Filter
Top Products
Chapter 7 Public-Key Operations 215
Performing RSA Operations
Step 2: Setting the Algorithm Object
For this example, use AI_RSAKeyGen to generate an RSA key pair. The Reference Manual
Chapter 2 entry for
AI_RSAKeyGen states that the
info
for B_SetAlgorithmInfo is a
pointer to an
A_RSA_KEY_GEN_PARAMS structure, defined as:
where
ITEM is:
The size of the modulus in bits can be any number from 256 to 2048; the larger the
modulus, the greater the security. Unfortunately, the larger the modulus, the longer it
takes to generate key pairs and to encrypt and decrypt. RSA Security recommends 768
bits or more for applications. In testing and learning, though, it is safe to choose a
smaller modulus to save time. For this exercise, choose 512.
The public exponent is usually one of two values: F
0
= 3 or F
4
= 65537. Recall that the
algorithm requires a public exponent that has no common divisor with (p–1)(q–1).
With F
0
or F
4
, it is easier to find primes p and q that meet that requirement. F
4
is also a
good choice for a public exponent because it is large, prime, and of low weight.
Weight here refers to the number of 1’s in the binary representation: in hex, F
4
is
01 00 01. The F in F
0
and F
4
stands for Pierre de Fermat, the 17th-century
mathematician who first described the special properties of these and other numbers.
For more information on F
4
(and other Fermat numbers), see ITU-T X.509, Annex D.
For this example, choose F
4
:
typedef struct {
unsigned int modulusBits; /* size of modulus in bits */
ITEM publicExponent; /* fixed public exponent */
} A_RSA_KEY_GEN_PARAMS;
typedef struct {
unsigned char *data;
unsigned int len;
} ITEM;
A_RSA_KEY_GEN_PARAMS keygenParams;
static unsigned char f4Data[3] = {0x01, 0x00, 0x01};