我了解RSA加密的数学原理: ~/.ssh 中的文件与理论有何关系? [英] I understand the mathematics of RSA encryption: How are the files in ~/.ssh related to the theory?

问题描述

我在 RSA 维基页面的工作示例"中进行了数学计算:https://en.wikipedia.org/wiki/RSA_(algorithm) 并完全理解它.对于这个问题的其余部分，我将使用与维基页面一致的数学变量.

I went through the math in the "worked example" in the RSA wiki page: https://en.wikipedia.org/wiki/RSA_(algorithm) and understood it entirely. For the remainder of this question, I will use math variables consistent with the wiki page.

我在一台 Unix 机器上，我正在查看 ~/.ssh 目录，我看到了所有这些文件

I'm on a Unix machine and I'm looking in the ~/.ssh directory and I see all these files

id_rsa
id_rsa.pub

我想将理论与实践联系起来.

and I want to connect the theory with the practice.

id_rsa 到底是什么?如果我猫它

What exactly is in id_rsa? If I cat it

cat id_rsa

我得到了一大堆字符.这是数字 n = pq 的某种表示吗?它究竟是什么代表?基数 64?如果是这样，那么 id_rsa.pub 是否假设是数字 e 和 n 的某种表示?

I get a big jumble of characters. Is this some representation the number n = pq? What representation is it exactly? base 64? If so, then is id_rsa.pub suppose to be some representation of the numbers e and n?

总的来说，我试图将 RSA 的理论与通过 Unix 机器上的 ssh 程序实现的实际实践联系起来.任何正确方向的答案或指示将不胜感激.

In general, I'm trying to connect the theory of RSA with the actual practice as implemented through the ssh program on Unix machines. Any answers or pointers to the right direction would be greatly appreciated.

推荐答案

id_rsa 是 base64 编码的 DER 编码字符串.RFC3447(又名 PKCS1):

id_rsa is a base64-encoded DER-encoded string. The ASN.1 syntax for that DER-encoded string is described in RFC3447 (aka PKCS1):

  Version ::= INTEGER { two-prime(0), multi(1) }
      (CONSTRAINED BY
      {-- version must be multi if otherPrimeInfos present --})

  RSAPrivateKey ::= SEQUENCE {
      version           Version,
      modulus           INTEGER,  -- n
      publicExponent    INTEGER,  -- e
      privateExponent   INTEGER,  -- d
      prime1            INTEGER,  -- p
      prime2            INTEGER,  -- q
      exponent1         INTEGER,  -- d mod (p-1)
      exponent2         INTEGER,  -- d mod (q-1)
      coefficient       INTEGER,  -- (inverse of q) mod p
      otherPrimeInfos   OtherPrimeInfos OPTIONAL
  }

DER 编码使用标记-长度-值表示法.所以这是一个示例私钥:

DER encoding uses a tag-length-value notation. So here's a sample private key:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----

这里是十六进制编码:

3082025c02010002818100aa18aba43b50deef38598faf87d2ab634e4571c130a9bca7b878267414
faab8b471bd8965f5c9fc3818485eaf529c26246f3055064a8de19c8c338be5496cbaeb059dc0b35
8143b44a35449eb264113121a455bd7fde3fac919e94b56fb9bb4f651cdb23ead439d6cd523eb081
91e75b35fd13a7419b3090f24787bd4f4e196702030100010281801628e4a39ebea86c8df0cd1157
2691017cfefb14ea1c12e1dedc7856032dad0f961200a38684f0a36dca30102e2464989d19a80593
3794c7d329ebc890089d3c4c6f602766e5d62add74e82e490bbf92f6a482153853031be2844a7005
57b97673e727cd1316d3e6fa7fc991d4227366ec552cbe90d367ef2e2e79fe66d26311024100de03
0e9f8884171ae90123878c659b789ec732da8d762b26277abdd5a68784f8da76abe677a6f00c77f6
8dcd0fd6f56688f8d45f731509ae67cfc081a6eb78a5024100c422f91d06f66d0af8072a2b70c5a6
fe110fd8c67344e57bdf2178d613ec442f66eba2ab85e3bd1cf4c9ba8dfff6ce69faca86c4e9452f
4343b784a4a2c8e01b0240164972475b99ff03c98e3eb5d5c741733b653ddaa8c6cb101a787ce41c
c28ffbb75aa069136be3bf2cafc88e645face4ed2d258cab6dda39f2dbed3456c05ead0241009182
d4c8393b2768e4dc03e818913ab3f11a8d9ba536eefdf86b4fc79b1e44f3d9ea6553d55041243363
5a193155fc8b59b95944cb3f3db22c9201415757aa13024011a88ae4a84a369f52157b8b57041a96
fcf21e4d058673597199dfbb09e50b16fac272a0d75edf11fcbdd5e1cd4ede4fcd83e97fec730f51
673fbfeab089e29d

30 是因为它是一个 SEQUENCE 标签.82025c 代表长度.第一个字节表示长度是长格式"(82 & 80)，接下来的两个字节表示长度(82 & 7F).所以SEQUENCE的实际长度是025c.所以在那之后是价值.

The 30 is because it's a SEQUENCE tag. The 82025c represents the length. The first byte means the length is of the "long form" (82 & 80) and that the next two bytes represent the length (82 & 7F). So the actual length of the SEQUENCE is 025c. So after that is the value.

然后你会得到版本.02 是 int 类型，01 是标签长度，00 是值.IE.它是一个双主键而不是多主键.

Then you get to the version. 02 is of type int, 01 is the tag length and 00 is the value. ie. it's a two-prime key as opposed to a multi-prime key.

有关可分辨编码规则的更多信息.

试图理解ASN.1要复杂得多，而且为了理解RSA私钥的格式，很多都是不必要的.对于 X.509，它变得更加必要，但 RSA 密钥在格式方面并不像 X.509 证书那样复杂.

Trying to understand ASN.1 is a lot more complicated and a lot of it, for the purpose of understanding the formatting of RSA private keys, is unnecessary. For X.509 it becomes more necessary but RSA keys aren't nearly as complicated, formatting-wise, as X.509 certs.

希望有帮助！

这篇关于我了解RSA加密的数学原理: ~/.ssh 中的文件与理论有何关系?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！