問(wèn)題描述

通常建議使用 RSA 加密對(duì)稱密鑰，然后使用對(duì)稱密鑰加密有效負(fù)載".

Typically it is recommended that RSA be used to encrypt a symmetric key, which is then used to encrypt the "payload".

可以使用 RSA 加密的數(shù)據(jù)量的實(shí)際(或理論上)限制是多少(我使用的是 2048 位 RSA 密鑰大小).

What is the practical (or theoretical) limit to the amount of data that can be encrypted with RSA (I'm using a 2048 bit RSA keysize).

特別是，我想知道用(不同的)RSA 公鑰加密 RSA 公鑰(256 字節(jié))是否安全?我在 Java 中使用 Bouncy Castle 加密庫(kù).

In particular, I'm wondering if it is safe to encrypt an RSA public key (256 bytes) with a (different) RSA public key? I'm using the Bouncy Castle crypto libraries in Java.

推薦答案

對(duì)于 n 位 RSA 密鑰，直接加密(使用 PKCS#1 "old-style" padding) 適用于任意二進(jìn)制消息直到 floor(n/8)-11 個(gè)字節(jié).換句話說(shuō)，對(duì)于 1024 位 RSA 密鑰(128 字節(jié))，最多 117 字節(jié).使用 OAEP(PKCS#1 新式"填充)，這有點(diǎn)少:OAEP 使用輸出長(zhǎng)度為 h 位的散列函數(shù)；這意味著 floor(n/8)-2*ceil(h/8)-2 的大小限制:仍然是 1024 位 RSA 密鑰，使用 SHA-256 作為散列函數(shù)(h = 256)，這意味著最多 60 字節(jié)的二進(jìn)制消息.

For a n-bit RSA key, direct encryption (with PKCS#1 "old-style" padding) works for arbitrary binary messages up to floor(n/8)-11 bytes. In other words, for a 1024-bit RSA key (128 bytes), up to 117 bytes. With OAEP (the PKCS#1 "new-style" padding), this is a bit less: OAEP use a hash function with output length h bits; this implies a size limit of floor(n/8)-2*ceil(h/8)-2: still for a 1024-bit RSA key, with SHA-256 as hash function (h = 256), this means binary messages up to 60 bytes.

用另一個(gè) RSA 密鑰加密一個(gè) RSA 密鑰沒(méi)有問(wèn)題(用 RSA 加密 任何 字節(jié)序列沒(méi)有問(wèn)題，無(wú)論這些字節(jié)代表什么)，但是，當(dāng)然，外部" RSA 密鑰必須更大:使用舊式填充，要加密 256 字節(jié)的消息，您需要一個(gè)模數(shù)至少為 2136 位的 RSA 密鑰.

There is no problem in encrypting a RSA key with another RSA key (there is no problem in encrypting any sequence of bytes with RSA, whatever those bytes represent), but, of course, the "outer" RSA key will have to be bigger: with old-style padding, to encrypt a 256-byte message, you will need a RSA key with a modulus of at least 2136 bits.

混合模式(您使用隨機(jī)對(duì)稱密鑰加密數(shù)據(jù)并使用盡管如此，還是建議將 RSA 用作一般情況，這只是因?yàn)樗鼈儧](méi)有任何實(shí)際的大小限制，而且還因?yàn)樗鼈兛梢愿菀椎赜昧硪环N密鑰交換算法(例如 Diffie-Hellman)替換 RSA 部分.

Hybrid modes (you encrypt data with a random symmetric key and encrypt that symmetric key with RSA) are nonetheless recommended as a general case, if only because they do not have any practical size limits, and also because they make it easier to replace the RSA part with another key exchange algorithm (e.g. Diffie-Hellman).

這篇關(guān)于可以使用 RSA 加密的數(shù)據(jù)量有什么限制?的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！