blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
4.1.1 RSA Keys Connected: An Internet Encyclopedia
4.1.1 RSA Keys

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1423
Up: 4. Asymmetric Key Management Algorithms
Up: 4.1 Asymmetric Keys
Prev: 4.1 Asymmetric Keys
Next: 4.2 Asymmetric Encryption Algorithms

4.1.1 RSA Keys

4.1.1 RSA Keys

An RSA asymmetric key pair is comprised of matching public and private keys.

An RSA public key consists of an encryption exponent e and an arithmetic modulus n, which are both public quantities typically carried in a public-key certificate. For the value of e, Annex C to X.509 suggests the use of Fermat's Number F4 (65537 decimal, or 1+2**16) as a value "common to the whole environment in order to reduce transmission capacity and complexity of transformation", i.e., the value can be transmitted as 3 octets and at most seventeen (17) multiplications are required to effect exponentiation. As an alternative, the number three (3) can be employed as the value for e, requiring even less octets for transmission and yielding even faster exponentiation. For purposes of PEM, the value of e shall be either F4 or the number three (3). The use of the number three (3) for the value of e is encouraged, to permit rapid certificate validation. An RSA private key consists of a decryption exponent d, which should be kept secret, and the arithmetic modulus n. Other values may be stored with a private key to facilitate efficient private key operations (see PKCS #1 [11]).

For purposes of PEM, the modulus n may vary in size from 508 to 1024 bits.

Two ASN.1 object identifiers have been defined to identify RSA public keys. In Annex H of X.509 [8], the object identifier

     rsa OBJECT IDENTIFIER ::= {
         joint-iso-ccitt(2) ds(5) algorithm(8)
         encryptionAlgorithm(1) 1
     }

is defined to identify an RSA public key. A single parameter, KeySize, the length of the public key modulus in bits, is defined for use in conjunction with this object identifier. When this object identifier is used with the ASN.1 type AlgorithmIdentifier, the parameters component of that type is the number of bits in the modulus, ASN.1 encoded as an INTEGER.

Alternatively, in PKCS #1 [11], the ASN.1 object identifier

     rsaEncryption OBJECT IDENTIFIER ::= {
         iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1)
         pkcs-1(1) 1
     }

is defined to identify both an RSA public key and the RSAEncryption process. There are no parameters defined in conjunction with this object identifier, hence, when it is used with the ASN.1 type AlgorithmIdentifier, the parameters component of that type is the ASN.1 type NULL.

A compliant PEM implementation may optionally generate an RSA public-key certificate that identifies the enclosed RSA public key (within the SubjectPublicKeyInformation component) with either the "rsa" or the "rsaEncryption" object identifier. Use of the "rsa" object identifier is encouraged, since it is, in some sense, more generic in its identification of a key, without indicating how the key will be used. However, to facilitate interoperability, a compliant PEM implementation shall accept RSA public-key certificates that identify the enclosed RSA public key with either the "rsa" or the "rsaEncryption" object identifier. In all cases, an RSA public key identified in an RSA public-key certificate with either the "rsa" or "rsaEncryption" object identifier, shall be used according to the procedures defined below for asymmetric encryption algorithms and asymmetric signature algorithms.


Next: 4.2 Asymmetric Encryption Algorithms

Connected: An Internet Encyclopedia
4.1.1 RSA Keys

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609