**Cryptography Tutorials - Herong's Tutorial Examples** - Version 5.33, by Dr. Herong Yang

Cleartext Block Size for RSA Encryption

This section discusses what is the most efficient block size when dividing a Cleartext message into blocks for RSA public encryption. The suggested block size is 'floor((x-1)/8)', where 'x' is the RSA key size, or the key modulus bit length.

In the previous section, we learned how to convert a byte sequence into a positive integer, so that it can be encrypted by the RSA public key.

But what happens if the converted positive integer is too large? We know that the RSA public key encryption algorithm will not work on integers that are greater than the modulus of the RSA key.

To resolve this problem, we have to divide the cleartext byte sequence into blocks, and convert each block into a positive number smaller than the modulus of the RSA so it can be encrypted correctly. The next question is then, what block size should we use?

One option is use 1 byte as the block size. This will ensure that the converted integer is in the range of 0 and 255. Any RSA key with a modulus value greater than 255 will work on 1-byte blocks. In other words, any RSA key with a key size of 9 bites or higher will work 1-byte blocks.

However, if we have a RSA key with a much higher key size, like 2048 bites, using 1-byte blocks is not that efficient. This is because larger blocks can be used with larger keys to reduce the number of blocks to reduce the total encryption time and ciphertext data size.

Let's use a RSA key with 2048 bits with a cleartext byte sequence of 200 bytes to see the impact of using different block size.

1. If we set the block size to 1 byte, we will have:

- 200 blocks after dividing the cleartext byte sequence.
- 200 8-bit integers to be encrypted.
- 200 2048-bit integers resulted from the encryption process.

2. If we set the block size to 200 bytes, we will have:

- 1 block after dividing the cleartext byte sequence.
- 1 1600-bit integer to be encrypted.
- 1 2048-bit integer resulted from the encryption process.

Obviously, using 200-bytes as the block size is much more efficient than 1-byte block size. This means the higher block size, the more efficient.

So we need to find the highest block size allowed for a given RSA key with x bits key size. This can be calculated as: "floor((x-1)/8)" in bytes. The resulting block size is at least 1 bit less than the RSA key bit length, which ensures that the integer value in each block is smaller than the key modulus.

Note that, we cannot use a block size that is the same bit length as the RSA key, because the result block may represent an integer greater than the key modulus. For example, block value 0xF0000000 is greater than a key modulus 0xEC134ECB. But their bit length is the same, 32 bits, 4 bytes.

*Last update: 2013.*

Table of Contents

Introduction to AES (Advanced Encryption Standard)

DES Algorithm - Illustrated with Java Programs

DES Algorithm Java Implementation

DES Algorithm - Java Implementation in JDK JCE

DES Encryption Operation Modes

PHP Implementation of DES - mcrypt

Blowfish - 8-Byte Block Cipher

Secret Key Generation and Management

Cipher - Secret Key Encryption and Decryption

►RSA Implementation using java.math.BigInteger Class

Generating Prime Number with BigInteger Class

Performance of Prime Number Generation

RSA Encryption Implementation using BigInteger Class

RsaKeyGenerator.java for RSA Key Generation

RSA Keys Generated by RsaKeyGenerator.java

RsaKeyValidator.java for RSA Key Validation

64-bit RSA Key Validated by RsaKeyValidator.java

Converting Byte Sequences to Positive Integers

►Cleartext Block Size for RSA Encryption

Cleartext Message Padding and Revised Block Size

Ciphertext Block Size for RSA Encryption

RsaKeyEncryption.java for RSA Encryption Operation

RsaKeyDecryption.java for RSA Decryption Operation

Testing RsaKeyEncryption.java with a 16-bit Key

Testing RsaKeyEncryption.java with a 64-bit Key

Testing RsaKeyEncryption.java with a 3072-bit Key

Introduction of DSA (Digital Signature Algorithm)

Java Default Implementation of DSA

Private key and Public Key Pair Generation

PKCS#8/X.509 Private/Public Encoding Standards

Cipher - Public Key Encryption and Decryption

OpenSSL Introduction and Installation

OpenSSL Generating and Managing RSA Keys

OpenSSL Generating and Signing CSR

OpenSSL Validating Certificate Path

"keytool" and "keystore" from JDK

"OpenSSL" Signing CSR Generated by "keytool"

Migrating Keys from "keystore" to "OpenSSL" Key Files

Certificate X.509 Standard and DER/PEM Formats

Migrating Keys from "OpenSSL" Key Files to "keystore"

Using Certificates in IE (Internet Explorer)