Data size after encryption (AES encryption)

Posted on 2011-03-15
Last Modified: 2012-05-11
We have a problem in hand where we distribute an xml file to our clients. The data has to be visible to the clients on a particular date of the year (Embargo date). Since the data size is going to be large, we allow them to download the xml prior to the Embargo date, but want the data to be visible only on/after this date.

The data has two parts i. Share details which can be visible anytime ii. share portfolio details (group of data elements) which needs to remain secret till the Embargo date.

So we are thinking of encrypting the secret data elements only within the xml and publish the xml file much before the embargo date. On the morning of embargo date, we will reveal the Decryption key and the clients can use that to see the full data.

The clients on their end will download the xml prior to the embargo date and import into their system to prove that the file works fine. The portfolio details will be kept in staging area which show up as junk characters. Once the Decryption key is obtained, they can decrypt the data and see the actual characters.

We have decided to use AES encryption algorithm. The dev platform is .Net. Our objective is the keep the data file as small as possible to facilitate easy download. As I said, we don't want the whole data to be encrypted, only few data elements need to be encrypted.

The questions we are trying to answer is, how much the data size increases after encryption. This will help us take decision on whether
i. we will encrypt each secret data element individually or
ii. concatenate the secret data elements and encrypt it as one field
iii. We have another option, to separate non-secret and secret data into two files

I have seen that if I use 256 bit key, a 1 byte to 15 byte data becomes 24 bytes after incryption, 16 byte becomes 44, 100 byte becomes 152, 1000 bytes become 1344 etc.

Can anyone help me estimating the data size after applying AES encryption. This can be either using 128 bit or 256 bit key size.
Question by:tknayak123
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
LVL 27

Expert Comment

ID: 35136942
How about zipping the files before transfer.

This should reduce the amount of transfer data.

Author Comment

ID: 35137143
Sorry I did not mention that earlier.
The strategy within the enterprise for similar data transfers to the client is, "compress the file just before the transfer." This is the strategy for our Transport layer. This is not a current strategy to compress it, then encrypt and then compress again.

I know, compressing the data after encryption does not help much. So in our new solution when we encrypt and then compress at the Transport layer, it is not going to help much. But we cannot change the strategy for this one requirement.

What I need to understand today is the impact of encryption on data size.

Author Comment

ID: 35139533
I have done further analysis on the increase in the data size. Here is the matrix.

1-15 bytes  becomes 24 bytes
16 bytes      becomes 44 bytes
100 bytes    becomes 152 bytes  (52 % increase)
500 bytes    becomes 684 bytes  (37% increase)
1 kb             becomes 1388 bytes (35.5% increase)
1 mb            becomes  1398124 bytes (33% increase)
>1 mb upto 30 mb, there is a 33% increase.
I have not tried data greater than 30mb.

So there is a significant increase in the data size after encryption using AES-256.
But in some of the forums, it is suggested that there is no increase in file size. One of the examples is here:
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 10

Expert Comment

ID: 35139560
You may want to consider using the password protection of Excel 2007 which, according to uses AES 128. As the xlsx-format is compressed anyway I consider this to be a good solution.

Author Comment

ID: 35152876
The use of Excel is not considered due to compatibility reasons and company policy.
The B2B solution of the enterprise operates on certain principles, which cannot be changed easily.

Author Comment

ID: 35152889
Does anyone have experience in data encryption, who can comment on my observations (see the comments above where I have given some statistics where the data size increases after encryption).

Or does anyone contradict my views.

Accepted Solution

tknayak123 earned 0 total points
ID: 35152970
I have found the answer now.

The method to calculate the data size after encryption is described very clearly at this link:

With respect to my observations in the post above where the data size increases after encryption, that is due to applying base64 encoding.

Hope this helps everyone who is searching for this.

Author Closing Comment

ID: 35178863
I found this answer after a lot of search.

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question