根据上一篇文章分析,可以理解如下:
首先, 找出三个数, p, q, d,
其中 p, q 是两个相异的质数, d 是与 (p-1)(q-1) 互质的数......
p, q, d 这三个数便是 private key
接著, 找出 e, 使得 de == 1 mod (p-1)(q-1).....
这个 e 一定存在, 因为 d 与 (p-1)(q-1) 互质, 用辗转相除法就可以得到
了.....
再来, 计算 n = pq.......
e, n 这两个数便是 public key
根据RFC 2437的定义,其他的几个参数如下
方案1:
1. 先选择两个大的质数p,q
2. 计算出n=pq。
3. 选择一个小奇数e使它和(p-1)(q-1)互质。
4. 计算e在模(p-1)(q-1)的逆元d。
5. 公开数对(e,n)作为RSA公钥。
6. 保留数对(d,n)作为他的RSA密钥。
方案2:
1. 先选择两个相异的质数p,q,找到一个与(p-1)(q-1)互质的数d
2. 找到e,满足条件de == 1 mod (p-1)(q-1)
3. 计算出n=pq。
4. 计算出dp满足e(dp)==d mod (p-1)
5. 计算出dq满足e(dq)==d mod (q-1)
6. 计算出qinv满足q(qinv)==(q-1) mod p
该方案适用于.net框架中的RSAParameters定义,其中public key=(n,e),private
key=(d,p,q,dp,dq,qinv)
一个典型的XML定义文件是
<root>
<modulus>yZ+YfjEffN+tHpP5qlpWTS7GxrGExkO6QpaW2h3GSPHtY54LCGx0IMLjJ4E0FY
+jZ2+ARi4NDW4mfmir/ohfZj+UmYj9ncGeZoYeho8nRjaFFlR6NSLwlITL/mcJSVRxQqP1R
5Z6sG0vBGJBwzXgpZu9YzhFNDV3+HOEKxRWt1E=
</modulus>
<exponent>AQAB</exponent>
<D>WCEAYLhMESMb4q+/g2y1KEt360WQybC064IzMeet0hidMNvV6rqtD9zfuVbKU1pTjFS6
dvKOFf69qKdL9pfZSmszcg4XJ45eAaG51wf3LBsfqxKEuy3uiMJhSzE9THNS1tHhgOO/pTi
/+Febub4WJlMXtGEKIYCqRUmM4iHiJbk=
</D>
<DP>OkHo5FVMfGC1az4AhHzAGWe7boAWTdv3EiQ8aqHETRcgCaTVWZleuqKJ+/9ZOqqIWeT
qmNrbjYLAPqgwGICn1Q==</DP>
<DQ>GThvDxEVsDM+DNchxIf0jOhHJYb5KFsAhbUH+glXbCV+jqOUG2TZN743euCOhogdLFU
tdXcHS+7pEM5gQMfNxQ==</DQ>
<P>8KQ97jjfmG6FuihmA6J9gGaRgqePaH7WTvyGGNGcRDXHzDAhiSkFUx3Lok8EdBrEufYy
oNvEXtjibk6GlADosw==</P>
<Q>1n3ZlICF/T2Iil73Juz3ly612DSUAoe0A6OzsaR949vyDTn2Q+9o7l/IfbV/vLc8ixL+
000IAUTu6kFH7an56w==</Q>
<InverseQ>.......</InverseQ>
</root>
因此计算公匙和私匙的方法就成了
通常实际应用为
A)安全通讯
P1用公匙加密明文,然后将加密信息发送给P2,P2用私匙解密信息。
B)数字签名
1. P1发送明文,同时对明文进行hash运算得h1,使用私匙加密h1=>h2作为附件
一起发给P2
2. P2用公匙试图解密h2得h3,如果能够解密则表明p2是p1发送的
3. p2尝试将收到的明文计算hash得h4,如果h3==h4,则明文内容没有更改过.
