RSA签名大小? [英] RSA signature size?
问题描述
我想知道RSA签名的长度是多少?它总是与RSA密钥大小相同的大小,如果密钥大小是1024,则RSA签名是128字节,如果密钥大小是512位,则RSA签名是64字节?什么是RSA模量?
RSA-sha1是什么意思?
任何指针非常感谢。
I would like to know what is the length of RSA signature ? Is it always the same size as the RSA key size like if the key size is 1024 then RSA signature is 128 bytes , if the key size is 512 bits then RSA signature is 64 bytes ? what is RSA modulus ? Also what does RSA-sha1 mean ? Any pointers greatly appreciated.
推荐答案
你说的对,RSA签名大小取决于密钥大小, RSA签名大小等于以字节为单位的模数的长度。这意味着对于n位密钥,结果签名将正好是n位长。虽然计算的签名值不一定是n位,但是结果将被填充以精确地匹配n位。
You are right, the RSA signature size is dependent on the key size, the RSA signature size is equal to the length of the modulus in bytes. This means that for a "n bit key", the resulting signature will be exactly n bits long. Although the computed signature value is not necessarily n bits, the result will be padded to match exactly n bits.
现在这里是如何工作的:RSA 算法基于模幂运算。对于这样的计算,最终结果是正常结果除以模量的余数。模块化算法在数字理论中发挥了重要作用。对于一致性的定义是(我会使用一致,因为我不知道如何得到这些三线等号)。
Now here is how this works: The RSA algorithm is based on modular exponentiation. For such a calculation the final result is the remainder of the "normal" result divided by the modulus. Modular arithmetic plays a large role in Number Theory. There the definition for congruence is (I'll use 'congruent' since I don't know how to get those three-line equal signs)
m is congruent to n mod k if k divides m - n
n = 2和k = 7,则
Simple example - let n = 2 and k = 7, then
2 congurent 2 mod 7 (7 divides 2 - 2)
9 congruent 2 mod 7 (7 divides 9 - 2)
16 congruent 2 mod 7 (7 divides 16 - 2)
...
7实际上确实除以0,除法的定义为
7 actually does divide 0, the definition for division is
整数a划分整数b如果存在整数n,其属性为b = na
An integer a divides a an integer b if there is an integer n with the property that b = na
对于a = 7和b = 0选择n = 0。这意味着每个整数除以0,但它也意味着同余可以扩展为负数(这里不再详细描述,对RSA不重要)。
For a = 7 and b = 0 choose n = 0. This implies that every integer divides 0, but it also implies that congruence can be expanded to negative numbers (won't go into details here, it's not important for RSA).
因此,要点是同余原理扩展了我们对余数的初步理解,模数是mod后的数,在我们的例子中,它将是7.因为有无限量我们将这称为同余类,通常为我们的计算选择一个代表(最小的同余整数> 0),就像我们在讨论计算的余数时直观地做的那样。
So the gist is that the congruence principle expands our naive understanding of remainders, the modulus is the "number after mod", in our example it would be 7. As there are an infinite amount of numbers that are congruent given a modulus, we speak of this as the congruence classes and usually pick one representative (the smallest congruent integer > 0) for our calculations, just as we intuitively do when talking about the "remainder" of a calculation.
在RSA中,签署消息m意味着使用私有指数d取幂,结果r是大于0且小于模数n的最小整数, / p>
In RSA, signing a message m means exponentiation with the "private exponent" d, the result r is the smallest integer >0 and smaller than the modulus n so that
m^d congruent r mod n
这意味着两个事物
- r的长度(以位为单位) )
- m的长度(以位为单位)必须<= n(以位为单位)
为了使签名精确地为n位长,应用某种形式的填充。 。
To make the signature exactly n bits long, some form of padding is applied. Cf. PKCS#1 for valid options.
第二个事实意味着大于n的消息要么必须通过在几个块<= n中打破m来签名,但是这个在实践中没有做,因为它将太慢(模幂运算是计算昂贵的),因此我们需要另一种方法来压缩我们的消息小于n。为此,我们使用加密安全散列函数,例如您提到的SHA-1。将SHA-1应用于任意长度的消息m将产生20字节长,小于RSA模数的典型大小的散列,公共大小是1024位或2048位,即128或256字节,因此签名计算可以应用于任何任意消息。
The second fact implies that messages larger than n would either have to be signed by breaking m in several chunks <= n, but this is not done in practice since it would be way too slow (modular exponentiation is computationally expensive), so we need another way to "compress" our messages to be smaller than n. For this purpose we use cryptographically secure hash functions such as SHA-1 that you mentioned. Applying SHA-1 to an arbitrary-length message m will produce a "hash" that is 20 bytes long, smaller than the typical size of a RSA modulus, common sizes are 1024 bits or 2048 bits, i.e. 128 or 256 bytes, so the signature calculation can be applied for any arbitrary message.
这样的散列函数的加密属性确保(在理论上,签名伪造在研究社区中是一个巨大的话题),不可能伪造一个签名
The cryptographic properties of such a hash function ensures (in theory - signature forgery is a huge topic in the research community) that it is not possible to forge a signature other than by brute force.
这篇关于RSA签名大小?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
