EldoS | Feel safer!

Software components for data protection, secure storage and transfer

RSA Public Key & X.509 key size limit

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 09/08/2014 17:53:24
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Is there a specific reason for the imposed key size limit, a side from the performance/speed factor?



procedure TElCustomCryptoProviderOptions.Init;
FMaxPublicKeySize := 8192;

I have a client that requires using 16kb keys, I found that increasing these defined constants allows me to use 16kb keys without any obvious side effect aside from being extremely slow to perform the initial handshake.

I understand that my changes would be unsupported by EldoS but since there is no documentation or any information regarding a maximum supported key size or why the key size is limited to 8kb.

Any information you can provide on this would be much appreciated.
Posted: 09/09/2014 05:50:17
by Ken Ivanov (EldoS Corp.)

Hi Charles,

Key size limitation figures were chosen as a trade-off between the functional demands of the market and the general memory and speed effectiveness of the product. It is absolutely safe to increase the thresholds from technical point of view, provided that you are happy with the derivative memory consumption increase.

Please note that the thresholds should be increased proportionally. That is, if you increase MaxPublicKeySize from 8192 to 24576 (with a multiplier of 3), you should also increase MAXDIGIT up to 2304 (768 x 3).

Posted: 09/09/2014 15:57:38
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Thank you very much



Topic viewed 468 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!