RSA keys and BigInteger Article

Similar Messages

• RSA key and block size

  Let's say that I have an RSA key pair that has been generated in a keystore using the keytool utility.
  I am now accessing this key pair through some java code (using the Keystore class) and I want to encrypt/decrypt data using this public/private key.
  In order to encrypt/decrypt arbitray length data, I need to know the maximum block size that I can encrypt/decrypt.
  Based upon my experiment, this block size seems to be the size of the key divided by 8 and minus 11.
  But how can I determine all that programatically when the only thing that I have is the keystore?
  I did not find a way to figure out the size of the key from the keystore (unless it can be computed from the RSA exponent or modulus, but this is where my knowledged of RSA keys stops) and I did not find a way to figure out where this "magic" number 11 is coming from.
  I can always encrypt 1 byte of data and look at the size of the result. This will give me the blocksize and the key size by multiplying it by 8. But it means that I always need the public key around to compute this size (I cannot do it if I have only the private key).
  And this is not helping much on the number 11 side.
  Am I missing something obvious?
  Thanks.

  It is probably a bug. A naive implementation of RSA key generation that would exhibit this bug would work as follows (I'm ignoring the encrypt and decrypt exponents intentionally):
  input: an rsa modulus bit size k, k is even:
  output: the rsa modulus n.
  k is even, so let k=2*l
  step1: generate an l bit prime p, 2^l(-1) < p < 2^l
  step2: generate another l bit prime q, 2^l(-1) < q < 2^l
  step3: output n = p*q
  Now the above might seem reasonable, but when you multiply the inequalities you get
  2^(2*l -2) < n < 2^(2l)
  That lower bound means that n can be 1 bit smaller than you expect.. The correct smallest lower bound for generating the primes p and q is (2^l) / sqrt(2), rounded up to the nearest integer.
  I'll bet the IBM code implements something like the first algorithm.

• Will zeroizing and regenerating the Default-RSA-Key affect any other general purpose keys on my ASA 5545x?

  I have an ASA 5545x that is a production device for receiving all AnyConnect VPN traffic for our organization. We purchased and installed a Comodo certificate to create the trust level necessary for our employees to connect. I'm attempting to enable SSH on the device for management purposes, but the current <Default-RSA-Key> does not allow me to initiate a valid SSH session. I have encountered this issue on other ASAs within our organization, and it hasn't been an issue to simply zeroize the current key and regenerate it to restore the ability to SSH to the devices. Where the snag comes in is that this 5545x is the only ASA that has a key installed that wasn't self signed. With that in mind, I have a few questions about whether 3rd-party signed keys are dependent on the self-signed keys on the device. I intend to zeroize both the <Default-RSA-Key> and the <Default-RSA-Key>.server certificates if they will not affect my VPN-associated Comodo key.
  Does the Comodo key depend on other keys existing on the ASA?
  Am I free to zeroize only the <Default-RSA-Key> without affecting the VPN associated Comodo key?
  Here is the result of the command "show crypto key mypubkey rsa" :
  Key pair was generated at: 12:02:29 CDT Aug 19 2014
  Key name: <Default-RSA-Key>
   Usage: General Purpose Key
   Modulus Size (bits): 1024
   Key Data:
  <Redacted>
  Key pair was generated at: 10:16:52 CDT Sep 20 2012
  Key name: my.comodo.key
   Usage: General Purpose Key
   Modulus Size (bits): 2048
   Key Data:
  <Redacted>
  Key pair was generated at: 01:35:42 CDT Jul 30 2014
  Key name: <Default-RSA-Key>.server
   Usage: Encryption Key
   Modulus Size (bits): 768
   Key Data:
  <Redacted>
  Thank you to any and all that assist me in understanding how the ASA handles certificate keys.

  As long as the Comodo-signed certificate is bound to the my.comodo.key private key (i.e. you used that key when generating the certificate signing request), you should be fine to zeroize the Default-RSA-Key. The latter should ideally only be used for ssh access.

