In message <[EMAIL PROTECTED]> on Fri, 10 Dec 2004 22:56:15 -0500, david zhang <[EMAIL PROTECTED]> said:
davidzhanginottawa> In the book "Network Security with OpenSSL", it davidzhanginottawa> claims (at page 26) that "a public key can be davidzhanginottawa> derived from the private key". This is against davidzhanginottawa> what I learned that there is no way to retrieve davidzhanginottawa> one from the other in the key pair. Very strictly speaking, you're right. The public key is really just the combination of the modulus (n) and the public exponent (e), and the private key is just the combination of the private exponent (d) and the public exponent (e). However, OpenSSL uses PKCS#1 structures to encode the public and the private key. Those structures look like this (taken from ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn): -- =================== -- Main structures -- =================== RSAPublicKey ::= SEQUENCE { modulus INTEGER, -- n publicExponent INTEGER -- e } -- -- Representation of RSA private key with information for the CRT algorithm. -- RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL } So, as you can see, the RSAPrivateKey contains much more than just the strictest parts of the private, it really contains *everything* you might need to do calculations, including parameters for the CRT algorithm. As you can see for yourself, it's a piece of cake to derive a RSAPublicKey from a RSAPrivateKey, and that's exactly what OpenSSL does. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
