What is the maximum data size for encrypting with rsautl command?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

What is the maximum data size for encrypting with rsautl command?

Vladimir Belov
Hello.
I tried to encrypt a file(1Mb), with RSA private key of 4096-bit length with
command:

openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 2.txt -out 2.srsa

I get next error:

Loading 'screen' into random state - done
RSA operation error
5616:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large
for
key size:.\crypto\rsa\rsa_pk1.c:151:

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: What is the maximum data size for encrypting with rsautl command?

Chris Dodd-2
Roughly keysize - paddingsize is the limit.  keysize in your case is 512
bytes and padding size for OAEP padding (the common standard) is ~41, so
the limit is about 471 bytes.

Usually when encrypting a file, you use a symmetric cipher with a
randomly chosen key, and then encrypt the key with RSA and prepend that
to the encrypted file.

                 -chris


On 06/27/2011 09:00 AM, [hidden email] wrote:

> Hello.
> I tried to encrypt a file(1Mb), with RSA private key of 4096-bit
> length with command:
>
> openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 2.txt -out
> 2.srsa
>
> I get next error:
>
> Loading 'screen' into random state - done
> RSA operation error
> 5616:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too
> large for
> key size:.\crypto\rsa\rsa_pk1.c:151:
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: What is the maximum data size for encrypting with rsautl command?

Vladimir Belov
Thanks for answer, Chris.

I understand that slow RSA algorithm is not used to encrypt large amounts of
data, instead of it symmetric algorithms are used.

But is it the limit of RSA-algorithm or only OpenSSL library's limit?
------------------------------------------------------------------------------------------------------------
From: Chris Dodd
Sent: Monday, June 27, 2011 8:36 PM

Roughly keysize - paddingsize is the limit.  keysize in your case is 512
bytes and padding size for OAEP padding (the common standard) is ~41, so
the limit is about 471 bytes.

Usually when encrypting a file, you use a symmetric cipher with a
randomly chosen key, and then encrypt the key with RSA and prepend that
to the encrypted file.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: What is the maximum data size for encrypting with rsautl command?

Michael S. Zick-4
On Mon June 27 2011, Vladimir Belov wrote:
> Thanks for answer, Chris.
>
> I understand that slow RSA algorithm is not used to encrypt large amounts of
> data, instead of it symmetric algorithms are used.
>
> But is it the limit of RSA-algorithm or only OpenSSL library's limit?
>

The size of the RSA key (length) you choose to use.

Mike

> ------------------------------------------------------------------------------------------------------------
> From: Chris Dodd
> Sent: Monday, June 27, 2011 8:36 PM
>
> Roughly keysize - paddingsize is the limit.  keysize in your case is 512
> bytes and padding size for OAEP padding (the common standard) is ~41, so
> the limit is about 471 bytes.
>
> Usually when encrypting a file, you use a symmetric cipher with a
> randomly chosen key, and then encrypt the key with RSA and prepend that
> to the encrypted file.
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What is the maximum data size for encrypting with rsautl command?

Dave Thompson-5
> From: [hidden email] On Behalf Of Michael S. Zick
> Sent: Monday, 27 June, 2011 13:07

> On Mon June 27 2011, Vladimir Belov wrote:
> > I understand that slow RSA algorithm is not used to encrypt
> large amounts of
> > data, instead of it symmetric algorithms are used.
> >
> > But is it the limit of RSA-algorithm or only OpenSSL
> library's limit?
> >
>
> The size of the RSA key (length) you choose to use.
>
The size of the key, which must be supported by both your
encrypter and decrypter. OpenSSL currently imposes a limit
of 16K bits, and in my experience anything much over
4K bits becomes unusably slow on available hardware.
I think OpenSSL could be easily tweaked to allow more
if you want to wait long enough, since the underlying
bignum code has no practical limit, but I don't know
about anything else you might interoperate with.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]