对可以使用RSA加密的数据量的限制是多少？ [英] What is the limit to the amount of data that can be encrypted with RSA?

问题描述

通常，建议使用RSA加密对称密钥，然后用于加密有效载荷。

Typically it is recommended that RSA be used to encrypt a symmetric key, which is then used to encrypt the "payload".

什么是实用）限制为可以用RSA加密的数据量（我使用的是2048位RSA密钥大小）。

What is the practical (or theoretical) limit to the amount of data that can be encrypted with RSA (I'm using a 2048 bit RSA keysize).

特别是，我想知道是否安全地使用（不同的）RSA公钥加密RSA公钥（256字节）？我在Java中使用Bouncy Castle加密库。

In particular, I'm wondering if it is safe to encrypt an RSA public key (256 bytes) with a (different) RSA public key? I'm using the Bouncy Castle crypto libraries in Java.

推荐答案

对于键，直接加密（使用 PKCS＃1 旧式填充）适用于任意二进制（n / 8）-11 个字节的消息。换句话说，对于1024位RSA密钥（128字节），最多可达117个字节。使用OAEP（PKCS＃1新式填充），这个更少：OAEP使用输出长度 h 位的散列函数;这意味着对于1024位RSA密钥，具有SHA-256作为散列函数的 floor（n / 8）-2 * ceil（h / 8）-2的大小限制： h = 256 ），这意味着最多60个字节的二进制消息。

For a n-bit RSA key, direct encryption (with PKCS#1 "old-style" padding) works for arbitrary binary messages up to floor(n/8)-11 bytes. In other words, for a 1024-bit RSA key (128 bytes), up to 117 bytes. With OAEP (the PKCS#1 "new-style" padding), this is a bit less: OAEP use a hash function with output length h bits; this implies a size limit of floor(n/8)-2*ceil(h/8)-2: still for a 1024-bit RSA key, with SHA-256 as hash function (h = 256), this means binary messages up to 60 bytes.

使用另一个RSA密钥加密RSA密钥在用RSA加密任何字节序列时没有问题，无论那些字节代表什么），但是当然，外部RSA密钥将必须更大：使用旧式填充，加密256字节的消息，您将需要一个模数至少为2136位的RSA密钥。

There is no problem in encrypting a RSA key with another RSA key (there is no problem in encrypting any sequence of bytes with RSA, whatever those bytes represent), but, of course, the "outer" RSA key will have to be bigger: with old-style padding, to encrypt a 256-byte message, you will need a RSA key with a modulus of at least 2136 bits.

混合模式（您使用RSA加密随机对称密钥，然后使用但是如果仅仅因为它们不具有任何实际的大小限制，并且还因为它们使得更容易用另一密钥交换算法（例如Diffie-Hellman）来替换RSA部分，那么它被推荐为一般情况。

Hybrid modes (you encrypt a random symmetric key with RSA, and then use that key for symmetric encryption) are nonetheless recommended as a general case, if only because they do not have any practical size limits, and also because they make it easier to replace the RSA part with another key exchange algorithm (e.g. Diffie-Hellman).

这篇关于对可以使用RSA加密的数据量的限制是多少？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！