RE: PGP scripting...

It looks like you're describing the so-called "multi-prime RSA", which is defined in PKCS #1. There is no symmetry in this case, as the private key contains a lot more information here than in the original 2-prime RSA.

Decryption is more efficient using this system.

Some time ago I was in fact looking at implementing a system where private keys were distributed as part of some software, but public keys were kept secret (the intention was to encrypt some information into a product license key that could be pulled out later). The proposal ended up being a bit unpractical, but it is one conceivable instance where you might want a published private key.

In any case, the algorithm below is (yet another) example of why you have to be *extremely* careful about this sort of thing. If using RSA provided in a crypto library, you would need to know the actual implementation of the algorithm in order to be sure you can safely 'reverse' the keys without compromising the entire system.

Cheers,
Ken

-----Original Message-----
From: Jason Coombs [mailto:jasonc@science.org] Sent: Friday, January 10, 2003 6:00 PM
To: Kenneth Buchanan; 'Tom Arseneault'; Chris Matthews; 'Frank Knobbe' Cc: secprog@securityfocus.com
Subject: RE: PGP scripting...

Aloha,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

In addition to being confused about arbitrary asymmetry in RSA cryptography and whether or not e and n were reversibly derived from d such that possession of d was the same as possession of e and n, I was making a practical assertion that many RSA implementations aren't coded in such a way as to facilitate arbitrary designation of which key is public and which private.

Microsoft .NET, for example, defines a private key as inclusive of its corresponding public key. A valid XML representation of a private key in the .NET Framework includes the public key. As in:

rsaDecrypt.FromXmlString(
"<RSAKeyValue><Modulus>vuQkEFfmNf/XTIRL/ga4WYBsA2GMq" +

The <Modulus> and <Exponent> represent the public key while the private key consists of <P>, <Q>, <DP>, <DQ>, <InverseQ>, and <D>.

Based on the tests that I've done, Microsoft .NET doesn't allow you to load a private key into an instance of the RSA class and use it for encryption, you can only use it for decryption.

As for encryption speed, encryption transformations with a public key (<Modulus> and <Exponent>) take far less time (approximately 1/15th as long) to complete as do decryption transformations with a private key (<P>, <Q>, <DP>, <DQ>, <InverseQ>, and <D>) under Microsoft .NET.

Anyone know why? Is this a known performance differential with RSA or is Microsoft doing something strange?

Sincerely,

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Jason Coombs
jasonc@science.org Received on Mon Mar 24 17:50:48 2003