Hi Annie, Am 09.08.2014 19:24, schrieb Annie Yousar: > Hi Ben, you can generate keys with arbitrary exponents using the > genpkey command: > > openssl genpkey -algorithm rsa \ -pkeyopt rsa_keygen_bits:16384 > -pkeyopt rsa_keygen_pubexp:4711 Thanks for this information. Now that you mention this: I read about it in the documentation. But unfortunately genpkey and genrsa produce slightly different output (plain RSA key vs. publicKeyInfo) - thus having such a -pkeyopt like interface available uniformly for genrsa, gendsa and ec might be useful. > > Regards, Ann. Regards, BenBE. > > Am 09.08.2014 15:21, schrieb Benny Baumann:> Hi, >> >> I'd like to propose to include the following additional two >> command line arguments for the openssl binary when creating RSA >> keys. While the patch is written to apply to LibReSSL 2.0.5 it >> should apply to genrsa.c of OpenSSL 1.0.1 just fine too. >> >> While the default of 65537 is a sane default it's not strictly >> forced by any standard. In contrast when looking at NIST >> SP-800-56B section 6.2.1 bullet 2b it is described as "an odd >> positive integer such that 65537 <= e < 2**256" >> >> As the plain RSA only requires e to be co-prime to both p-1 and >> q-1 and given the obvious limitation for e=1 yielding no >> security, there is no mathematical backing for any upper bound >> for e (except the obvious one given by p*q-1). >> >> The change only affects the key generation and extends the >> possibility to use custom public exponents as has been done in >> certain areas previously. Implementations conforming to the >> mathematical foundation should be unaffected as otherwise they >> would have been broken for decryption all along. >> >> Kind regards, Benny Baumann >> > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > Development Mailing List > [email protected] Automated List Manager > [email protected] >
signature.asc
Description: OpenPGP digital signature
