Hi,
> I'm interested in views/comments on RSA keys generation.
> Namely, testing whether (p-1)(q-1) is relatively prime to e.
>
> It seems both p and q generated are not strong primes
> so there might be (a slim) chance for e to divide p-1 or q-1.
> However, this check (together with changing e) is disabled
> in the RSA_generate_key().
>
> I'm particular interested exactly why it is believed that
> gcd(p-1,e)==1 and gcd(q-1,e)==1 (according to comments
> in the source).
well, it's tested for each prime separately, see lines 121-122
...
/* generate p and q */
for (;;)
{
if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
goto err;
if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
------------> if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
------------> if (BN_is_one(r1)) break;
if(!BN_GENCB_call(cb, 2, n++))
goto err;
}
and 146-148 (0.9.8-dev).
....
-----------> if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
-----------> if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-----------> if (BN_is_one(r1))
break;
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
