>From my relentless search on the internet I hit upon this webpage >http://www.mobilefish.com/services/rsa_key_generation/rsa_key_generation.php which accepts prime values and generates the rest of the exponents and coefficients. It mentions "Enter CRT coefficient (qInv)*: qInv = q-1 mod p " I wonder if the smart card user guide might have printed P-1 instead of P-1. Even so I don't know how such a small real number obtained after taking the inverse can be a big integer. In fact Java BigInteger doesn't allow raising to a negative exponent value.
--- On Wed, 15/12/10, Kannan J <kannan_jayapraka...@yahoo.co.in> wrote: From: Kannan J <kannan_jayapraka...@yahoo.co.in> Subject: Re: How to compute crt coefficient (PQ) value of a private key? To: openssl-users@openssl.org Date: Wednesday, 15 December, 2010, 11:16 AM I'm copying and pasting the text from the smart card guide. It is too big to attach. The following convention applies for the P, Q, DP1, DQ1, and PQ parameters: · P is the smallest RSA prime · Q is the other RSA prime · DP1 = D mod (P – 1), where D is the secret RSA exponent · DQ1 = D mod (Q – 1) · PQ = P-1 mod Q NOTE: For the key being loaded, Size of (P) must be equal to Size of (Q) and this value must be half the size of modulus. For example: For RSA 2048-bit key, modulus size is 256, and size (P) , Size (Q) are half the modulus size, (I.e.) 128 bytes thanks Kannan --- On Wed, 15/12/10, Victor Duchovni <victor.ducho...@morganstanley.com> wrote: From: Victor Duchovni <victor.ducho...@morganstanley.com> Subject: Re: How to compute crt coefficient (PQ) value of a private key? To: openssl-users@openssl.org Date: Wednesday, 15 December, 2010, 10:08 AM On Tue, Dec 14, 2010 at 07:30:33PM -0800, Kannan J wrote: > I have a private key that I need to load onto the smart card. > The PIV User Guide says PQ = P-1 mod Q Instead of re-interpreting it is best to provide a direct reference, or at least an unedited quote of the specificied requirements with enough context so the specs make sense... Clearly "PQ" is always zero mod Q, so you seem to want P = 1 mod Q, which is only possible if P is the larger of the two primes. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
