An error occurs when the encrypted string is about 30 bits. if you do not know why, an error occurs when the generated key length is about 30 bits of 256 bits, the length of the generated key is 256-bit reply content: plaintext length (Bytes) <= key length (Bytes)-11
256 bits = 32 bytes
The longest plaintext length = 32-11 = 21 bytes = 168bits thanks @ Zhong Yuteng for his answer. RSA without padding is called Textbook RSA, which is based on mathematical principles taught in textbooks, for example, the RSA definition on the Wikipedia page:
The M mentioned here refers to the data to be encrypted, but it is not necessarily the plaintext in actual application.
If plaintext is not processed, it may be attacked.
A simple example:
When a small value is selected, for example, and the encrypted data becomes:
You only need to calculate an open three-time root number to obtain the original text.
This padding RFC 3447-Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 is defined in the PKCS #1 v2.1 standard.
Steps: 1. Length checking: If mLen > k - 11, output "message too long" and stop. 2. EME-PKCS1-v1_5 encoding: a. Generate an octet string PS of length k - mLen - 3 consisting of pseudo-randomly generated nonzero octets. The length of PS will be at least eight octets. b. Concatenate PS, the message M, and other padding to form an encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M.
There is no padding in the RSA standard.
However, according to the RSA encryption and decryption standard PKCS #1 issued by RSADSI (to avoid some RSA algorithm vulnerabilities), at least 11 bytes of padding will be added before data during encryption.
The first byte is set to 0.
The second byte is the format bit. if the value is set to 2, the data is encrypted, and if the value is set to 1, the data is signed.
Then there are at least eight bytes of padding and random nonzero.
The last byte is set to 0.
Therefore, the total length of padding is at least 11 bytes.
