Ensure that the generated RSA key has the desired length #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Before, it was possible that RSAGenerate generated a RSA key with a public key of length B-1. For use cases that require specific bit lengths (for example Certificate Authorities), that will not work. The patch adds a check to the public key (n) bit length. If the length is less than B (desired bit length), p and q are chosen again.
zoloft
added a commit
that referenced
this pull request
Oct 26, 2014
Ensure that the generated RSA key has the desired length
|
Thank you very much @phillipp, sorry if I accept this only now but I just got back home. As soon as I can start work again on JSEncrypt I will port this to the main repo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently it is possible that RSAGenerate generates RSA keys with a public key of length
B-1instead ofB(for example 1023 bit instead of 1024 bit). For use cases that require specific bit lengths (for example Certificate Authorities), that will not work. The patch adds a check to the bit length of the public key (n). If the length is less than B (desired bit length), p and q are chosen again.There was another option, where the two most significant bits of both p and q would be tested (independently) and re-generated when both were not significant.
I profiled both methods and found out that the method in the commit has less overhead. I profiled all three methods with 100 keys each.
Still, this commit increases the time to generate keys in some cases significantly. In ~33% of the key generations the run-time nearly doubled.
But it is important to notice the original library didn't generate correct keys in that cases. So actually, this fixes a serious bug in the original library that led to the generation of faulty keys in 33% of the cases but was faster.