority) reply into a keystore key pair entry with Portecle? To im...
How many different types of certificates are on my Android device? Like any other computer systems, ...
How to start the "Certificate Manager" inside Mozilla Firefox 47? I heard that it can be used to man...
Certificate summary - Owner: *.answers.com, Answers Corporation, L=New York, ST=New York, US Issuer:...
Where to find tutorials on using OpenSSL "s_client" command? Here is a collection of tutorials on us...