Message length limited when using RSA public-key cryptography.

Messages being encrypted using RSA public-key cryptography must be shorter than the modulus of the public key.

Date Entered: 09/05/2014    Last Updated: 09/08/2014

RSA is used to encrypt messages that are shorter than the modulus of the public key. For 1024-bit keys, this means that the message must be 117 bytes or fewer (the modulus is 128-bytes, minus 11 for the padding of the message).

Attempting to encrypt a message that is larger than the modulus will result in the error:

System error: Message too long. (700)

If you need to use RSA on a larger message, the normal method is to use a hybrid scheme, similar to the following:

  • Generate a key from a password.
  • Use the key with a symmetric encryption algorithm (such as AES) to encrypt the large message.
  • Encrypt the key using RSA.

You could do so using code similar to the following: //generate a key and use the key to encrypt the large message //Note: our components will generate the Key and IV from a given password aes1.KeyPassword = "mypassword"; aes1.InputMessage = someLargeMessage; aes1.Encrypt(); //save the key string myKey = aes1.Key; //now encrypt the key rsa1.RecipientCert = new Certificate(cstPEMKeyFile, "C:\\PATH\\TO\\certFile.pem", "certPassword", "*"); rsa1.InputMessage = myKey; rsa1.Encrypt(); //store the encrypted key string encryptedKey = rsa1.OutputMessage;


We appreciate your feedback.  If you have any questions, comments, or suggestions about this entry please contact our support team at kb@nsoftware.com.