OpenSSL "rsautl -encrypt -raw" - No Padding

Q

Can I use OpenSSL "rsautl" command to encrypt data without any padding?

✍: FYIcenter.com

A

Yes, you can encrypt data without any padding using the OpenSSL "rsautl -encrypt -raw" command. But you need to remember the following:

  • No padding requires the input data to be the same size as the RSA key.
  • No padding requires the integer value represented by the input data must be smaller than the modulus of the RSA key.
  • No padding is considered as less secure.

Below are some examples of using "rsautl -encrypt -raw" command:

C:\Users\fyicenter>dir 12*.txt
   127 127-byte.txt
   128 128-byte.txt
   129 129-byte.txt

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> pkey -pubin -in my_rsa_pub.key -text -noout
Public-Key: (1024 bit)
Modulus:
    00:a1:1e:80:d3:d1:a9:bc:80:27:00:b5:92:79:87:
    4e:62:42:3c:89:da:6e:a3:ea:93:5e:f1:7c:0b:db:
    39:ce:d2:ad:e8:dd:73:ec:65:e8:3e:ad:67:e1:bc:
    32:bd:5d:ef:d5:73:95:5c:db:e0:cd:26:c3:4a:6b:
    b8:13:e6:6a:8e:8c:d8:f7:22:95:22:d2:2a:3c:1f:
    d2:6e:43:18:ec:e8:df:36:79:b1:22:4f:ee:c8:3e:
    b1:f2:b3:80:f9:ab:ab:d6:7c:30:62:c2:e8:86:cf:
    38:e2:43:1c:0f:99:15:70:80:8d:22:e9:b8:57:d7:
    80:2e:29:8e:7c:e0:2f:9e:b7
Exponent: 65537 (0x10001)

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 129-byte.txt 
   -out cipher.txt -raw
RSA operation error
4480:error:0406B06E:rsa routines:RSA_padding_add_none:data too large for key siz
e:.\crypto\rsa\rsa_none.c:69:
error in rsautl

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 127-byte.txt 
   -out cipher.txt -raw
RSA operation error
4480:error:0406B07A:rsa routines:RSA_padding_add_none:data too small for key siz
e:.\crypto\rsa\rsa_none.c:74:
error in rsautl

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 128-byte.txt 
   -out cipher.txt -raw

OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -raw -hexdump
0000 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0010 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0020 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0030 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0040 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0050 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0060 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef
0070 - 31 32 33 34 35 36 37 38-39 30 61 62 63 64 65 66   1234567890abcdef

Note that you will get the "data too large for key size" error if the input data has more bytes than the RSA key size

And you will get the "data too small for key size" error if the input data has less bytes than the RSA key size

 

OpenSSL "rsautl" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2017-04-28, 671👍, 0💬