The RSA algorithm is a "public key encryption algorithm". In the early encryption mode, the same rule (key) was used for encryption and decryption. This encryption mode requires that the encryption rules need to be transmitted between the two parties, and the information is very insecure. The algorithm in this encryption mode is also called "symmetric encryption algorithm". Today's RSA algorithm is an "asymmetric encryption algorithm", and different rules are used for encryption and decryption, as long as there is a certain correspondence between the two rules, which avoids the direct transfer of keys.
1. Mathematical Theory
Prime numbers (prime numbers)
Among the natural numbers greater than 1, the numbers that have no other factors other than 1 and itself are called prime numbers, also known as prime numbers.
Coprime relationship
If two numbers have no other common factors except 1, we say that the two numbers have a coprime relationship. For example, 15 and 32 have no common factors, so there is a co-prime relationship between them (not prime numbers can also constitute a co-prime relationship).
Euler function
In number theory, for a positive integer N, the number of positive integers (including 1) that are less than or equal to N([1,N]) and relatively prime to N is denoted as φ(n).
For any two numbers p and q, if p and q have a coprime relationship, we have φ(p*q)=(p-1)*(q-1). I won't prove it here, just give an example. Coprime relation 2, 5, then φ(10)=1*4. In conclusion, there are 4 positive integers (1, 3, 7, 9) that are relatively prime to 10 from 1 to 10.
Modulo inverse element
If there are two co-prime numbers p, q, then the integer x must be found such that qx-1 is divisible by p, or the remainder of the division of qx by p is 1. In this case, x is called the modulo inverse element of q. (The above formula can be transformed to find xq+yp=1, to find x, where y is a negative number)
Example: coprime numbers 3, 5, here find the modulo inverse element of 5, that is, 5x+3y=1. You can do the math, here x=2, y=-3 (or x=5, y=-8). It can be seen that the modulo inverse element is not unique, but once x is determined, y is also determined.
For the concepts mentioned above, let’s ponder over and over again. The key of the RSA algorithm is inferred from these formulas. After understanding the above formulas, let's explain the RSA algorithm and obtain the encrypted public and private keys.
1. Randomly choose two unequal prime numbers p and q.
Here we choose p=3, q=11. (In practice, the larger these two prime numbers are, the harder it is to decipher.)
2. Calculate n, the product of p and q.
n=p*q=3*11=33
3. Calculate the Euler function φ(n) of n.
φ(n)=(p-1)*(q-1)=2*10=20
4. Randomly choose an integer e, with the condition that 1
we choose a number that is relatively prime to 20, e=7 (randomly chosen).
5. Calculate the modulo inverse element d of e with respect to φ(n).
The requirement here is that there can be more than one modulo inverse element of 20, and we can calculate one.
Formula 7*d+20*m=1, find d.
Here we choose d=3, m=-1. (m is useless here)
6. Encapsulate n and e into a public key, and n and d into a private key.
In this example n=33, e=7, d=3, so the public key is (33,7) and the private key is (33,3).
With the public and private keys, we can communicate securely, the public key encrypts and the private key decrypts. But is the RSA algorithm reliable? Let's discuss it below.
2. Obtaining the secret key
Common key formats are der and pem.
Install openssh:
install sudo apt-get install openssh under ubuntu, go to http://gnuwin32.sourceforge.net/packages/openssl.htm
under Windows to download the bin format file package for use.
1. Generate the private key
openssh genrsa -out rsa_private_key.pem 2048
2. Generate the public key according to the private key
Openssh rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
3. Convert pem format to der format
(1) Convert private key to
openssl rsa -inform PEM -in rsa_private_key.pem -outform DER -out rsa_private_key.der
(2) Convert public key to
openssl rsa -inform PEM -in rsa_public_key.pem -pubin -outform DER -out rsa_public_key.der
4. PEM is the base64 encoding format of DER format, and PEM is decoded into DER format through base64.
Verification:
(1) the private key to decrypt the base64, into the bin
OpenSSL base64 -d -IN rsa_private_key.pem -out rsa_private_key.bin
(2) calculated MD5 value the
md5sum rsa_private_key.der rsa_private_key.bin
0da938c9ca1862b4bb934221d9cb9027 rsa_private_key.der
0da938c9ca1862b4bb934221d9cb9027 rsa_private_key. bin
(3) It can be seen that the md5 value of the der and bin files is the same, and the guess is correct.
