What is the maximum length of private and public RSA keys?

Question

I am generating private and public keys using OpenSSL in PHP, which I intend to store in a database (although you probably don't need to know PHP to answer this question).

They look like this:

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIi4rlLSKA9/8CAggA
...
-----END ENCRYPTED PRIVATE KEY-----

and

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8YvAFZHSGNITeDNdXFbc
...
-----END PUBLIC KEY-----

(and yes those are just examples)

They have been created like so:

$resource = openssl_pkey_new([
        'private_key_bits' => '2048',
        "private_key_type" => OPENSSL_KEYTYPE_RSA,
]);
openssl_pkey_export($resource, $privateKey, $passPhrase) === false
$opensslDetails = openssl_pkey_get_details($resource);
$publicKey = $opensslDetails['key'];

I want to know what the maximum length is for these private and public keys.

From my experimentation, I have found that:

• 1704 characters for private keys
• 1834 characters for private keys with passphrase
• 451 characters for public keys

However I haven't found any formal documentation on this to prove that this is the case, so I can't be sure.

Answer 1

What is the maximum length of private and public RSA keys?

In theory, there is no limit. In practice, there is a limit. Also, limits are usually imposed on the modulus size (n = p*q), and not the public or private key per se. You may be facing additional limits from your web server or database.

For OpenSSL and RSA, your RSA keys are limited to 16K at generation. There's also a limit imposed by OpenSSL's s_client utility used during key exchange. The limit during key exchange is 2K, and it seems artificially low to me. You can side-step the s_client limit by avoiding key transport schemes used during key agreement (i.e., use DH or EDH instead of RSA).

If you start hitting the limits, then it usually indicates its time to switch to elliptic curves. 16K RSA and 521-bit EC provides about 512-bits of security.

Also see Openssl software failure for RSA 16K modulus on the OpenSSL users mailing list.

---

Here are some factoids on RSA key generation time using the Crypto++ library from small (256-bit) to large (60K-bit). I believe the numbers were gathered about 5 years ago on a Core2 Duo machine. OpenSSL should have asymptotically similar running times.

cryptopp$ rsa_kgen.exe 61440
Elapsed time for 61140 RSA key: 25654.01s (7 hours, 7 minutes, 34 seconds)
cryptopp$ rsa_kgen.exe 30720
Elapsed time for 30720 RSA key: 2255.30s (37 minutes, 35 seconds)
cryptopp$ rsa_kgen.exe 15360
Elapsed time for 15360 RSA key: 285.05s (4 minutes, 45 seconds)
cryptopp$ rsa_kgen.exe 11776
Elapsed time for 11776 RSA key: 142.52s (2 minutes, 22 seconds)
cryptopp$ rsa_kgen.exe 8192
Elapsed time for 8192 RSA key: 43.08s (43 seconds)
cryptopp$ rsa_kgen.exe 4096
Elapsed time for 4096 RSA key: 0.70s
cryptopp$ rsa_kgen.exe 2048
Elapsed time for 2048 RSA key: 0.09s
cryptopp$ rsa_kgen.exe 1024
Elapsed time for 1024 RSA key: 0.01s
cryptopp$ rsa_kgen.exe 512
Elapsed time for 512 RSA key: 0.00s
cryptopp$ rsa_kgen.exe 256
Elapsed time for 256 RSA key: 0.00s