所以在.net中
RSAPKCS1SignatureDeformatter 需要用到公匙即modulus,exponent
RSAPKCS1SignatureFormatter 需要用到私匙,包括d,p,q,dp,dq,qinv
案例分析
=====================
例如控件TEdit.NET 3.0(http://www.tedit.net/samples.aspx.)采用的就是
RSA
的签名机制发行注册序列号,对于配置的序列号,该软件会将注册用户信息(明文)
与注册码(h2)
进行签名校验,如果相符软件才会成功注册.
但是我们不知道私匙,所以不能生成签名(注册码)h2,所以该控件只能从代码中
破解
或者是用自己的public key代替掉原来的Key,然后自己生成注册码啦.
不过也存在通过public key计算获得private key的可能性,但是很难!
RFC 2437
--------------------
3.1 RSA public key
For the purposes of this document, an RSA public key consists of two
components:
n, the modulus, a nonnegative integer
e, the public exponent, a nonnegative integer
In a valid RSA public key, the modulus n is a product of two odd
primes p and q, and the public exponent e is an integer between 3
and
n-1 satisfying gcd (e, \lambda(n)) = 1, where \lambda(n) = lcm (p-
1,q-1)(最小公倍数). A recommended syntax for interchanging RSA
public keys
between implementations is given in Section 11.1.1; an
implementation's internal representation may differ.
3.2 RSA private key
For the purposes of this document, an RSA private key may have
either
of two representations.
1. The first representation consists of the pair (n, d), where the
components have the following meanings:
n, the modulus, a nonnegative integer
d, the private exponent, a nonnegative integer
2. The second representation consists of a quintuple (p, q, dP, dQ,
qInv), where the components have the following meanings:
p, the first factor, a nonnegative integer
q, the second factor, a nonnegative integer
dP, the first factor's exponent, a nonnegative integer
dQ, the second factor's exponent, a nonnegative integer
qInv, the CRT coefficient, a nonnegative integer
In a valid RSA private key with the first representation, the
modulus
n is the same as in the corresponding public key and is the product
of two odd primes p and q, and the private exponent d is a positive
integer less than n satisfying:
ed \equiv 1 (mod \lambda(n))
where e is the corresponding public exponent and \lambda(n) is as
defined above.
In a valid RSA private key with the second representation, the two
factors p and q are the prime factors of the modulus n, the
exponents
dP and dQ are positive integers less than p and q respectively
satisfying
e(dP)\equiv 1(mod(p-1))
e(dQ)\equiv 1(mod(q-1)),
and the CRT coefficient qInv is a positive integer less than p
satisfying:
q(qInv)\equiv 1 (mod p).
A recommended syntax for interchanging RSA private keys between
implementations, which includes components from both
representations,
is given in Section 11.1.2; an implementation's internal
representation may differ.
11.1.1 Public-key syntax
An RSA public key should be represented with the ASN.1 type
RSAPublicKey:
RSAPublicKey::=SEQUENCE{
modulus INTEGER, -- n
publicExponent INTEGER -- e }
(This type is specified in X.509 and is retained here for
compatibility.)
The fields of type RSAPublicKey have the following meanings:
-modulus is the modulus n.
-publicExponent is the public exponent e.
11.1.2 Private-key syntax
An RSA private key should be represented with ASN.1 type
RSAPrivateKey:
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER -- (inverse of q) mod p }
Version ::= INTEGER
The fields of type RSAPrivateKey have the following meanings:
-version is the version number, for compatibility with future
revisions of this document. It shall be 0 for this version of the
document.
-modulus is the modulus n.
-publicExponent is the public exponent e.
-privateExponent is the private exponent d.
-prime1 is the prime factor p of n.
-prime2 is the prime factor q of n.
-exponent1 is d mod (p-1).
-exponent2 is d mod (q-1).
-coefficient is the Chinese Remainder Theorem coefficient q-1 mod p.
参考:
1. PKCS #1: RSA Cryptography Specifications Version 2.0
http://www.faqs.org/rfcs/rfc2437.html
2.http://www.frontfree.net/view/article_762.html
浙公网安备 33010602011771号