> I'd like to propose to include the following additional two command line > arguments for the openssl binary when creating RSA keys. While the patch is
This seems reasonable, thanks. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: [email protected] Twitter: RichSalz > -----Original Message----- > From: [email protected] [mailto:owner-openssl- > [email protected]] On Behalf Of Benny Baumann > Sent: Saturday, August 09, 2014 9:22 AM > To: [email protected]; [email protected] > Subject: [LibReSSL] Allow key generation to use arbitrary public exponents > > Hi, > > written to apply to LibReSSL 2.0.5 it should apply to genrsa.c of OpenSSL > 1.0.1 > just fine too. > > While the default of 65537 is a sane default it's not strictly forced by any > standard. In contrast when looking at NIST SP-800-56B section 6.2.1 bullet 2b > it is described as "an odd positive integer such that 65537 <= e < 2**256" > > As the plain RSA only requires e to be co-prime to both p-1 and q-1 and given > the obvious limitation for e=1 yielding no security, there is no mathematical > backing for any upper bound for e (except the obvious one given by p*q-1). > > The change only affects the key generation and extends the possibility to use > custom public exponents as has been done in certain areas previously. > Implementations conforming to the mathematical foundation should be > unaffected as otherwise they would have been broken for decryption all > along. > > Kind regards, > Benny Baumann ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
