微软CSP RSA密钥大小 [英] Microsoft RSA CSP key size
问题描述
这是我所看到的,微软的RSA CSP总是产生相同的位长度的伪素数。因此,如果密钥大小是1024时,P和Q值似乎是(?)保证是512比特的每个?有谁知道是否这一点,其实是这样的?
From what I can see, Microsoft's RSA CSP always generates identical bitlength pseudo prime numbers. So if the key size is 1024, the P and Q values seem to be (?) guaranteed to be 512 bits each? Does anyone know for sure if this, in fact, is the case?
我建立我自己的RSA实现和微软之间的互操作性模块。在我来说,我已经建立了P&放大器之间的小的随机变化;的Q值,以便为1024位密钥我可以用一个值是506比特和其他518在纯粹的实验基础上,如果我锁定方差为0结束了(即P和,Q值的大小相等) - 观光工作应该的样子,我只要我做的大小可变微软RSA对象在导入过程中与坏数据作为响应。
I'm building an interoperability module between my own RSA implementation and Microsoft's. In my case I have built in a small random variance between P & Q values so for 1024 bit key I could end up with one value being 506 bits and the other 518. On purely experimental basis, if I lock the variance to 0 (i.e. the P & Q values are equal in size) -- Things work the way they should, I soon as I make the size variable Microsoft RSA object responds with "Bad Data" during import process.
我在寻找,微软强制等于密钥长度,因此,如果任何人有任何的信息,请发表确认
I'm looking for a confirmation that Microsoft enforces equal key sizes, so if anyone has any information on it, please post
在有人有机会问为什么我实现我自己的RSA提供者:CryptoAPI的没有发挥多线程环境不错,它锁定在CryptoServiceProvider机器密钥库调用;这意味着找不到文件(而神秘的)错误,如果从多个线程访问
Before someone has a chance to ask why I had to implement my own RSA provider : CryptoAPI doesn't play nice in a multithreaded environment, it locks the machine keystore on CryptoServiceProvider calls; which means "File not found" (rather cryptic) errors if accessed from multiple threads
对于那些关心,看看这里:<一href=\"http://blogs.msdn.com/b/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx\" rel=\"nofollow\">http://blogs.msdn.com/b/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx
For those that care, take a look here: http://blogs.msdn.com/b/alejacma/archive/2007/12/03/rsacryptoserviceprovider-fails-when-used-with-asp-net.aspx
推荐答案
微软的RSA CSP产生和使用,它可以描述的格式的 nofollow的>,看起来是这样的:
Microsoft's RSA CSP generates and uses private keys which it can export and import in the format described on this page, and looks like this:
BLOBHEADER blobheader;
RSAPUBKEY rsapubkey;
BYTE modulus[rsapubkey.bitlen/8];
BYTE prime1[rsapubkey.bitlen/16];
BYTE prime2[rsapubkey.bitlen/16];
BYTE exponent1[rsapubkey.bitlen/16];
BYTE exponent2[rsapubkey.bitlen/16];
BYTE coefficient[rsapubkey.bitlen/16];
BYTE privateExponent[rsapubkey.bitlen/8];
这在CSP可以处理(特别是产生),所以私钥必须具有以下性质:
So private keys that the CSP can handle (and in particular generate) must have the following properties:
- 模数长度,位数,必须是16的倍数。
- 每个素数因子的长度必须不超过半模的长度。
- 专用指数不得超过模长。
- 专用指数,降低模的 P-1 的(相应的 Q-1 的)必须不超过一半的模数。
- The modulus length, in bits, must be a multiple of 16.
- The length of each prime factor must be no more than half the length of the modulus.
- The private exponent must not be longer than the modulus.
- The private exponent, reduced modulo p-1 (resp. q-1) must be no longer than half the modulus.
从技术上讲,有私营指数无限多的可能值的 D 的,并且同样适用于 exponent1 和 exponent2 ,因为所有的数学问题是价值的 D 的模的 p-1 的和的 q-1 的;已经提出,如果他们最终与低级汉明重量以接受稍长私人指数部分,因为这将导致某些性能优点。底线:上述格式不会让你做到这一点。
Technically, there are infinitely many possible values for the private exponent d, and similarly for exponent1 and exponent2 because all that mathematically matters are the value of d modulo p-1 and q-1; it has been suggested to accept slightly longer private exponent parts if they end up with a lower Hamming weight, because this would lead to some performance benefits. Bottom-line: the format described above will not let you do that.
其它特征的关键必须是可以接受的,以微软的code(但在上述说明中未直接报告):
Other characteristics that the key must have to be acceptable to Microsoft's code (but not directly reported in the description above):
- 第一任的数值( P 的,又名
prime1)必须大于第二个主要的数值越大(问:的,又名prime2)。 - 公开指数(这里连接了
rsapubkey场内codeD)必须装在一个32位整数(无符号)。
- The numerical value of the first prime (p, aka
prime1) must be greater than the numerical value of the second prime (q, akaprime2). - The public exponent (here encoded within the
rsapubkeyfield) must fit in a 32-bit integer (unsigned).
因此有这是因为按照 RSA标准名义上有效的许多RSA密钥对的,但它不能由微软的RSA的CSP code处理。值得注意的是,最后的约束,在公共指数大小:这意味着该约束不仅仅是在CSP更普遍;如果你安装一个SSL服务器所在的服务器的公钥(其证书中)有一个公共指数不适合32位,那么Internet Explorer将无法连接到它。
Therefore there are many RSA key pairs which are nominally valid as per the RSA standard, but which cannot be handled by Microsoft RSA CSP code. Noteworthy is the last constraint, on the public exponent size: this means that the constraint is more general than just the CSP; if you setup a SSL server where the server's public key (in its certificate) has a public exponent which does not fit in 32 bits, then Internet Explorer will not be able to connect to it.
因此,在实践中,如果生成RSA密钥对,你必须确保他们遵守上述规则。别担心:以我们所知,这些规则不会降低安全性。
So, in practice, if you generate RSA key pairs, you will have to make sure that they comply with the rules above. Do not worry: to the best of our knowledge, these rules do not lower security.
这篇关于微软CSP RSA密钥大小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