• Generating RSA keys based on p, q, and public exponent

  Hi,
  The problem is the following. I need to generate an RSA key pair on the card based on pre-defined P, Q and public exponent. The KeyPair specs syas that if the public exponent is pre-initialized it will be retained. All other values are overwritten though (I checked with a test applet on jcop41). So two questions:
  1. Do you know of any card that can also retain p and q and generate (calculate) dp, dq, pq, and public modulus. This is contrary to the specification so I doubt there would be any, but it is always good to ask.
  2. Do any of you have a Java code that would do this (ie. calculate the missing key components) that can be run on Java Card, ie. does not use BigInteger or similar classes.
  Cheers,
  Woj

  That is exactly the point I was trying to make, I actually forgot about this thread, because the problem at hand went on the shelf for the moment. To reformulate:
  1. I have only certain parts of the RSA key, but enough parts to determine a valid private/public key pair.
  2. Now I want to generate the missing parts on the card. The JC API requires all the parts to be supplied, it is not possible to provide only partial (but determining the whole key) key information. The KeyPair class can only retain the public exponent during key generation, but not the other parts (according to the specs and my own tests).
  3. My wild guess is that it would probably be doable without too much hassle with host JCE, but it's not an option for me, it has to be done on the card.
  4. I could try to write my own Java Card code that would do this based on, say, openssl implementation, but now I am too lazy, so that's why I asked if somebody possibly has the code that does this.
  Cheers,
  Woj

• Create RSA keys based on p and q

  Is there a way to create a KeyPair based on p and q (BigIntegers or byte[])
  The reason i need this is because i need to encrypt files that need to be decrypted in a c# program (and vice versa). The encryption needs to be RSA (so no DES or....) although i know that there is not really a need for asymetric encryption.
  The problem is I can generate a keypair in Java but then i cannot get the data for that keypair in c# (and vice versa).
  In c# i can create an equivalent of a keyPair based on p and q or on so if there would be a way to get the p and the q of a generated keypair that would also help (or all the other paramets, d, n, e, phi,....).
  Thanks

  You can generate a PKCS8 private key bytes and X509 public key byte using something like
              final KeyPairGenerator rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
              rsaKeyPairGenerator.initialize(2048); // or whatever size you want
              final KeyPair rseKeyPair = rsaKeyPairGenerator.generateKeyPair();
              // The private key as PKCS8 bytes
              final byte[] privateKeyAsBytes = rseKeyPair.getPrivate().getEncoded();
              // The public key as X509 bytes
              final byte[] publicKeyAsBytes = rseKeyPair.getPublic().getEncoded();then you can import the X509 into C# (C# must have a way of importing an X509).
  OR
  do a similar thing in C# and export the X509 public key and import it into Java.
  The private key should only be used by either the C# or Java application (not both) and I would expect whichever needs the private key should generate the key pair.

• Save and load public/private RSA key on file

  hi
  i'm triyng to save and load an RSA key to a file
  i generate the keys:
          KeyPairGenerator generator=null;
          KeyPair coppia=null;
          PrivateKey c_privata=null;
          PublicKey c_pubblica=null;
              generator=KeyPairGenerator.getInstance("RSA");
              //imposto la dimensione
              generator.initialize(1024);
              //genero le 2 chiavi
              coppia=generator.genKeyPair();
              //imposto la privata
              c_privata=coppia.getPrivate();
              //imposo la pubblica
              c_pubblica=coppia.getPublic();
  //i save the key
          FileOutputStream file = new FileOutputStream("key");
          file.write(c_pubblica.getEncoded());
          file.close();and then i use another program that imports the key:
     Key chiave=null;
     FileInputStream file=new FileInputStream("key");
     byte[]byte_chiave=new byte[162];
               X509EncodedKeySpec chiave_spec = new X509EncodedKeySpec(byte_chiave);
              KeyFactory keyFactory = KeyFactory.getInstance("RSA");
              chiave = keyFactory.generatePublic(chiave_spec);but when i try to reload he key i get:
  java.security.InvalidKeyException: IOException : DER input, Integer tag error
  where am i wrong?
  thanks

  sorry...
  this is the correct code:
          Key chiave=null;
          FileInputStream file=new FileInputStream(path);
          byte[]byte_chiave=new byte[file.available()];
          System.out.println("leggo: "+file.read(byte_chiave));
          X509EncodedKeySpec chiave_spec = new X509EncodedKeySpec(byte_chiave);
          KeyFactory keyFactory = KeyFactory.getInstance("RSA");
          chiave = keyFactory.generatePublic(chiave_spec);

• Installation of 27" cinema display with macbook pro silver key and bootcamp

  For everyone out there who may be interested in using the new 27" cinema display with an older Macbook Pro Intel with silver keys and bootcamp.
  What is needed:
  1. Apple 27" cinema display.
  2. Macbook pro Intel silver key model
  3. Altona Dual Link DVI to Mini DisplayPort Converter (Model AT-DP400)
  4. Bootcamp 3.1 drivers from Mac OSX Snow Leopard V10.6.3(retail)
  Procedure:
  1. Update your display software on the Mac OS side. Apple has posted an update on their software downloads page, "LED Cinema Display Software Update 1.0" After doing so, make sure that the 27" CinDisp is operating correctly and you can change the brightness from the system settings.
  2. On the Windows side, install the bootcamp 3.1 drivers. These are on the Snow Leopard distribution CD. However, there is a bug in the .msi installer that causes the installation to go into an endless loop. This must be resolved during the installation of the drivers. The following article discribes how to do this:
  http://discussions.apple.com/thread.jspa?threadID=2305631&tstart=0
  3. After you have successfully installed the bootcamp 3.1 drivers, then install Apple's bootcamp update: "Apple Magic Trackpad and 27-inch LED Cinema Display Update for Windows 32 bit".
  Good luck, it works!

  I have the same MBP and recently bought a 23" cinema display on Craigslist for $140.  It works great.  I had a display port to DVI adapter and it worked fine.  Built a stand to hold the laptop vertically so it's out of the way.  Don't know about older displays but anything with DVI should work fine.
  The screen size and resolution are great for photo editing.  I now have the best of both worlds, a display that rivals my wife's iMac and portability.

• Where can I get a program that generates RSA keys?

  I am doing a project using RSA crypto and need to generate key pairs every now and then. I am working with smart cards and there are no keygen capabilities on them so I'd like to have a program that generates keypairs of desired length for me. I know I'm lazy but this project is not at all about the generation but about the use. ;)
  There should be some program to download I suppose but I haven't been able to find one as of yet.
  Thanks in advance

  As always, I found a program that did this right after this post was written. Strange since I searched for several hours before posting. Well ignore this post then!

