Exploring RSA Encryption in OpenSSL

Using OpenSSL to explore some of the details of how RSA encryption works.
Where to Go from Here

This is by no means a comprehensive explanation of how RSA works, nor is it meant to be. Hopefully, it explained some of the more obscure details. The security of RSA is based on the difficulty of factoring large numbers, which is next to impossible for 1,024-bit numbers today. This could change tomorrow, however, as technology develops. The RSA factoring challenge from RSA Labs has the latest public information on factoring (see Resources).

The OpenSSL library is used in several open-source packages. Some prominent ones you might be familiar with include Samba, Apache-SSL and OpenSSH. If you are interested in learning more about how to implement encryption algorithms or their security, some Resources are listed below.

Resources

Kernighan & Ritchie, The C Programming Language

Knuth, The Art of Computer Programming, Vol. 2

Schneier, Applied Cryptography

Menezes, Alfred J., Van Oorschot, Paul C. and Vanstone, Scott A., Handbook of Applied Cryptography

OpenSSL Library

RSA Factoring Challenge

Montgomery Multiplication

James Tandon currently consults for Computer Motion and likes dogs better than cats. His home page is www.antinomian.net.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

A little confused at an equation like C = 63 mod 25 = 16. I tried every key with N=25 and M=6, and got it to work. But, when M= any other number, trying to decrypt it fails. Should N be changed?

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

M has to be the same as M in the first equation, here, check this out

C = M^E mod N
M = C^D mod N

in the second equation, M is equal to whatever M is in the first equation, so if it is 6, then it would look like this

C = 6^E mod N
6 = C^D mod N

Some Exceptions...

Anonymous's picture

This algo fails for M = 3,5,7 etc.....considering E=3 and N=25 and D=17. Please guide what to do..

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

Very good article. I am doing a course in Cryptography and I wanted to have a real-world example of what's been taught. I can very easily understand this and also the other comments.

thanks guys.

Re: A better reference

Anonymous's picture

Practical Cryptography by Schneier and Ferguson is a better
book to read than Applied Cryptography for an accessible
explaination of RSA encryption. If you naively employ
RSA you probably aren't going to get it right. Practical
Cryptography explains about a lot of the things you need
to worry about when using RSA.

Re: Exploring RSA Encryption in OpenSSL

Anonymous's picture

Okay, this was a pretty good explanation as to how RSA works and how to code for it, but it oversimplifies a couple of real-world things.

1. First off, asymmetric systems like RSA are rarely used to pass "user data" like a credit card number. Rather, RSA is used to exchange symmetric keys for algorithms such as DES or AES, since symmetric algorithms are significantly faster to compute.

2. There are several sins of omission in the example of exchanging public keys: "Because nobody else knows that D=17, it is impossible for anybody except the bookstore to decrypt messages. Hence, you can contact anybody on the Internet and feel safe that your sensitive info is secure from theft."

This example completely ignores the man-in-the-middle attack that exists if an adversary is able to substitute HIS public key for one or the other party (Alice or Bob). This is why SSH asks you to kindly verify the public key of the other side before accepting it (which most people do blindly, anyway).

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState