RSA Encryption Problem [Size of payload data]

Sudantha  picture Sudantha · May 3, 2011 · Viewed 29k times · Source

is it true that RSA encryption only can handle limited payload of data ? ... im confused with the theory ... theoretically there is no note regarding this ...

Answer

Thomas Pornin picture Thomas Pornin · May 3, 2011

RSA encrypts a single message which has a length which is somewhat smaller than the modulus. Specifically, the message is first "padded", resulting in a sequence of bytes which is then interpreted as a big integer between 0 and n-1, where n is the modulus (a part of the public key) -- so the padded message cannot be longer than the modulus, which implies a strict maximum length on the raw message.

Specifically, with the most common padding scheme (PKCS#1 "old-style", aka "v1.5"), the padding adds at least 11 bytes to the message, and the total padded message length must be equal to the modulus length, e.g. 128 bytes for a 1024-bit RSA key. Thus, the maximum message length is 117 bytes. Note that the resulting encrypted message length has the same size than the modulus, so the encryption necessarily expands the message size by at least 11 bytes.

The normal way of using RSA for encrypted a big message (say, an e-mail) is to use an hybrid scheme:

  • A random symmetric key K is chosen (a raw sequence of, e.g., 128 to 256 random bits).
  • The big message is symmetrically encrypted with K, using a proper and efficient symmetric encryption scheme such as AES.
  • K is asymmetrically encrypted with RSA.

"Splitting" a big message into so many 117-byte blocks, each to be encrypted with RSA, is not normally done, for a variety of reasons: it is difficult to do it right without adding extra weaknesses; each block would be expanded by 11 bytes, implying a non-negligible total message size increase (network bandwidth can be a scarce resource); symmetric encryption is much faster.