Thank you Nils,
sure that's the reason and it's Ok
[EMAIL PROTECTED] - Wed Jul 28 13:09:24 2004]:
> Hi,
>
> > I'm interested in views/comments on RSA keys generation.
> > Namely, testing whether (p-1)(q-1) is relatively prime to e.
> >
> > It seems both p and q generated are not strong primes
> > so there might be (a slim) chance for e to divide p-1 or q-1.
> > However, this check (together with changing e) is disabled
> > in the RSA_generate_key().
> >
> > I'm particular interested exactly why it is believed that
> > gcd(p-1,e)==1 and gcd(q-1,e)==1 (according to comments
> > in the source).
>
> well, it's tested for each prime separately, see lines 121-122
> ...
> /* generate p and q */
> for (;;)
> {
> if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL,
NULL, cb))
> goto err;
> if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
> ------------> if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
> ------------> if (BN_is_one(r1)) break;
> if(!BN_GENCB_call(cb, 2, n++))
> goto err;
> }
>
> and 146-148 (0.9.8-dev).
> ....
> -----------> if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
> -----------> if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
> -----------> if (BN_is_one(r1))
> break;
>
> Cheers,
> Nils
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
