Exploring RSA Encryption in OpenSSL

Using OpenSSL to explore some of the details of how RSA encryption works.
Where to Go from Here

This is by no means a comprehensive explanation of how RSA works, nor is it meant to be. Hopefully, it explained some of the more obscure details. The security of RSA is based on the difficulty of factoring large numbers, which is next to impossible for 1,024-bit numbers today. This could change tomorrow, however, as technology develops. The RSA factoring challenge from RSA Labs has the latest public information on factoring (see Resources).

The OpenSSL library is used in several open-source packages. Some prominent ones you might be familiar with include Samba, Apache-SSL and OpenSSH. If you are interested in learning more about how to implement encryption algorithms or their security, some Resources are listed below.

Resources

Kernighan & Ritchie, The C Programming Language

Knuth, The Art of Computer Programming, Vol. 2

Schneier, Applied Cryptography

Menezes, Alfred J., Van Oorschot, Paul C. and Vanstone, Scott A., Handbook of Applied Cryptography

OpenSSL Library

RSA Factoring Challenge

Montgomery Multiplication

James Tandon currently consults for Computer Motion and likes dogs better than cats. His home page is www.antinomian.net.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

A little confused at an equation like C = 63 mod 25 = 16. I tried every key with N=25 and M=6, and got it to work. But, when M= any other number, trying to decrypt it fails. Should N be changed?

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

M has to be the same as M in the first equation, here, check this out

C = M^E mod N
M = C^D mod N

in the second equation, M is equal to whatever M is in the first equation, so if it is 6, then it would look like this

C = 6^E mod N
6 = C^D mod N

Some Exceptions...

Anonymous's picture

This algo fails for M = 3,5,7 etc.....considering E=3 and N=25 and D=17. Please guide what to do..

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

Very good article. I am doing a course in Cryptography and I wanted to have a real-world example of what's been taught. I can very easily understand this and also the other comments.

thanks guys.

Re: A better reference

Anonymous's picture

Practical Cryptography by Schneier and Ferguson is a better
book to read than Applied Cryptography for an accessible
explaination of RSA encryption. If you naively employ
RSA you probably aren't going to get it right. Practical
Cryptography explains about a lot of the things you need
to worry about when using RSA.

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

Okay, this was a pretty good explanation as to how RSA works and how to code for it, but it oversimplifies a couple of real-world things.

1. First off, asymmetric systems like RSA are rarely used to pass "user data" like a credit card number. Rather, RSA is used to exchange symmetric keys for algorithms such as DES or AES, since symmetric algorithms are significantly faster to compute.

2. There are several sins of omission in the example of exchanging public keys: "Because nobody else knows that D=17, it is impossible for anybody except the bookstore to decrypt messages. Hence, you can contact anybody on the Internet and feel safe that your sensitive info is secure from theft."

This example completely ignores the man-in-the-middle attack that exists if an adversary is able to substitute HIS public key for one or the other party (Alice or Bob). This is why SSH asks you to kindly verify the public key of the other side before accepting it (which most people do blindly, anyway).

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix