0

I know this may be marked duplicate. It is based off of this question and this answer. However, I feel like I'm missing something...

My example:

Bob wants to encrypt a message and send it to Alice using Alice's public key. However, Bob also wants to sign the message using his private key before encrypting the (message + signature).

For sake of argument lets assume Alice and Bob are using RSA2048. According to PKCS #1 v2.2, both, RSASSA-PSS and RSASSA-PKCS15 signature schemes produce an output the size of the key's modulus (in this case 256 bytes). However, both OAEP and PKCS15 encryption schemes require the message size to be less than the modulus size (less than 256 bytes).

How can one sign and then encrypt a message according to this spec? Would the plaintext just be broken into two chunks? Hybrid encryption seems like overkill if the message is small. Even a single ASCII character would be too large to sign then encrypt this way...

Community
  • 1
skidelo
  • 3
  • 1

1 Answers1

0

You will always need at least to blocks (=512 bytes in your case) if you want to encrypt and sign some data. Any RSA signature block, be it armored with PKCS#1 v1.5 or PSS (or even textbook RSA) will have the size of the modulus (256 byte), since it is the output of a RSA operation. So if you want to add some plain text data to that, you will automatically need to start a new block.

All said is under the assumption of using two keys of equal size (2048 bit), as you suggested. You could get away with one block if your signature key has a smaller bitsize (e.g. 2048) then the encryption key (e.g. 4096).

mat
  • 2,558
  • 1
  • 14
  • 28