RSA maximum message size ignores modulus

garyf / json_web_token

A Ruby implementation of the JSON Web Token (JWT) standard, RFC 7519

MIT License

60 stars 4 forks source link

RSA maximum message size ignores modulus #4

Closed kaikuchn closed 7 years ago

kaikuchn commented 7 years ago

The RSA module defines a constant MESSAGE_BYTES_MAX irrespective of the RSA modulus size.

The referenced RFC states that the maximum should be modulus - 11 octets, i.e., when I use a 4096 bit key I'd expect the maximum message size to be 501 octets. Or did I get that wrong?

kaikuchn commented 7 years ago

I'm also confused why the payload size has to be below MESSAGE_BYTES_MAX. Isn't the payload run through SHA2 before being signed? And that size is always fixed, depending on the chosen number of bits.

Since jwt only supports up to SHA512, we will never have an input greater than 64 octets to the RSA signing. And since keys of less than 2048 bits are rejected we don't need to concern ourselves with the input size to the RSA sign operation, right?

garyf commented 7 years ago

agree; addressed by 1b4dc0d; thank you @kaikuchn