Discussion:
CryptEncrypt() buffer limit?
(too old to reply)
Michael Prendergast
2004-10-28 19:29:01 UTC
Permalink
Hello,

I have a strange little bug that keeps occurring whenever I make a call to
CryptEncrypt():

It seems that whenever I call CryptEncrypt() to encrypt a plaintext buffer
of greater than 53 bytes, it fails and returns NTE_BAD_LEN through
GetLastError(). This seems independent of the actual buffer size I pass in.

For example, I tried getting the size required to encrypt a 58 byte buffer,
and gave CryptEncrypt() a size of 1000 for the actual buffer length, and
received NTE_BAD_LEN in response.

Here's some sample code:

---------------------------------------------------------------------
ULONG ulEncryptedDataSizeInBytes = 58;

if (CryptEncrypt(m_hRemotePublicKey, 0, TRUE, 0, NULL,
&ulEncryptedDataSizeInBytes, 1000) == FALSE)
{
hrReturnValue = GetLastError();
}
}
---------------------------------------------------------------------

I'm using MS_DEF_PROV as the cryptographic provider name, with PROV_RSA_FULL
and CALG_RSA_KEYX as the encryption algorithm (I'm using this encryption for
a public key exchange sequence).

Does anyone have any idea what could be wrong? Is there something I need to
set with SetKeyParam() first?

Also, as a side note, this works if I make repeated calls to CryptEncrypt()
with temporary copy buffers of less 32 bytes each.

Any help would be greatly appreciated.

Thank you very much for your help.

Ciao,
Michael Prendergast
unknown
2004-10-29 05:10:56 UTC
Permalink
The amount of data the RSA cipher can encrypt/decrypt at once is entirely
dependant on the key size.
Either create bigger keys, or chunk the data. Bigger keys will slow the
algorithm down considerably though.

-Rob Teixeira
Post by Michael Prendergast
Hello,
I have a strange little bug that keeps occurring whenever I make a call to
It seems that whenever I call CryptEncrypt() to encrypt a plaintext buffer
of greater than 53 bytes, it fails and returns NTE_BAD_LEN through
GetLastError(). This seems independent of the actual buffer size I pass in.
For example, I tried getting the size required to encrypt a 58 byte buffer,
and gave CryptEncrypt() a size of 1000 for the actual buffer length, and
received NTE_BAD_LEN in response.
---------------------------------------------------------------------
ULONG ulEncryptedDataSizeInBytes = 58;
if (CryptEncrypt(m_hRemotePublicKey, 0, TRUE, 0, NULL,
&ulEncryptedDataSizeInBytes, 1000) == FALSE)
{
hrReturnValue = GetLastError();
}
}
---------------------------------------------------------------------
I'm using MS_DEF_PROV as the cryptographic provider name, with
PROV_RSA_FULL
Post by Michael Prendergast
and CALG_RSA_KEYX as the encryption algorithm (I'm using this encryption for
a public key exchange sequence).
Does anyone have any idea what could be wrong? Is there something I need to
set with SetKeyParam() first?
Also, as a side note, this works if I make repeated calls to
CryptEncrypt()
Post by Michael Prendergast
with temporary copy buffers of less 32 bytes each.
Any help would be greatly appreciated.
Thank you very much for your help.
Ciao,
Michael Prendergast
Michael Prendergast
2004-11-01 18:04:09 UTC
Permalink
Hi Rob,

Thank you very much for your prompt and informative response! The problem
makes sense now; although I'm curious (if you don't mind), do you happen to
know the relationship between the RSA keylength and the maximum
encrypt/decrypt buffer length?

I was checking around the internet and MSDN and I don't seem to see the
actual numerical relationship between the two.

Thanks again, Rob. I really appreciate it!

