Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

getting a IllegalBlockSizeException: Data must not be longer than 256 bytes when using rsa

I am using rsa key to encrypt a long string which I will send to my server(will encrypt it with server's public key and my private key) But it throws an exception like javax.crypto.IllegalBlockSizeException: Data must not be longer than 256 bytes I feel that I have not understood the working of rsa properly till now(using the inbuilt libraries are the cause for this).
Can some one please explain why this exception is being thrown. Is it not at all possible to send long string encrypted?

like image 714
Ashwin Avatar asked Apr 04 '12 08:04

Ashwin


People also ask

How much data can you encrypt with RSA?

The modulus size is the key size in bits / 8. Thus a 1024-bit RSA key using OAEP padding can encrypt up to (1024/8) – 42 = 128 – 42 = 86 bytes. A 2048-bit key can encrypt up to (2048/8) – 42 = 256 – 42 = 214 bytes.

Why it is not recommended to use RSA for encryption?

RSA is an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. Weak parameters can be difficult, if not impossible, to check, and its poor performance compels developers to take risky shortcuts.

Can you encrypt files with RSA?

RSA is a very resource-intensive algorithm because it performs operations on relatively large prime numbers to encrypt the data, and every block is encrypted differently. This makes it unideal for encrypting large files because it'll take too much time to perform all those calculations on each block.


1 Answers

The RSA algorithm can only encrypt data that has a maximum byte length of the RSA key length in bits divided with eight minus eleven padding bytes, i.e. number of maximum bytes = key length in bits / 8 - 11.

So basicly you divide the key length with 8 -11(if you have padding). For example if you have a 2048bit key you can encrypt 2048/8 = 256 bytes (- 11 bytes if you have padding). So, either use a larger key or you encrypt the data with a symmetric key, and encrypt that key with rsa (which is the recommended approach).

That will require you to:

  1. generate a symmetric key
  2. Encrypt the data with the symmetric key
  3. Encrypt the symmetric key with rsa
  4. send the encrypted key and the data
  5. Decrypt the encrypted symmetric key with rsa
  6. decrypt the data with the symmetric key
  7. done :)
like image 132
John Snow Avatar answered Sep 19 '22 23:09

John Snow