Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I am trying to sign a token object using SHA1. I am using bouncycastle as the security provider. Whenever the program tries to sign something it gives me this error.

java.security.SignatureException: java.lang.IllegalArgumentException: input data too large.
What is the maximum size for signing something?
Do you have any suggestions about how I can sign this object?
The input size is limited to the size of the key. If you use a 1024 bit key, you are limited to 128 bytes.
Typically, you are signing the digest (hash value), not the actual data.
                @Just12, in the document ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf, on page 30, section 8.2.1. signature, an octet string of length k, where k is the length in octets of the RSA modulus n. Also on bouncy castle's FAQ. bouncycastle.org/wiki/display/JA1/Frequently+Asked+Questions
– Marcus Adams
                Aug 24, 2011 at 14:12
To fix that error one just need to use a larger key size. For example, if SHA 512 bit is chosen, the key could be a 1024 bit one. But you will fail with a key of the same (512) or lesser length.
BouncyCastle just gives us an unusable error message. But the std lib does its job right. Compare them:
// using a 512 bit key here
// leads to this error message if Sun's standard provider is used
Signature sig = Signature.getInstance("SHA512withRSA", "SunRsaSign");
rsa.initSign(privateKey);
rsa.update(data);
rsa.sign();
java.security.InvalidKeyException: Key is too short for this signature algorithm
    at sun.security.rsa.RSASignature.initCommon(RSASignature.java:129)
    at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:111)
    at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:101)
    at java.security.Signature$Delegate.engineInitSign(Signature.java:1127)
    at java.security.Signature.initSign(Signature.java:511)
// using a 512 bit key here
// leads to this error message if the BounceCastle provider is used
Signature sig = Signature.getInstance("SHA512withRSA", "BC");
java.security.SignatureException: java.lang.IllegalArgumentException: input data too large
    at org.bouncycastle.jce.provider.JDKDigestSignature.engineSign(Unknown Source)
    at java.security.Signature$Delegate.engineSign(Signature.java:1160)
    at java.security.Signature.sign(Signature.java:553)
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.