> From: owner-openssl-us...@openssl.org On Behalf Of Chuck Pareto > Sent: Thursday, 27 May, 2010 16:20
> I'm still unsure as to the max length string I can use to > encrypt. I'm > using the rsacrypto class in .net to encrypt. > I know I can't pass in a string that's 256 bytes long or greater > because there us an exception that gets thrown. But as I work my way > back in length I still get exceptions with string lengths > smaller than > 256. > > On May 26, 2010, at 4:56 PM, "David Schwartz" <dav...@webmaster.com> > wrote: > > > > > Chuck Pareto wrote: > > > >> if my public key is 256 bytes long, what is the max length > >> of the string I can use to encrypt? Is it 256? > > <snip> As I said in a previous message: Note: directly encrypting data (strings or other) with RSA is limited to somewhat less than the "key size" (more exactly, the modulus size). For a typical 1024-bit modulus this is about 100 bytes or maybe less. Expanding on this: The exact amount subtracted from the raw key size depends on the overhead or 'padding' added by the encryption scheme. The two common schemes for RSA encryption are PKCS1 and OAEP (this terminology is historical and now inaccurate, because PKCS1 version 2 actually includes OAEP too, but that's what everyone understands; pedants say PKCS1v1.5). If you don't specify otherwise, you're likely using PKCS1, which is/was the historical 'least common denominator', and takes 11 bytes*. As I and David Schwartz noted, directly encrypting data with RSA (and decrypting) is not usual practice, because most people have found that these random-looking limits on data size are unacceptable. I have no idea what your programming experience is, but in 30+ years I have found that whenever people promise solemnly on a stack of Bibles "we will never need more than X data", they ALMOST ALWAYS DO. * Technically octets because technically bytes aren't always 8 bits, but for most people and all mainstream app systems today they are. Definitely for any Windows, and I presume other dotnet i.e. mono. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
