OpenSSL "rsautl -encrypt -raw" - Data Too Large Error

Q

Why am I getting the "data too large for key size" error with OpenSSL "rsautl -encrypt -raw" command? My input data is the same size as the RSA key and I am using no padding.

✍: FYIcenter.com

A

In most case, you should be able to use the OpenSSL "rsautl -encrypt -raw" command to encrypt input data of the same size as the RSA public key.

But sometimes, you will get the "data too large for key size" error, if the integer value represented by the input data is larger than the modulus value of the RSA public key.

For example, if the input data is a 128-byte of 0xFF, its integer value will be larger than the modulus value of any 128-byte (1024-bit) RSA public keys.

C:\Users\fyicenter>dir 128-byte-ff.txt
   128 128-byte-ff.txt

C:\Users\fyicenter>bin2hex 128-byte-ff.txt output.hex

C:\Users\fyicenter>type output.hex
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> pkey -pubin -in my_rsa_pub.key -text -noout
Public-Key: (1024 bit)
Modulus:
    00:a1:1e:80:d3:d1:a9:bc:80:27:00:b5:92:79:87:
    4e:62:42:3c:89:da:6e:a3:ea:93:5e:f1:7c:0b:db:
    39:ce:d2:ad:e8:dd:73:ec:65:e8:3e:ad:67:e1:bc:
    32:bd:5d:ef:d5:73:95:5c:db:e0:cd:26:c3:4a:6b:
    b8:13:e6:6a:8e:8c:d8:f7:22:95:22:d2:2a:3c:1f:
    d2:6e:43:18:ec:e8:df:36:79:b1:22:4f:ee:c8:3e:
    b1:f2:b3:80:f9:ab:ab:d6:7c:30:62:c2:e8:86:cf:
    38:e2:43:1c:0f:99:15:70:80:8d:22:e9:b8:57:d7:
    80:2e:29:8e:7c:e0:2f:9e:b7
Exponent: 65537 (0x10001)

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in 128-byte-ff.txt 
   -out cipher.txt -raw
RSA operation error
7000:error:04068084:rsa routines:RSA_EAY_PUBLIC_ENCRYPT:data too large for modulus
:.\crypto\rsa\rsa_eay.c:221:error in rsautl

The output tells us that:

The input data is 128-byte long, which is the same as the RSA public key.
The integer value of the input data is 0xffffffff...ffff", the largest integer that can stored in 128 bytes.
The modulus value of the RSA public key is 0xa11e80d3...9eb7", which is smaller than the integer value of the input data. Note that the first byte of 0x00 in the modulus output is not part of the modulus.
OpenSSL "rsautl -encrypt -raw" command returns the "data too large for modulus" error.

⇒ OpenSSL "rsautl" Using OAEP Padding

⇐ OpenSSL "rsautl -encrypt -raw" - No Padding

⇑ OpenSSL "rsautl" Command for RSA Keys

⇑⇑ OpenSSL Tutorials

2017-04-22, 6161🔥, 0💬

OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option
How to use RSA PKCS#1 v1.5 padding with OpenSSL "rsautl" command? I was told to encrypt a password using an RSA public key with PKCS#1 padding. OpenSSL "rsautl" uses PKCS#1 v1.5 padding as the default padding schema. But you can explicitly specify PKCS#1 v1.5 padding by using the "-pkcs" option as s... 2017-05-12, ≈12🔥, 0💬

OpenSSL "rsautl -encrypt -raw" - No Padding
Can I use OpenSSL "rsautl" command to encrypt data without any padding? Yes, you can encrypt data without any padding using the OpenSSL "rsautl -encrypt -raw" command. But you need to remember the following: No padding requires the input data to be the same size as the RSA key. No padding requires t... 2017-04-28, ≈10🔥, 0💬

OpenSSL "rsautl" Using PKCS#1 v1.5 Padding
What is the PKCS#1 v1.5 padding schema used in OpenSSL "rsautl" command? PKCS#1 v1.5 padding schema is a padding standard specified in RFC2313 "PKCS #1: RSA Encryption, Version 1.5" proposed by RSA Laboratories in 1998. PKCS#1 v1.5 padding schema is designed to pad input data to a full encryption bl... 2023-09-07, ∼9849🔥, 1💬

OpenSSL "rsautl -sign" - RSA Signature Generation
What is the purpose of the OpenSSL "rsautl -sign" command? Can I use it to sign a document? Yes, you can use OpenSSL "rsautl -sign" command to sign a document. But you need other OpenSSL commands to generate a digest from the document first as shown in the following test: C:\Users\fyicenter>d... 2017-04-04, ∼9140🔥, 0💬

OpenSSL "rsautl -encrypt -raw" - Data Too Large Error
Why am I getting the "data too large for key size" error with OpenSSL "rsautl -encrypt -raw" command? My input data is the same size as the RSA key and I am using no padding. In most case, you should be able to use the OpenSSL "rsautl -encrypt -raw" command to encrypt input data of the same size as ... 2017-04-22, ∼6162🔥, 0💬

OpenSSL "rsautl" - Decrypt Large File with RSA Key
How to decrypt a large file with an RSA private key using OpenSSL "rsautl" command? I received a large encrypted file from my friend who used the RSA-AES hybrid encryption process with my public key. If your friend encrypted a large file with the RSA-AES hybrid encryption process with your public ke... 2017-05-20, ∼5357🔥, 0💬

OpenSSL "rsautl" Using OAEP Padding
What is the OAEP padding schema used in OpenSSL "rsautl" command? OAEP (Optimal Asymmetric Encryption Padding), also called PKCS#1 2.0, is a padding standard specified in RFC3447 "PKCS #1: RSA Encryption, Version 1.5" proposed by RSA Laboratories in 1998. OAEP padding can be illustrated by the diagr... 2017-04-22, ∼5264🔥, 0💬

OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size
Whet is the PKCS#1 v1.5 padding size with OpenSSL "rsautl -encrypt" command? I want to know the largest size of data that I can encrypt with my RSA key. The minimum padding size of PKCS#1 v1.5 padding schema is 11 bytes which contains at least 8 bytes of random string. So if you are using the "-pkcs... 2017-04-28, ∼4781🔥, 0💬

OpenSSL Signing Documents with RSA Keys
What is the process of signing a document with RSA keys using OpenSSL commands? I was told to deliver a document with digital signature. Here are steps your need to follow to sign a document with your RSA private key using OpenSSL commands: 1. Get the document to be signed ready. 2. Generate a diges... 2017-04-04, ∼3059🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.