EldoS | Feel safer!

Software components for data protection, secure storage and transfer

RSA Public Key & X.509 key size limit

Posted: 09/08/2014 17:53:24
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Is there a specific reason for the imposed key size limit, a side from the performance/speed factor?



procedure TElCustomCryptoProviderOptions.Init;
FMaxPublicKeySize := 8192;

I have a client that requires using 16kb keys, I found that increasing these defined constants allows me to use 16kb keys without any obvious side effect aside from being extremely slow to perform the initial handshake.

I understand that my changes would be unsupported by EldoS but since there is no documentation or any information regarding a maximum supported key size or why the key size is limited to 8kb.

Any information you can provide on this would be much appreciated.
Posted: 09/09/2014 05:50:17
by Ken Ivanov (Team)

Hi Charles,

Key size limitation figures were chosen as a trade-off between the functional demands of the market and the general memory and speed effectiveness of the product. It is absolutely safe to increase the thresholds from technical point of view, provided that you are happy with the derivative memory consumption increase.

Please note that the thresholds should be increased proportionally. That is, if you increase MaxPublicKeySize from 8192 to 24576 (with a multiplier of 3), you should also increase MAXDIGIT up to 2304 (768 x 3).

Posted: 09/09/2014 15:57:38
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Thank you very much



Topic viewed 504 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!