Calculate maximum size for encrypted data

Question

Is there any way to calculate the largest outcome from an Rijndael encryption with a fixed array length?

Encryption method: RijndaelManaged

Padding: PKCS7

CipherMode: CBC

BlockSize 128

KeySize: 128

I need this as im converting a database where all string are going to be encrypted so i need to change the size of all string fields.

Answer 1

Everything you need to try this out:

   public partial class Form1 : Form
   {
      private SymmetricAlgorithm mEncryptionType;

      public Form1()
      {
         mEncryptionType = new RijndaelManaged();
         mEncryptionType.Padding = PaddingMode.PKCS7; //PaddingMode.None;
         mEncryptionType.Mode = CipherMode.CBC;
         mEncryptionType.BlockSize = 128; // 192; // 256; // Update byte array to IV when changed
         mEncryptionType.KeySize = 128; // 192; // 256; // Update byte array to Key when changed
         mEncryptionType.IV = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                                           0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
         mEncryptionType.Key = new byte[] { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                                           0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };

         int encrypted_size = CalculateEncryptedSize(new byte[] { 0x22, 0x23, 0x44 });
         // Shows Theran's point about exact block size
         encrypted_size = CalculateEncryptedSize(new byte[] { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                                           0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF  });
      }

      /// &ltsummary>
      /// Calculate the encrypted size of input buffer
      /// &lt/summary>
      /// &ltparam name="inputBuffer">The input buffer&lt/param>
      /// &ltreturns>Size of the encrypted buffer&lt/returns>
      public int CalculateEncryptedSize(byte[] inputBuffer)
      {
         int extra_padding = 0;
         if (mEncryptionType.Padding != PaddingMode.None)
         {
            int padding_size = (mEncryptionType.BlockSize / 8);
            extra_padding = (padding_size - (inputBuffer.Length % padding_size));
         }
         return inputBuffer.Length + extra_padding;
      }
   }

Answer 2

Yes. Round up your input size to the nearest multiple of your block size (e.g. 128 / 8 = 16 bytes).

extraBytesNeeded = (16 - (inputSize % 16)) % 16;
maxSize = inputSize + extraBytesNeeded.

Answer 3

Jeff's answer is almost correct, except that PKCS7 will always add padding to the message, even if the message exactly fits inside an integral number of blocks. Also, don't forget that if using a random IV that the IV has to be stored too. The corrected formula for the length of a PKCS7 padded message is:

extraBytesNeeded = (16 - (inputSize % 16)); // whole block of padding if input fits exactly
maxSize = inputSize + extraBytesNeeded + IVbytes;