• How  to use the RSA  key files generated by Crypto++ in java

  Hi - Good day to all :)
  I have two RSA key files(private key file and public key file) generated by Crypto++ 5.2.1:
  code here:
  void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed)
       RandomPool randPool;
       randPool.Put((byte *)seed, strlen(seed));
       RSAES_OAEP_SHA_Decryptor priv(randPool, keyLength);
       HexEncoder privFile(new FileSink(privFilename));
       priv.DEREncode(privFile);
       privFile.MessageEnd();
       RSAES_OAEP_SHA_Encryptor pub(priv);
       HexEncoder pubFile(new FileSink(pubFilename));
       pub.DEREncode(pubFile);
       pubFile.MessageEnd();
  }generated private key is:
  30820273020100300D06092A864886F70D01010105000482025D3082025902010002818100E19891D888651221AF315B369873F01910D097F554723EE8748FA230F2B954EBEFC57CB402DD03333BA9514AB5256EF92BE714C710D166A1D86CB7A11EFB4499506826AB873F5036B92F07BBB3ABB8F562646DE6E11031C46542633605FDE4A31E0E0A8651B4BC7743C18266D664E59E713D7595ED3D3B6C2F94C6072E276171020111028180425A0CC7372CC918F74AC07978221970C8B5D25736F46CDAF51B2FB40B27735473B28E16D3AA6A5A5CD7724326382FB2B28F4258AA97F1026CD4AE7AAEC25F77D54DF69BB3979E2893EBB071DA5752871BC8C60F9B5546C466F3103884D6B67FADCD51B17899991989507CB16F45DD76EC0DEDA1BD979ED1A101179F9687E9E5024100FFCAAEF814F12DCBDF20D4CFDD5007738DAAE45AE7EC2FD8E23A9EFCA85FADCAF61B03BFEA6FE6023E78700F804C4C275375A85BC367FE39D5FB2E0F0A4555F7024100E1C797A20FB108ADAFECDB025665FF500FDBB4F0829BAAE95833C046005DCA593F6C2437CD3A9AB7CC04372F422B0EE2C7FED87AA53821366962AE0CBDAD89D702402D23C48621D035421851167F08F00150A08791B5B074F96282469486F0895AE794D7973FFC31DD4BB0ABD78A43D13A9D8732E1799AF43BEC16B3DAF3986696B30240351FE7716D1A98A156921569F6361DF4B86FEE56B551CDDC8D395A6AD2E8E4513C1971EF031CD91C3000FDED00829A173E1DD895540D34FDBE71925D59CE7AC9024014A4347A1E7408FBB0A9AE5064FA58CAF2BCA5C00B8082A46EECABFA5CBF61364FEE81E2C049F399A2F601C802DD54A6D9340FABE62D6D1F913026C8B3764AFEI use this key in java
  BufferedInputStream input=new BufferedInputStream(new FileInputStream("privateKey"));
            int size= input.available();
            byte[]buffer=new byte[size];
            input.read(buffer);
  X509EncodedKeySpec lX509EncodedKeySpec = new X509EncodedKeySpec(buffer);
            PrivateKey lPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(lX509EncodedKeySpec);there is a exception,at generatePrivate() method
  at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:294)
       at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:171)
       at java.security.KeyFactory.generatePrivate(KeyFactory.java:322)
       at test.Main.main(Main.java:27)any body can help me?

  X509 is for public keys, not private keys. You need PKCS8 using PKCS8EncodedKeySpec on the hex decoded private key string.
  Your method for reading the private key from the file is flawed. The method available() does not guarantee to give you the file length. This is easy to prove since files can be longer than Integer.MAX_VALUE and available() returns an 'int'. To get the file length use File.length() which returns a 'long'. Also, reading from an InputStream using
  input.read(buffer); does not guarantee to read all the bytes. For that you need to use something like DataInputStream.readFully().

• Lenovo G500 - Can't Use Keys And Touchpad/Buttons At Same Time

  Whilst gaming, primary button use for me will be WASD (Directional) and obviously right&left click.
  The problem I'm getting is that whilst I'm holding one of WASD, then say right click to shoot it doesn't shoot - almost as if the button is locked whilst i'm holding a key. When I hold a button, and then press a key it allows me too. It's just when holding a key I can't press a button.
  I have searched online for ages, put palm check on minimum(I can't turn it off, it's not a option), disabled synaptics, tried to install Elantech(Couldn't) but nothing seems to work.
  It may not be the biggest issue, but it really takes the fun out of playing games as I have to stop walking so I can shoot.

  hi danowens,
  Can you try the following:
  If you have a Synaptics Touchpad:
  1. Uninstall the current touchpad driver and install the driver below from the Synaptics website
  Windows 8/7/XP/Vista 64/32-bit Edition v17.0.19
  118.1 MB zip
  After installing the driver above, try to check if you can now disable Palm Check
   - Touchpad PalmCheck - Turn On or Off in Windows
  If you have an ELAN Touchpad:
  - check this article
  If the above fix doesn't work, try to temporarily uninstall the Touchpad driver (don't re-install it) and check if you can now use the WASD keys and the touchpad at the same time..
  Regards
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• I am trying to connect my iMac with my MacBook What is the command keys and process in doing so. Have firmwre in place.

