I'm sorry that I'm writing an answer that contains basically the same information as divanov's answer, but an edit to add all the little details that I think are important would be a complete rewrite of the answer.
Generally you don't want to asymmetrically encrypt your data directly, but instead use RSA to exchange a symmetric key that is used to encrypt your data symmetrically. You can do it like this (idea taken from "Cryptography Engineering" by Ferguson, Kohno and Schneier, a book I can wholeheartedly recommend):
- Assuming that
l
is the bit length of your modulusn
, generate anl-1
bit long random numberr
. Encryptr
with the RSA public key. - Use a cryptographic hash function to generate the symmetric key
k
out ofr
. I would advise the use of sha256:k=sha256(r)
- Encrypt you data with a block cipher like AES256 using a proper "mode" like CBC.
The advantage of this procedure is that you do not have to care about RSA paddings at all (and there is a lot of stuff that can go wrong with them). Please don't check the structure of r
after decrypting, though, and just stuff if into the hash function as you otherwise might open yourself up to padding oracle attacks (akin to this one) that are beyond the scope of my answer though.
Note that for a real world scenario you have to care about authenticity of the data, too. The only common use case where encryption is mostly enough is "data at rest", i.e. if no data is transmitted over the network and you only care about physical theft of your data.