如何使用密钥大小和计算 RSA 密文的大小明文长度? [英] How calculate size of RSA cipher text using key size & clear text length?
问题描述
我想使用 RSA_PKCS_V21(使用 PolarSSL 库)加密一些明文.问题是我需要在执行算法之前知道密文的大小(用于动态内存分配目的).我知道 RSA 密钥大小和明文长度.
我也想知道输入明文长度的限制.
有什么想法吗?
只需检查 RSA PKCS#1 v2.1 标准,第 7.2 章:
<块引用>RSAES-PKCS1-V1_5-ENCRYPT ((n, e), M)
输入:
- (n, e) 收件人的 RSA 公钥(k 表示八位字节的长度的模数 n)
- 要加密的M条消息,长度为mLen的八位字节串,其中 mLen <= k - 11
所以输入取决于密钥大小.k 是密钥大小,但以八位字节为单位.因此,对于 1024 位密钥,您有 1024/8 - 11 = 117 个字节作为最大纯文本.
请注意,以上是带有 PKCS#1 v1.5 填充的 RSA 的最大大小.对于较新的 OAEP 填充,可以在 第 7.1 章中找到以下内容:
<块引用>RSAES-OAEP-ENCRYPT ((n, e), M, L)
...
输入:
<块引用>
- (n, e) 收件人的 RSA 公钥(k 表示八位字节的长度RSA 模数 n)
- 要加密的M条消息,长度为mLen的八位字节串,其中 mLen <= k - 2hLen - 2
- 与消息关联的可选标签;这L 的默认值,如果未提供 L,则为空字符串
其中 hLen 是用于掩码生成函数的哈希函数的输出大小.如果使用默认的 SHA-1 哈希函数,则消息的最大大小为 k - 42(因为 SHA-1 的输出大小为 20 字节,并且 2 * 20 + 2 = 42).
通常会加密随机生成的密钥而不是消息.然后使用该密钥对消息进行加密.这允许几乎无限长的消息,并且对称加密(例如 CBC 模式中的 AES)比非对称加密快得多.这种组合称为混合加密.
带有任何填充的 RSA 加密或签名生成的输出大小与模数的大小相同以字节为单位(当然向上舍入),因此对于 1024 位密钥,您期望 1024/8 = 128 个八位字节/字节.
请注意,计算大小的输出数组可能包含设置为零的前导字节;这应该被认为是正常的.
I've some clear text which I want to encrypt using RSA_PKCS_V21 (using PolarSSL library). The problem is that I need to know size of cipher text before executing the algorithm (for dynamic memory allocation purpose).
I know RSA key size & clear text length.
I also want to know the limitation on input clear text length.
Any idea?
Just check the RSA PKCS#1 v2.1 standard, chapter 7.2:
RSAES-PKCS1-V1_5-ENCRYPT ((n, e), M)
Input:
- (n, e) recipient's RSA public key (k denotes the length in octets of the modulus n)
- M message to be encrypted, an octet string of length mLen, where mLen <= k - 11
So the input depends on the key size. k is that key size but in octets. So for a 1024 bit key you have 1024 / 8 - 11 = 117 bytes as maximum plain text.
Note that above is the maximum size for RSA with PKCS#1 v1.5 padding. For the newer OAEP padding the following can be found in chapter 7.1:
RSAES-OAEP-ENCRYPT ((n, e), M, L)
...
Input:
- (n, e) recipient's RSA public key (k denotes the length in octets of the RSA modulus n)
- M message to be encrypted, an octet string of length mLen, where mLen <= k - 2hLen - 2
- L optional label to be associated with the message; the default value for L, if L is not provided, is the empty string
Where hLen is the output size of the hash function used for the mask generation function. If the default SHA-1 hash function is used then the maximum size of the message is k - 42 (as the output size of SHA-1 is 20 bytes, and 2 * 20 + 2 = 42).
Normally a randomly generated secret key is encrypted instead of the message. Then the message is encrypted with that secret key. This allows almost infinitely long messages, and symmetric crypto - such as AES in CBC mode - is much faster than asymmetric crypto. This combination is called hybrid encryption.
The output size for RSA encryption or signature generation with any padding is identical to the size of the modulus in bytes (rounded upwards, of course), so for a 1024 bit key you would expect 1024 / 8 = 128 octets / bytes.
Note that the output array of the calculated size may contain leading bytes set to zero; this should be considered normal.
这篇关于如何使用密钥大小和计算 RSA 密文的大小明文长度?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
