19

What does the "data is greater than mod len" error message mean? I have encountered this while trying to decrypt data using php's openssl_private_decrypt. How does one go about solving this issue? Been searching hours online, not getting anywhere.

automaton
  • 1,091
  • 1
  • 9
  • 23

3 Answers3

21

Asymmetric RSA keys can encrypt/decrypt only data of limited length i.e. RSAES-PKCS1-v1_5 encryption scheme defined in RFC3447 can operate on messages of length up to k - 11 octets (k is the octet length of the RSA modulus) so if you are using 2048-bit RSA key then maximum length of the plain data to be encrypted is 245 bytes.

jariq
  • 11,681
  • 3
  • 33
  • 52
  • Is there a function to determine the max preimage and image sizes? I know other libraries have similar (like Crypto++), but have not come across it in OpenSSL. – jww Apr 21 '14 at 21:14
  • @jww for RSA there is [RSA_size()](https://www.openssl.org/docs/crypto/RSA_size.html) which returns RSA modulus size and there is a [documented relation between modulus size, max length of plaintext and different paddings](https://www.openssl.org/docs/crypto/RSA_public_encrypt.html). I have not seen anything more generic in OpenSSL API for asymmetric algorithms (which of course does not mean something like that does not exist). – jariq Apr 21 '14 at 22:51
  • Thanks. `RSA_size` is not really useful. I asked on the OpenSSL userlist: [RSA and max preimage size?](https://groups.google.com/forum/#!topic/mailing.openssl.users/ruoFBjX-s7w). – jww Apr 21 '14 at 23:41
  • " RSAES-PKCS1-V1_5-ENCRYPT ((n, e), M) Input: (n, e) recipient's RSA public key (k denotes the length in octets of the modulus n) M message to be encrypted, an octet string of length mLen, where mLen <= k - 11".The encryption appeared to work just fine, it was the decryption that barfed.When the data size is greater than the RSA key allows, is the data broken up and encrypted in parts then concatenated?Thanks for the ietf link. – automaton Apr 22 '14 at 11:34
  • 3
    @automaton If you want to encrypt larger data then you should probably take a look at [openssl_seal()](http://www.php.net/manual/en/function.openssl-seal.php) and [openssl_open()](http://www.php.net/manual/en/function.openssl-open.php) functions instead. – jariq Apr 22 '14 at 18:55
16

If you are having this decryption error: RSA_EAY_PRIVATE_DECRYPT:data greater than mod len try this command before decrypt your file: 

cat yourEncryptedFile| base64 -D > yourEncryptedRawFile
Pedro Trujillo
  • 1,559
  • 18
  • 19
  • 6
    Shouldn't it be `base64 -d` or `base64 --decode` instead? – Antoine Viscardi Aug 14 '18 at 19:24
  • 1
    You are right too, `-D` worked for me because I'm working on a macOS platform. The command variations depend of your OS. There is more information about that [here](https://www.igorkromin.net/index.php/2017/04/26/base64-encode-or-decode-on-the-command-line-without-installing-extra-tools-on-linux-windows-or-macos/), greetings! – Pedro Trujillo Aug 15 '18 at 14:50
2

You can also try openssl enc -in cipherTextFile.base64 -out binaryTextFile.bin -d -a. This was what worked for me when I got this error while trying to decrypt. I was then able to decrypt using openssl rsautl -decrypt -in binaryTextFile.bin -out plainTextFile.txt -inkey my-private-key.pem without failure.

Oli
  • 314
  • 3
  • 13
  • what do you mean with the `ciphertext` parameter? – rustyMagnet Mar 21 '19 at 11:13
  • Hi @rustyMagnet. In my answer's context, `ciphertext` is referring to a `base64` encoded file. It's what I've passed in the `-in` parameter. I've updated my answer to make it clearer where file paths should be passed as parameters. Does this help? – Oli Mar 24 '19 at 17:41