Cryptography Tutorials - Herong's Tutorial Examples - Version 5.36, by Dr. Herong Yang
Cleartext Block Size for RSA Encryption
This section discusses what is the most efficient block size when dividing a Cleartext message into blocks for RSA public encryption. The suggested block size is 'floor((x-1)/8)', where 'x' is the RSA key size, or the key modulus bit length.
In the previous section, we learned how to convert a byte sequence into a positive integer, so that it can be encrypted by the RSA public key.
But what happens if the converted positive integer is too large? We know that the RSA public key encryption algorithm will not work on integers that are greater than the modulus of the RSA key.
To resolve this problem, we have to divide the cleartext byte sequence into blocks, and convert each block into a positive number smaller than the modulus of the RSA so it can be encrypted correctly. The next question is then, what block size should we use?
One option is use 1 byte as the block size. This will ensure that the converted integer is in the range of 0 and 255. Any RSA key with a modulus value greater than 255 will work on 1-byte blocks. In other words, any RSA key with a key size of 9 bites or higher will work 1-byte blocks.
However, if we have a RSA key with a much higher key size, like 2048 bites, using 1-byte blocks is not that efficient. This is because larger blocks can be used with larger keys to reduce the number of blocks to reduce the total encryption time and ciphertext data size.
Let's use a RSA key with 2048 bits with a cleartext byte sequence of 200 bytes to see the impact of using different block size.
1. If we set the block size to 1 byte, we will have:
2. If we set the block size to 200 bytes, we will have:
Obviously, using 200-bytes as the block size is much more efficient than 1-byte block size. This means the higher block size, the more efficient.
So we need to find the highest block size allowed for a given RSA key with x bits key size. This can be calculated as: "floor((x-1)/8)" in bytes. The resulting block size is at least 1 bit less than the RSA key bit length, which ensures that the integer value in each block is smaller than the key modulus.
Note that, we cannot use a block size that is the same bit length as the RSA key, because the result block may represent an integer greater than the key modulus. For example, block value 0xF0000000 is greater than a key modulus 0xEC134ECB. But their bit length is the same, 32 bits, 4 bytes.
Last update: 2013.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
►RSA Implementation using java.math.BigInteger Class
Generating Prime Number with BigInteger Class
Performance of Prime Number Generation
RSA Encryption Implementation using BigInteger Class
RsaKeyGenerator.java for RSA Key Generation
RSA Keys Generated by RsaKeyGenerator.java
RsaKeyValidator.java for RSA Key Validation
64-bit RSA Key Validated by RsaKeyValidator.java
Converting Byte Sequences to Positive Integers
►Cleartext Block Size for RSA Encryption
Cleartext Message Padding and Revised Block Size
Ciphertext Block Size for RSA Encryption
RsaKeyEncryption.java for RSA Encryption Operation
RsaKeyDecryption.java for RSA Decryption Operation
Testing RsaKeyEncryption.java with a 16-bit Key
Testing RsaKeyEncryption.java with a 64-bit Key
Testing RsaKeyEncryption.java with a 3072-bit Key
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
Certificate X.509 Standard and DER/PEM Formats
Migrating Keys from "OpenSSL" Key Files to "keystore"
Using Certificates in IE (Internet Explorer)