When P is larger than Q

Thu, 20 Mar 2014 23:02:30 -0700 

I've noticed that iOS RSA keys (which I believe are generated using openssl
underneath it all) are created with P larger than Q, which is posing a
problem for me.

  When I export the 512-bit private key from iOS, I get a PKCS#1 formatted
key. When I decode that into RSAParameters, I see that P and Q are of
unequal size (Q is 32 bytes and P is 33). This makes Windows reject it as
Bad Data, since it is expecting both P and Q to be exactly half the length
of the modulus. Note that the extra byte is *not* a leading (or trailing)
zero. The first byte is a 1. And that 1 is significant. I verified that
p*q=mod when p includes the leading 1. So I'm a little dumbfounded that iOS
would produce a key where p is longer than q, particularly since Windows
seems to disallow that. Given this, I don't know how to pass a private key
from iOS to Windows.


I'm wondering whether P is supposed to be larger than Q, if there is
something I can do to suppress that when generating keys, or if there's
anything I can do to coerce them to be the same length later. I tried just
padding Q with a leading 0, and then padding the modulus as well since it's
supposed to be twice the length of P and Q, but that led to encryption that
had leading zeros in the ciphertext and decryption failed.


Thanks.



Any ideas? One specific 512-bit key I generated as part of a test is below,
with all the variables I decoded from it, in big endian.



          * Raw private key data exported from iOS (believed to be PKCS#1
format): MIIBOgIBAAJBALx0Z0O1n/2E+

Boyt7UEIQD62y8MQQPILJC2AguHvPfo8E5ScBBPa8dMCHVRCcKJJ868F

JdebracYthqCHn19KMCAwEAAQJBAKAgsFXCD+2UfFOWYK44keqJPJBfcybJgcR8QoSVk6V40MkwgAm

jVn4cumCLZgxwJ+O5fbS/xmzeRSBz8gdPfrECIQGbqLr8paSZLW80ixXQK9YCx76nkg4I2UdBq+h5taAwn

QIgdTHt32eGkYjiVT81BnM6D9pmX508VulYsBalYtbmlj8CIEYX4dbZAYDPeqrwr8MlY6hPiIgR12/sRzTIZ6

opoeAFAiAtESA6UuNKv+rZgU7wxgrD4eaQSjTT7zPtsyeyVJWjnQIhAONhytT6rHH9n3nE4K7Xxz3DjYodX

zzM6Bm2C1jiGrEM

         *

           Modulus:
 
vHRnQ7Wf/YT4GjK3tQQhAPrbLwxBA8gskLYCC4e89+jwTlJwEE9rx0wIdVEJwoknzrwUl15utpxi2GoIefX0ow==

           Exponent: AQAB

           D:
 
oCCwVcIP7ZR8U5ZgrjiR6ok8kF9zJsmBxHxChJWTpXjQyTCACaNWfhy6YItmDHAn47l9tL/GbN5FIHPyB09+sQ==

           P:        AZuouvylpJktbzSLFdAr1gLHvqeSDgjZR0Gr6Hm1oDCd

           DP:       Rhfh1tkBgM96qvCvwyVjqE+IiBHXb+xHNMhnqimh4AU=

           DQ:       LREgOlLjSr/q2YFO8MYKw+HmkEo00+8z7bMnslSVo50=

           Q:        dTHt32eGkYjiVT81BnM6D9pmX508VulYsBalYtbmlj8=

           InverseQ: 42HK1Pqscf2fecTgrtfHPcONih1fPMzoGbYLWOIasQw=

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

Reply via email to