问题描述:

I'm trying to implement some encryption in my Java application.

The encryption should work as follows:

- Generate random n bits AES key
- Encrypt AES key using RSA public key
- Send encrypted AES key to server
- Encrypt data with AES key + send to server

I'm having trouble deciding what padding algorithm to use. I read `OAEPWithSHA-1AndMGF1Padding`

is a good choice, but what is the maximum message length I can encrypt with this?

I need to know the exact maximum bytes my AES key can be to be encrypted using RSA with `OAEPWithSHA-1AndMGF1Padding`

.

The length of the RSA key makes difference too. I will probably go for 2048 bits.

**TL;DR: How many bytes can I encrypt using a 2048 bits RSA key with OAEPWithSHA-1AndMGF1Padding?**

What you describe is known as Hybrid Encryption and is a common way to get the speed of symmetric-key crypto systems combined with the benefits of the two keys of RSA.

**As for the specifics:**

A 2048 bit RSA key allows for 256 bytes of which the OAEP padding takes 42 bytes, leaving around 214 bytes for encrypted data. An AES-256 key is 256 bits (32 bytes) long, so there is plenty of space for it.