What is the maximum length of private and public RSA keys?

What is the maximum length of private and public RSA keys?

In theory, there is no limit. In practice, there is a limit. Also, limits are usually imposed on the modulus size (n = p*q), and not the public or private key per se. You may be facing additional limits from your web server or database.

For OpenSSL and RSA, your RSA keys are limited to 16K at generation. There's also a limit imposed by OpenSSL's s_client utility used during key exchange. The limit during key exchange is 2K, and it seems artificially low to me. You can side-step the s_client limit by avoiding key transport schemes used during key agreement (i.e., use DH or EDH instead of RSA).

If you start hitting the limits, then it usually indicates its time to switch to elliptic curves. 16K RSA and 521-bit EC provides about 512-bits of security.

Also see Openssl software failure for RSA 16K modulus on the OpenSSL users mailing list.

Here are some factoids on RSA key generation time using the Crypto++ library from small (256-bit) to large (60K-bit). I believe the numbers were gathered about 5 years ago on a Core2 Duo machine. OpenSSL should have asymptotically similar running times.

cryptopp$ rsa_kgen.exe 61440Elapsed time for 61140 RSA key: 25654.01s (7 hours, 7 minutes, 34 seconds)cryptopp$ rsa_kgen.exe 30720Elapsed time for 30720 RSA key: 2255.30s (37 minutes, 35 seconds)cryptopp$ rsa_kgen.exe 15360Elapsed time for 15360 RSA key: 285.05s (4 minutes, 45 seconds)cryptopp$ rsa_kgen.exe 11776Elapsed time for 11776 RSA key: 142.52s (2 minutes, 22 seconds)cryptopp$ rsa_kgen.exe 8192Elapsed time for 8192 RSA key: 43.08s (43 seconds)cryptopp$ rsa_kgen.exe 4096Elapsed time for 4096 RSA key: 0.70scryptopp$ rsa_kgen.exe 2048Elapsed time for 2048 RSA key: 0.09scryptopp$ rsa_kgen.exe 1024Elapsed time for 1024 RSA key: 0.01scryptopp$ rsa_kgen.exe 512Elapsed time for 512 RSA key: 0.00scryptopp$ rsa_kgen.exe 256Elapsed time for 256 RSA key: 0.00s