  I am trying to connect my iMac with my MacBook What is the command keys and process in doing so. Have firmwre in place.

  Here's the Apple Support article on Target Mode http://support.apple.com/kb/HT1661

• Can someone help me? Why i can not build RSA key pair

  i download the java_card_kit-2_2_01-win-gl.zip from sun's web site
  and i use the keypair class to build a RSA key pair
  but it always throws NO_SUCH_ALGORITHM excption.
  how can i build a key pair

  This has been covered a million times. There isn't any crypto implementation with Sun's kit. This is mentioned in the documentation.

• My iphone 3gs ran out of power, now wehn plugged in it will not restart, tried plugging in with different chargers, holding home key and other one but nothing works, screen is either battery icon or Apple iconn

  my iphone 3gs ran out of power, now wehn plugged in it will not restart, tried plugging in with different chargers, holding home key and other one but nothing works, screen is either battery icon or Apple iconn

  Hi, beth.lau.gr.
  Thank you for visiting Apple Support Communities.  
  I understand you have been experiencing issues with your iPhone restarting and showing you a blue screen.  I wont be able to give you an exact answer as to why this is happening.  However, this is the most relevant troubleshooting article for this issue.  This article also provides options to reach out to us via phone for additional assistance.  
  If your iOS device restarts, displays the Apple logo, or powers off while you're using it
  http://support.apple.com/en-us/HT203899
  Cheers, 
  Jason H.  

• RSA key generation on JCOP31 v2.4.1 times out

  I have an applet that generates both 1024-bit and 2048-bit RSA key pairs. The applet works on an NXP JCOP41 v2.2.1 smart card, but times out on an NXP JCOP31 v2.4.1 smart card. The applet was compiled with javacard 2.1.1. The JCOP41 card is at javacard 2.2.1. The JCOP31 card is at javacard 2.2.2. I am using an Omnikey CardMan 3821 smart card reader. Does anyone have any experience with generating RSA keys on the NXP JCOP31 v2.4.1 smart card? Thanks.

  Hi,
  The card probably doesn't timeout. It knows that RSA keygen is long, and it should send null procedure bytes in T=0 or S(WTX) blocks in T=1.
  Only a protocol analyser (or oscilloscope) could tell if the card really timeouts. But that's not probable.
  What is probable is that the reader timeouts. Try with another reader if possible.
  Does the reader have an activity led? does it blink or something while the card is generating the key?
  If you get the same behaviour, check the low level card exchanges. But I would be surprised that NXP sells card that go mute on RSA key generation. Or you have a faulty card.
  Regards

• How to get a RSA key out of a String

  I want to write a program where the user enters a password and than the private key and public key (RSA) is generatet.
  I have tried this with DES and the only problem was that i have to convert the encryptet string into a byte array.
  Are there any other things what i should know when i convert the DES algorithm to the RSA (i know RSA hast two keys) and can you help me out with the other problem?

  hi,
  the only algorithm wich based directly on a password in JCE (and a additional salt) is PBEWithMD5AndDES. But DES isn't an asynchron key/encryption. it's a secret (symetric) key. you can't convert DES to RSA. this both are complete diff ways for encryption.
  the next what i don't understand is why is it a problem for you to convert a string to a byte-array when the encryption it' needed?
  expl:
  String s = "thatsmypwassword";
  byte[] ba = s.getBytes();encrypt/decrypt ba
  and later the return
  s = new String(ba);cu
  oliver scorp