3. Key format
The private key contains the most information, as in the following example:
Example: private key in der format 31bits
302B0201000204741882490203010001020424E4711D020300D40F0203008C270203008D9F02024C6B02021CBE
After decomposition:
302B
0201 00 – RSA version number, generally 00
0204 74188249 – modulus n, decimal 1947763273, binary 1110100 00011000 10000010 01001001 (31 bits long)
0203 010001 – public key exponent e,
65531 D exponent – private key 020 d, decimal 618950941
020300 D40F – p, 54287
020300 8C27 – q , 35879
020300 8D9F –d mod(p-1), decimal 36255
0202 4C6B –d mod(q-1), decimal 19563
0202 1CBE – CRT coefficients, decimal
Detailed explanation of private key structure: It
is expressed in the form of CRT (Chinese remainder theorem):
RSAPrivateKey ::= SEQUENCE {
version Version, the current RSA version, generally 00
modulus INTEGER, – n is RSA composite modulus n
publicExponent INTEGER, – e is RSA e
privateExponent INTEGER, – d is the private exponent of RSA d
prime1 INTEGER, – p is the prime factor of n p
prime2 INTEGER, – q is the prime factor of n q
exponent1 INTEGER, – d mod (p-1) equals d mod ( p − 1)
exponent2 INTEGER, – d mod (q-1) is equal to d mod ( q − 1)
coefficient INTEGER, – (inverse of q) mod p is the CRT coefficient q–1 mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
DER is a TLV encoding.
SEQUENCE is the total TAG, TAG=0x30, Length=0x0258 is followed by the data content.
There are two ways to express the length:
1. When the data length is less than 0x80, the Length is the length of the data;
2. When the data length is >=0x80, the Length is 0x8?, which means the following ? Indicates the length of Length. For example, 82 01 20, 82 means the byte length of 2 bytes after 82 is the length, and the data length is 0x0120.
The TAG of Version is 0x02. In the DER encoding of the RSA private key, except for the TAG of SEQUENCE, which is 0x30, the rest are 0x02. The current Version is all 0.
The modulus value TAG is 0x02, and its value is of type integer. It should be noted here that when the highest bit of the first character is 1, that is, 0x8?, 0x00 should be filled in the highest bit. This is because modulus is a large integer, and the highest bit is the sign bit. When it is 1, it is a negative number, so the highest bit should be filled with 0x00 to ensure that it is not negative.
Fourth, encryption and decryption and signature verification
Suppose that in the RSA encryption and decryption system, the encryption function is called E, and the decoding function is called D. In the encryption process, we use the public key PK and E functions to encrypt the message, and then use the private key SK and D functions on the opposite end to decrypt the ciphertext to obtain the original message.
In the process of signature authentication, we use the private key SK and D function to sign the message, and then use the public key PK and E function for authentication at the opposite end. Note that D and E here are the same as the D and E functions above.
Because, in an RSA encryption system, when the D and E functions are applied in any order, both cancel each other out. So E(D(stuff))=stuff, just like D(E(stuff))=stuff. It's just customary, E and D are called encryption function and decoding function in the encryption process; and in the signature authentication process, they are called signature function and authentication function, which are actually the same.
5. Padding during data encryption and decryption
The current ported code is https://github.com/cyassl/cyassl v3.12.4 and
subsequent platforms migrate to wolfssl.
There are two types of type Type1 in the pad function
: the first byte is 0, the second byte is type 0x01, the middle is filled with 0xff, the last byte is 0
Type2, the first byte is 0, the second byte is type 0x02, the middle Fill in random numbers, the last byte is 0
6. License
The introduction on this website is relatively easy to understand: https://linux.cn/article-8761-1.html