Archived Forum Post

Index of archived forum posts

Question:

Output Size of Encrypted String?

May 13 '13 at 16:28

I develop with Visual Foxpro. I did some tests and I like what I see so far. But there’s something I’m wondering about. I want to encrypt the data I have in certain fields but I’d like to know how to compute what will be the available space required for storing the encryption.

For example I have a field defined as 30 characters. How much space will be needed by the encryption of those 30 characters?

What are the requirements based on each functions in the encryption library?


Answer

All block encryption algorithms, such as AES, Triple-DES, Blowfish, etc. will produce encrypted output that is a multiple of the algorithm’s block size. For AES, the block size is 16 bytes. For Triple-DES and Blowfish, the block-size is 8 bytes. Regardless of the key length (128-bit, 256-bit, etc.) the block size is constant for the algorithm.

Therefore, if you encrypt 19 bytes using AES encryption, the result will be 32 bytes.

All encryption algorithms produce output that resembles random binary data. In other words, all byte values (0×00 - 0xFF) are equally likely in the output. If the encrypted output is needed in printable string format, it must be encoded using an encoding algorithm such as Base64 or Hex. Base64 is the most common reasonably efficient means of encoding binary data to printable strings. Base64 encoding uses 4 printable characters for every 3 binary characters. Depending on what’s leftover at the end (if the amount of binary data is not evenly divisible by 3), one or two extra characters will be output (these are the “=” characters you typically see at the end of Base64 encoded output).

Therefore, 19 bytes encrypted using AES results in 32 binary bytes. The 32 bytes represented as a printable string in Base64 is 44 characters. In summary: Encrypting 19 bytes with AES will always result in a 44-character Base64 string.

Likewise, encrypting 30 bytes using AES will also result in 32 binary bytes (because it's padded up to the next multiple of the 16-byte block size), and then after Base64 encoding would result in a 44-character string.