|Applies To||Key Manager Client 1.5.x|
Key Manager Client 2.1.x
Key Manager Client 2.5.x
Key Manager Client 2.7.x
|Issue||RKM: Size of encrypted data and HMACs including headers|
RKM Client 1.5.x
Min Max Note
HMAC RKM returns Total HMAC Size = KeyID + null (byte) + HashLen (32 bytes)
Encrypt RKM returns Total Encrypted Size = KeyId + null (byte) + IV + Encrypted Blocks (in bytes)
V2.1 Header Size 121 121
ClearText Size 1 15 16 31 32 47 48 63
The 2.5 client uses the 2.1 header format.
The size of encrypted data depends on the encryption algorithm. To start with, there is a huge difference between symmetric and asymmetric encryption. The size of data encrypted with a symmetric key is the size of the original data, plus up to an additional block for padding (8 bytes for DES, 16 bytes for AES). With symmetric encryption, the size of the key is not important. The size of data encrypted with an asymmetric key, however, is a multiple of the modulus size (the key size). This does not include the RKM headers, or base64 encoding.
Assuming that you are using symmetric encryption with AES, the size of the encrypted data will be the original data size, plus up to 16 bytes, plus the size of the RKM header, all multiplied by 4/3 if base64 encoded.
The RKM header sizes are:
1.5: KEYID + TERMINATOR + IV
= 2-11 bytes + 2 bytes + 16 bytes for AES
= 18-27 bytes
2.1: 121 bytes
2.7: 121 bytes (same as 2.1) + 16 bytes (for MUID instead of UUID) + (when not connected to the server and in high availability mode) 49 bytes for the originator ID = 137 - 186 bytes (usually 186)
Of course, the 2.7 header format also allows unlimited optional tags and attributes that could make it as large as you like.
See a48314 for a more detailed description of the contents of the various header formats.
|Legacy Article ID||a49302|