Cheers,
Michael
Post by unknown
The amount of data the RSA cipher can encrypt/decrypt at once is entirely
dependant on the key size.
Either create bigger keys, or chunk the data. Bigger keys will slow the
algorithm down considerably though.
-Rob Teixeira
Post by Michael Prendergast
Hello,
I have a strange little bug that keeps occurring whenever I make a call to
It seems that whenever I call CryptEncrypt() to encrypt a plaintext buffer
of greater than 53 bytes, it fails and returns NTE_BAD_LEN through
GetLastError(). This seems independent of the actual buffer size I pass
in.
Post by Michael Prendergast
For example, I tried getting the size required to encrypt a 58 byte
buffer,
Post by Michael Prendergast
and gave CryptEncrypt() a size of 1000 for the actual buffer length, and
received NTE_BAD_LEN in response.
---------------------------------------------------------------------
ULONG ulEncryptedDataSizeInBytes = 58;
if (CryptEncrypt(m_hRemotePublicKey, 0, TRUE, 0, NULL,
&ulEncryptedDataSizeInBytes, 1000) == FALSE)
{
hrReturnValue = GetLastError();
}
}
---------------------------------------------------------------------
I'm using MS_DEF_PROV as the cryptographic provider name, with
PROV_RSA_FULL
Post by Michael Prendergast
and CALG_RSA_KEYX as the encryption algorithm (I'm using this encryption
for
Post by Michael Prendergast
a public key exchange sequence).
Does anyone have any idea what could be wrong? Is there something I need
to
Post by Michael Prendergast
set with SetKeyParam() first?
Also, as a side note, this works if I make repeated calls to
CryptEncrypt()
Post by Michael Prendergast
with temporary copy buffers of less 32 bytes each.
Any help would be greatly appreciated.
Thank you very much for your help.
Ciao,
Michael Prendergast
lelteto
2004-11-01 20:07:02 UTC
Permalink
If you read the RSA crypto spc (PKCS #1 at
http://www.rsasecurity.com/rsalabs/node.asp?id=2125) you will see that the
max data is keylength-11 bytes. Eg. if you have a 512-bit key (BTW not
recommended, considered weak by today's standards) that's 64 bytes so you max
data can be 64-11=53 bytes. With 1024-bit (128 bytes) RSA keys you can have
up to 128-11=117 bytes of data.

Laszlo Elteto
SafeNet, Inc.
Post by Michael Prendergast
Hi Rob,
Thank you very much for your prompt and informative response! The problem
makes sense now; although I'm curious (if you don't mind), do you happen to
know the relationship between the RSA keylength and the maximum
encrypt/decrypt buffer length?
I was checking around the internet and MSDN and I don't seem to see the
actual numerical relationship between the two.
Thanks again, Rob. I really appreciate it!
Cheers,
Michael
Post by unknown
The amount of data the RSA cipher can encrypt/decrypt at once is entirely
dependant on the key size.
Either create bigger keys, or chunk the data. Bigger keys will slow the
algorithm down considerably though.
-Rob Teixeira
Post by Michael Prendergast
Hello,
I have a strange little bug that keeps occurring whenever I make a call to
It seems that whenever I call CryptEncrypt() to encrypt a plaintext buffer
of greater than 53 bytes, it fails and returns NTE_BAD_LEN through
GetLastError(). This seems independent of the actual buffer size I pass
in.
Post by Michael Prendergast
For example, I tried getting the size required to encrypt a 58 byte
buffer,
Post by Michael Prendergast
and gave CryptEncrypt() a size of 1000 for the actual buffer length, and
received NTE_BAD_LEN in response.
---------------------------------------------------------------------
ULONG ulEncryptedDataSizeInBytes = 58;
if (CryptEncrypt(m_hRemotePublicKey, 0, TRUE, 0, NULL,
&ulEncryptedDataSizeInBytes, 1000) == FALSE)
{
hrReturnValue = GetLastError();
}
}
---------------------------------------------------------------------
I'm using MS_DEF_PROV as the cryptographic provider name, with
PROV_RSA_FULL
Post by Michael Prendergast
and CALG_RSA_KEYX as the encryption algorithm (I'm using this encryption
for
Post by Michael Prendergast
a public key exchange sequence).
Does anyone have any idea what could be wrong? Is there something I need
to
Post by Michael Prendergast
set with SetKeyParam() first?
Also, as a side note, this works if I make repeated calls to
CryptEncrypt()
Post by Michael Prendergast
with temporary copy buffers of less 32 bytes each.
Any help would be greatly appreciated.
Thank you very much for your help.
Ciao,
Michael Prendergast
Loading...