Performing RSA Operations

Step 2: Setting the Algorithm Object

For this example, use AI_RSAKeyGen to generate an RSA key pair. The Reference Manual Chapter 2 entry for AI_RSAKeyGen states that the info for B_SetAlgorithmInfo is a pointer to an A_RSA_KEY_GEN_PARAMS structure, defined as:

typedef struct

{

 

unsigned int

modulusBits;

/* size of modulus in bits */

ITEM

publicExponent;

/* fixed public exponent */

} A_RSA_KEY_GEN_PARAMS;

 

 

 

 

where ITEM is:

 

 

typedef struct { unsigned char *data; unsigned int len;

}ITEM;

The size of the modulus in bits can be any number from 256 to 2048; the larger the modulus, the greater the security. Unfortunately, the larger the modulus, the longer it takes to generate key pairs and to encrypt and decrypt. RSA Security recommends 768 bits or more for applications. In testing and learning, though, it is safe to choose a smaller modulus to save time. For this exercise, choose 512.

The public exponent is usually one of two values: F0 = 3 or F4 = 65537. Recall that the algorithm requires a public exponent that has no common divisor with (p–1)(q–1).With F0 or F4, it is easier to find primes p and q that meet that requirement. F4 is also a good choice for a public exponent because it is large, prime, and of low weight. Weight here refers to the number of 1’s in the binary representation: in hex, F4 is

01 00 01. The F in F0 and F4 stands for Pierre de Fermat, the 17th-century mathematician who first described the special properties of these and other numbers. For more information on F4 (and other Fermat numbers), see ITU-T X.509, Annex D.

For this example, choose F4:

A_RSA_KEY_GEN_PARAMS keygenParams;

static unsigned char f4Data[3] = {0x01, 0x00, 0x01};

C h a p t e r 7 P u b l i c - K e y O p e r a t i o n s

2 1 5

Page 237
Image 237
RSA Security 5.2.2 manual Setting the Algorithm Object, Where Item is