what is the smallest possible modulus for RSA2048? I generate a random data with I want to encrypt by a textbook RSA2048 and I'm not sure where the first 1-bit should be.
According to OpenSSL source code and used padding function, the first byte seems to be 0, 2 follows and than there could be anything. Seems I need first 14bits to be 0 to ensure my plaintext fits the RSA modulus.
The modulus defines the key length for RSA. So a 2048 bit key has a 1 at the leftmost bit. Otherwise there could be almost any number of zero's following it, each zero becoming less likely, as the modulus value depends on two large random primes - usually in the order of half the bit size of the modulus. So if you want to take a minimum modulus $N$ into account, you can have any 2047 bit message for plaintext RSA - as long as the most significant bit of the most significant byte is zero (commonly RSA uses big endian calculations, so that would be the highest order bit of the leftmost byte).
But please note that plaintext RSA is insecure; the security of the scheme would depend on the content of the message. If it by chance is a fully OAEP padded message then it is certainly secure if verified correctly, but I'm not sure you would implement a secure scheme by chance. Actually, I would consider it highly unlikely that a scheme would survive even the simplest of plaintext oracle attacks.
