**Cryptography Tutorials - Herong's Tutorial Examples** - Version 5.35, by Dr. Herong Yang

Ciphertext Block Size for RSA Encryption

This section discusses what is the most efficient block size when packaging encrypted integers resulted from the RSA encryption operation on ciphertext blocks. The suggested block size is '1+floor((x-1)/8)', where 'x' is the RSA key size, or the key modulus bit length.

The previous section, we figured out the best block size (can be called as cleartext block size) and padding schema for dividing the cleartext message into blocks for RSA encryption.

Now let's look that how we can package individual encrypted integers generated from cleartext message blocks into a ciphertext byte sequence.

We have 2 general options:

1. Convert encrypted integers into byte blocks with the minimum number of bytes for each integer. Then package byte blocks sequentially with block markers to separate them.

2. Convert encrypted integers into byte blocks with a equal number of bytes for each integer. Then package byte blocks sequentially with no block markers to separate them.

The option 2 seems to be better, because it avoids the trouble of designing the special block marker and informing the receiver of the encrypted message what the marker is.

If we go with option 2, we need to figure out what is the best block size for encrypted integer blocks. The only requirement is that the block must long enough to hold the highest possible encrypted integer, which is the RSA key modulus.

Base on this requirement, the best block size (can be called as ciphertext block size) for encrypted integer blocks is "ceiling(RsaKeySize/8)" in bytes, which can also be expressed as "1+floor((RsaKeySize-1)/8)" in bytes.

If we compare the ciphertext block size "1+floor((RsaKeySize-1)/8)" with the cleartext block size "min(floor((RsaKeySize-1)/8),256)", the ciphertext block size is always 1 byte larger, if the RSA key size is 2056 or less.

*Last update: 2013.*

Table of Contents

Introduction to AES (Advanced Encryption Standard)

DES Algorithm - Illustrated with Java Programs

DES Algorithm Java Implementation

DES Algorithm - Java Implementation in JDK JCE

DES Encryption Operation Modes

PHP Implementation of DES - mcrypt

Blowfish - 8-Byte Block Cipher

Secret Key Generation and Management

Cipher - Secret Key Encryption and Decryption

►RSA Implementation using java.math.BigInteger Class

Generating Prime Number with BigInteger Class

Performance of Prime Number Generation

RSA Encryption Implementation using BigInteger Class

RsaKeyGenerator.java for RSA Key Generation

RSA Keys Generated by RsaKeyGenerator.java

RsaKeyValidator.java for RSA Key Validation

64-bit RSA Key Validated by RsaKeyValidator.java

Converting Byte Sequences to Positive Integers

Cleartext Block Size for RSA Encryption

Cleartext Message Padding and Revised Block Size

►Ciphertext Block Size for RSA Encryption

RsaKeyEncryption.java for RSA Encryption Operation

RsaKeyDecryption.java for RSA Decryption Operation

Testing RsaKeyEncryption.java with a 16-bit Key

Testing RsaKeyEncryption.java with a 64-bit Key

Testing RsaKeyEncryption.java with a 3072-bit Key

Introduction of DSA (Digital Signature Algorithm)

Java Default Implementation of DSA

Private key and Public Key Pair Generation

PKCS#8/X.509 Private/Public Encoding Standards

Cipher - Public Key Encryption and Decryption

OpenSSL Introduction and Installation

OpenSSL Generating and Managing RSA Keys

OpenSSL Generating and Signing CSR

OpenSSL Validating Certificate Path

"keytool" and "keystore" from JDK

"OpenSSL" Signing CSR Generated by "keytool"

Migrating Keys from "keystore" to "OpenSSL" Key Files

Certificate X.509 Standard and DER/PEM Formats

Migrating Keys from "OpenSSL" Key Files to "keystore"

Using Certificates in IE (Internet Explorer)