CODEWITHSUNDEEP
pythoncryptographyrsa
Aymn Alaney
Aymn Alaney

Reputation: 523

RSA public key size python

I need help using RSA encryption and decryption in Python. I tried to generate a public key and a private key by using RSA 2048, then send the public key as hex to a destination. However, I faced a problem, the generated public key size is greater than 2048 bit. I used the following script. Could I know why the key size is greater than 2048 bit?

import Crypto
from Crypto.PublicKey import RSA

key = RSA.generate(2048)

binPrivKey = key.exportKey('DER')
binPubKey = key.publickey().exportKey('DER')

print(binPubKey.encode('hex'))

Upvotes: 3

Views: 8716

Answers (2)

r3mainer
r3mainer

Reputation: 24557

If you want to export the key for use somewhere else, you will probably find it easier to export the key in PEM format as follows:

>>> print(key.publickey().exportKey('PEM'))
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtd2o9NY7P9CvXzECu4Ky
tieqYGAkOFrvuRnZpf3VP4VK0XMFSXM8/i5c0Q3Ml44If/zqVo/cXAO85YqV8ZtJ
YRtK9wcEr5epTX6iahxqgObgjFAbIRd6+we6znxBy+OG0JfEGn/GSBoq9g8mcr2e
HhKflp3B57X3+Qn1EbIYDFThWxy4HUZXh64LJiA5s0yeYzlGyjcC6R/Q59/CsyKP
K5LdcRp+CUrHfqwimiFUEZ+KNOob1klAyY4UKX9CI1AnWwZuSrmtbH+11Cfwgnnk
5RpqDvFNB30qsuD0elE+9zLOrq0jGicEoPtYAC3Z7phoODoR5vHbJ0R38qGItLMl
/wIDAQAB
-----END PUBLIC KEY-----

The DER format contains the same data, but in binary form, which is perhaps a little less portable.

The key length isn't 2048 bits because a public key contains not only the modulus n, but also the encryption exponent e.

If you just want the 2048-bit modulus n, then you can extract it as follows:

>>> print(key.n)
22958437811749378126735904957386766172644032831528249830706401935201456098524775
93935742531467773637499977046456570312080938678104306767641814358663672099815985
37166257748568890906635464134344070390567919827141645499361303936386291407244786
88192939984906393278409502460458733268776367836168349094440408475953441252058796
28391483565417017898863634275114447933217938009351306832376849011143622553495660
63424041991601059614183085270921567421339154500925080655811214971889251644612159
17495238196068931081086234165571014450595993262432428425126883651547622718096951
337250550253777137307186332200705951701212904813212411391

And yes, this is a 2048-bit value:

>>> print(key.n.bit_length())
2048

Upvotes: 4

Maarten Bodewes
Maarten Bodewes

Reputation: 93978

An RSA public key consists of two components: the modulus and the public exponent. The size of the modulus determines the key size. It is therefore 2048 bits if that's the size given to the key pair generator. The public exponent can be any value and could be up to 2048 bits as well. However, it is usually small. Nowadays it is commonly set to the value 65537, which is 010001 in hexadecimals. It is a special number called the fifth prime of Fermat, usually indicated by "F4" (zero based indexation).

The public key structure should contain both components. The encoded key size is generally larger than the key size for any asymmetric primitive such as RSA. Besides that is may contain overhead (to identify the location of the modulus and exponent) and information about the key itself (for instance an OID that indicates that it is indeed an RSA public key).

To know more about this you could take a look at the PKCS#1 and X.509 certificate specifications. The latter specifies a structure called SubjectPublicKeyInfo which is PEM encoded in the answer of squeamish ossifrage. You can parse it online here.

SEQUENCE (2 elem)
    SEQUENCE (2 elem)
        OBJECT IDENTIFIER1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
        NULL
    BIT STRING (1 elem)
        SEQUENCE (2 elem)
            INTEGER (2048 bit) 229584378117493781267359049573867661726440328315282498307064019352014…
            INTEGER 65537

Here the first number is the modulus and the second is the public exponent.

So in short there is a difference between key size, encoded key size and key strength.

Notes:

  • An RSA key pair of 2048 bits only provides a key strength of 112 bits (i.e. 112 bits of security), while AES-128 provides about 127 bits of security. In general you should try to use a 3072 bit key instead.
  • The private key often contains the parameters for the Chinese Remainder Theorem and the public exponent on top of the 2048 bit modulus and 2048 bit private exponent, so it will be even larger.

Upvotes: 2

Related Questions