How to get the max number of bits you can encrypt with openssl_public_encrypt?

Question

I know that when encrypting data with openssl_public_encrypt you can not encrypt anything larger than the size of your key. This is also backed up in the PHP documentation notes by other people:

http://php.net/manual/en/function.openssl-public-encrypt.php#55901

Now I want to throw an exception when somebody still tries to do this and I am figuring out the size of my key like so:

$keyDetails = openssl_pkey_get_details($this->public);
$bytes = $keyDetails['bits'] / 8; 

This provides me with the total bits I have available but this does not take into account the padding. I want to be able to have this exception thrown dynamically so I want to take in account public keys of different sizes.

From the PHP documentation someone already noted:

However, the PKCS#1 standard, which OpenSSL uses, specifies a padding scheme (so you can encrypt smaller quantities without losing security), and that padding scheme takes a minimum of 11 bytes (it will be longer if the value you're encrypting is smaller).

So with a PKCS#1 standard I am losing 11*8 bits meaning I can only encrypt something with a max size of 936 bits with a 1024 bits key.

Except I am not using this standard. I am using OPENSSL_PKCS1_OAEP_PADDING. I don't know where the 11 bytes came from I can not find it in the PHP code where these constants are defined.

How can I find out the padding for my standard and therefore the max size I can encrypt.

Even though the padding may change depending on the size of the 'to be encrypted' value I would like to set a hard lower limit in that case(not totally sure if this is the case).

Cheers.

Answer 1

The OAEP padding uses 42 bytes of the available space.