Cryptography Tutorials - Herong's Tutorial Examples - Version 5.36, by Dr. Herong Yang
Ciphertext Block Size for RSA Encryption
This section discusses what is the most efficient block size when packaging encrypted integers resulted from the RSA encryption operation on ciphertext blocks. The suggested block size is '1+floor((x-1)/8)', where 'x' is the RSA key size, or the key modulus bit length.
The previous section, we figured out the best block size (can be called as cleartext block size) and padding schema for dividing the cleartext message into blocks for RSA encryption.
Now let's look that how we can package individual encrypted integers generated from cleartext message blocks into a ciphertext byte sequence.
We have 2 general options:
1. Convert encrypted integers into byte blocks with the minimum number of bytes for each integer. Then package byte blocks sequentially with block markers to separate them.
2. Convert encrypted integers into byte blocks with a equal number of bytes for each integer. Then package byte blocks sequentially with no block markers to separate them.
The option 2 seems to be better, because it avoids the trouble of designing the special block marker and informing the receiver of the encrypted message what the marker is.
If we go with option 2, we need to figure out what is the best block size for encrypted integer blocks. The only requirement is that the block must long enough to hold the highest possible encrypted integer, which is the RSA key modulus.
Base on this requirement, the best block size (can be called as ciphertext block size) for encrypted integer blocks is "ceiling(RsaKeySize/8)" in bytes, which can also be expressed as "1+floor((RsaKeySize-1)/8)" in bytes.
If we compare the ciphertext block size "1+floor((RsaKeySize-1)/8)" with the cleartext block size "min(floor((RsaKeySize-1)/8),256)", the ciphertext block size is always 1 byte larger, if the RSA key size is 2056 or less.
Last update: 2013.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
►RSA Implementation using java.math.BigInteger Class
Generating Prime Number with BigInteger Class
Performance of Prime Number Generation
RSA Encryption Implementation using BigInteger Class
RsaKeyGenerator.java for RSA Key Generation
RSA Keys Generated by RsaKeyGenerator.java
RsaKeyValidator.java for RSA Key Validation
64-bit RSA Key Validated by RsaKeyValidator.java
Converting Byte Sequences to Positive Integers
Cleartext Block Size for RSA Encryption
Cleartext Message Padding and Revised Block Size
►Ciphertext Block Size for RSA Encryption
RsaKeyEncryption.java for RSA Encryption Operation
RsaKeyDecryption.java for RSA Decryption Operation
Testing RsaKeyEncryption.java with a 16-bit Key
Testing RsaKeyEncryption.java with a 64-bit Key
Testing RsaKeyEncryption.java with a 3072-bit Key
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"
Using Certificates in IE (Internet Explorer)