> From: "Jason Coombs" <jasoncat_private> > In addition to being confused about arbitrary asymmetry in RSA cryptography > and whether or not e and n were reversibly derived from d such that > possession of d was the same as possession of e and n, I was making a > practical assertion that many RSA implementations aren't coded in such a way > as to facilitate arbitrary designation of which key is public and which > private. > > Microsoft .NET, for example, defines a private key as inclusive of its > corresponding public key. A valid XML representation of a private key in the > .NET Framework includes the public key. As in: > > rsaDecrypt.FromXmlString( <snip> > "g44j/2UGdU2RgMiUuvOT+DTO7Os+EtE=</D></RSAKeyValue>"); > > The <Modulus> and <Exponent> represent the public key while the private key > consists of <P>, <Q>, <DP>, <DQ>, <InverseQ>, and <D>. > > Based on the tests that I've done, Microsoft .NET doesn't allow you to load > a private key into an instance of the RSA class and use it for encryption, > you can only use it for decryption. This is all representation, and issues of _their_ implementation. The minimum information needed for the public portion is n and e, and the minimum information needed for the private information is n and d. They've chosen to include more information than required in the private portion, and prevent you from swaping the two keys. These are not requirements of RSA though. Simply swap the "D" and "Exponent" portions, and the system will decrypt when it suposed to be encrypting and vice versa. Note that this new public/private pair is a perfectly valid RSA key pair. > As for encryption speed, encryption transformations with a public key > (<Modulus> and <Exponent>) take far less time (approximately 1/15th as long) > to complete as do decryption transformations with a private key (<P>, <Q>, > <DP>, <DQ>, <InverseQ>, and <D>) under Microsoft .NET. > > Anyone know why? Is this a known performance differential with RSA or is > Microsoft doing something strange? Setting aside the possibility of either simple incompetence on M$'s part or deliberate intervention by the NSA... As to a performance differential with RSA, yes and no. Both encryption and decryption with RSA involve *exactly* the same operation, only with different values; however typically e is deliberatly chosen to be a fairly small number, and then a d chosen as appropriate. A smaller exponent requires less computation time, and so often decryption will be slower. If anything 1:15 seems like a very small difference, given current key sizes a ratio of 1:200 is near the bottom end (figure 4-5 bits for e, while d is likely to need near 1000 bits). -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \ ( | EHeMat_private PGP 8881EF59 | ) / \_ \ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/
This archive was generated by hypermail 2b30 : Sat Jan 11 2003 - 12:16:52 PST