What is the maximum data size for encrypting with rsautl command?
Hello. I tried to encrypt a file(1Mb), with RSA private key of 4096-bit length with command: openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 2.txt -out 2.srsa I get next error: Loading 'screen' into random state - done RSA operation error 5616:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:.\crypto\rsa\rsa_pk1.c:151: __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: What is the maximum data size for encrypting with rsautl command?
Roughly keysize - paddingsize is the limit. keysize in your case is 512 bytes and padding size for OAEP padding (the common standard) is ~41, so the limit is about 471 bytes. Usually when encrypting a file, you use a symmetric cipher with a randomly chosen key, and then encrypt the key with RSA and prepend that to the encrypted file. -chris On 06/27/2011 09:00 AM, ml.vladimbe...@gmail.com wrote: Hello. I tried to encrypt a file(1Mb), with RSA private key of 4096-bit length with command: openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 2.txt -out 2.srsa I get next error: Loading 'screen' into random state - done RSA operation error 5616:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:.\crypto\rsa\rsa_pk1.c:151: __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: What is the maximum data size for encrypting with rsautl command?
Thanks for answer, Chris. I understand that slow RSA algorithm is not used to encrypt large amounts of data, instead of it symmetric algorithms are used. But is it the limit of RSA-algorithm or only OpenSSL library's limit? From: Chris Dodd Sent: Monday, June 27, 2011 8:36 PM Roughly keysize - paddingsize is the limit. keysize in your case is 512 bytes and padding size for OAEP padding (the common standard) is ~41, so the limit is about 471 bytes. Usually when encrypting a file, you use a symmetric cipher with a randomly chosen key, and then encrypt the key with RSA and prepend that to the encrypted file. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: What is the maximum data size for encrypting with rsautl command?
On Mon June 27 2011, Vladimir Belov wrote: Thanks for answer, Chris. I understand that slow RSA algorithm is not used to encrypt large amounts of data, instead of it symmetric algorithms are used. But is it the limit of RSA-algorithm or only OpenSSL library's limit? The size of the RSA key (length) you choose to use. Mike From: Chris Dodd Sent: Monday, June 27, 2011 8:36 PM Roughly keysize - paddingsize is the limit. keysize in your case is 512 bytes and padding size for OAEP padding (the common standard) is ~41, so the limit is about 471 bytes. Usually when encrypting a file, you use a symmetric cipher with a randomly chosen key, and then encrypt the key with RSA and prepend that to the encrypted file. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: What is the maximum data size for encrypting with rsautl command?
From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick Sent: Monday, 27 June, 2011 13:07 On Mon June 27 2011, Vladimir Belov wrote: I understand that slow RSA algorithm is not used to encrypt large amounts of data, instead of it symmetric algorithms are used. But is it the limit of RSA-algorithm or only OpenSSL library's limit? The size of the RSA key (length) you choose to use. The size of the key, which must be supported by both your encrypter and decrypter. OpenSSL currently imposes a limit of 16K bits, and in my experience anything much over 4K bits becomes unusably slow on available hardware. I think OpenSSL could be easily tweaked to allow more if you want to wait long enough, since the underlying bignum code has no practical limit, but I don't know about anything else you might interoperate with. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org