Removing Keyczar's output header

Skip to first unread message

Tyler Oderkirk

Jul 16, 2016, 5:47:46 PM7/16/16
to Keyczar Discuss, Scott Carlson
Hello All.

We'd like to use Keyczar's Python bindings to encrypt small messages. Using the code below, we get ciphertext output of 261 bytes.

import keyczar
encrypter = keyczar.Encrypter.Read(RSA_PUBKEY_PATH)
ciphertext = encrypter.Encrypt(PLAINTEXT)

Are there any options available for reducing the size of the ciphertext output? 

We'd like to reduce it to 256 bytes if possible - that's convenient for our message transport protocol.

It seems that the 261 byte output we're seeing is 256 bytes plus a 5 byte header:
  1 byte for the Keyczar version
  4 bytes of key hash 
... as per section 5.4 "Output Headers"

Thanks for your help,


Further discussion on this topic here:

Steve Weis

Jul 16, 2016, 8:52:01 PM7/16/16
Hi Tyler. Short answer: No, there are no options to reduce RSA ciphertext size as Keyczar is written.

The RSA payload itself is 256 bytes, so the only way you can reduce to that size is to manually drop the version and key hash bytes. You'd need to splice those bytes back on at the receiving end or modify keyczar to ignore the missing headers and try to decrypt with all available keys. If you only have one key, the latter is probably fine.

Note, there is an "unversioned" signer and verifier in Java that does not use a header, and on verification tries all keys. There isn't an analogous class for encrypters. 

You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

devin lundberg

Jul 18, 2016, 12:11:06 PM7/18/16
You should also note that if you ever want to do rotation (you probably want this; breaches happen) some sort of extra data is required. If you are defining a protocol, you could probably include version bits elsewhere (theres a lot of good reasoning to include versioning in a protocol) and somehow preshare key hashes for the applicable version, but that might make things more complicated for your protocol.
Reply all
Reply to author
0 new messages