Calculating ciphertext sizes

Daniel Kahn Gillmor dkg at
Mon Jul 11 23:08:35 CEST 2011

On 07/11/2011 04:59 PM, David Shaw wrote:
> On Jul 11, 2011, at 3:26 PM, Aaron Toponce wrote:
>> When encrypting a plaintext source, is there a way to predict the size of
>> the ciphertext output? I'm sure this depends on the cipher used, as well if
>> compression or hashing algos are used.
> The single largest thing that affects your output is the compression used, and how well your input compresses.  For example, if you are encrypting straight text, you will get much better compression than if you are encrypting a movie file (which is generally already compressed, so can't be compressed much more, if at all).  On top of that there is a bunch of general OpenPGP overhead (encrypted session key, etc).
> The cipher does make a difference here, but it's small and dwarfed by other factors.

Note also that for material encrypted to public key(s), you'll need to
factor in an extra chunk of data for each targetted key (the public-key
encrypted session-key packet [0]); you can expect the size of this to
vary with the algorithm of each targetted key.  This isn't technically
part of the "ciphertext", but it is part of the encrypted,
OpenPGP-formatted message.  Without it, those recipients won't be able
to decrypt the message.

For very short messages, the encrypted session key packets can actually
dominate the contents of the resulting message.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110711/372cc56d/attachment.pgp>

More information about the Gnupg-users mailing list