次の方法で共有


All About RSAParameters

The RSA class exposes an ExportParameters method which allows you to get at the raw RSA key in the form of an RSAParameters structure.  What that structure contains isn't very obvious to people not familiar with how RSA works.  With fields named P, Q, D, DP, DQ just looking at it isn't going to help figure it out either.

First a very quick refresher on the names of some of the numbers used in RSA.  To generate a key pair, you start by creating two large prime numbers named p and q.  These numbers are multiplied together and the result is called n.  Note that since p and q are both prime, the only factors of n are 1, p, q, and n.  Next you figure out how many numbers are relatively prime to, that is have no factors in common with, n (we'll only consider numbers less than n).  Skipping some of the math, it turns out that there will be (p - 1)(q - 1) of these numbers.  Now we'll choose a number e relatively prime to that value.  The public key is now represented as {e, n}.

To create the private key, we'll calculate d, which is a number such that (d) (e) mod n = 1.  Again, skipping over some of the math, Euclid's algorithm will help us here.  The private key is now {d, n}.

Encryption of plaintext m to ciphertext c is defined as c = (m ^ e) mod n.  Decrypting would then be defined as m = (c ^ d) mod n

Armed with those definitions we can now look at the fields of RSAParameters and start to understand what they are.  I've also included the field that they correspond to in PKCS #1 Appendix A 1.2, which defines a format for RSA private keys.

RSAParamters Field Contains PKCS #1 (A.1.2) Field
D This one's easy -- it contains d, the private exponent privateExponent
DP d mod (p - 1) exponent1
DQ d mod (q - 1) exponent2
Exponent e, the public exponent publicExponent
InverseQ (InverseQ)(q) = 1 mod p coefficient
Modulus n modulus
P Also self-explantory, p prime1
Q q prime2

Since the security of RSA derives from the fact that even knowing the public key { e, n }, it's computationally infeasible for me to calculate d, either directly or by factoring n into p and q, we can tell that any part of the key related to d, p, or q must be kept secret.  Therefore, if you call GetParameters and ask for only the public key information you'll receive only Exponent and Modulus.  The other fields are only available if you have access, and requested the private key.

RSAParameters is not encrypted in any way, so you need to be careful when using it with any of the private key information.  In fact, none of the fields that contain private key information are serializable.  That means if you try to serialize an RSAParameters structure, for instance with a remoting call or by using one of the serializers, you'll only have public key information available on the other end.  If you really need to pass private key information as well, then you'll have to manually send that data remembering that if anyone can somehow figure out what those parameters are, the key that you've just transmitted is now broken.

Comments

  • Anonymous
    September 17, 2006
    cool

  • Anonymous
    April 09, 2009
    To create the private key, we'll calculate d, which is a number such that (d) (e) mod n = 1. is incorrect.  It should be: To create the private key, we'll calculate d, which is a number such that (d) (e) mod phi(n) = 1, where phi(n) is the Euler totient function, which is the number of positive integers <n that are relatively prime to n, in this case (p-1)(q-1).

  • Anonymous
    February 19, 2010
    How can I fill in RSAParameters if I have having the following input from the third party?: Modulus: 123456 Exponet: 111