According to Lenstra's updated equations available on this site, the security level of a 4096 bit RSA key is matched by a cryptographic hash which is at least 248 bits long, for instance SHA-256.
If you use RSA OAEP (and you should), the amount of data you can encrypt at most is therefore modulus size - 2 - 2*hash size
, which is 446 bytes.
With RSA PKCS#1 v1.5 you can encrypt at most modulus size - 11
bytes, but RSA PKCS#1 v1.5 provides less security (it is not provably secure, and the minimum number of random padding bytes should be extended to at least 16 bytes).
If you need to encrypt more data you should not simply chop it up and use RSA multiple times on each block. That is a security flaw. You must take a different approach, more precisely:
- Select a random 128 bit symmetric key.
- Use an authenticated mode of operation to encrypt your data (e.g. AES-128 GCM).
- Encrypt the symmetric key using RSA OAEP.
RSA encryption (unlike decryption) is pretty speedy, but the time is really dependent on the library and on the platform you use. For some reference, see cryptopp library's website.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…