Score:0

What information is needed to be stored for RSA private key for decryption

mx flag

I am using rsa module in Python. I use the following line to generate public and private key:

(public_key, private_key) = rsa.newkeys(2048)

And then I encrypt a message using:

encrypted_msg = rsa.encrypt(the_msg, public_key)

Now assume I want to give the private key to someone, along with the encrypted message. What information shall be included in the private key that I give to the other person? If I look at the PrivateKey structure in Python code, I see that for example private_key has the following fields:

blindfac, blinffac_inverse, coef, d, e, exp1, exp2, mutex, n, p, q.

Do I need to save and pass all these data to the other person so s/he can decrypt the message? What are all these variables?

ma flag
In raw RSA, the public key is (n, e) and the private key is (n, d). All the other variables are not needed for the math. But a particular software implementation might make heavy use of the other variables for speed, extra features, and other reasons.
user9278661 avatar
mx flag
@Nayuki thanks for the response. Is the variable `n` the same for public and private keys? If it is then one only needs to pass `d` as a private key? Also, what are the other variables I mentioned in the question? Is there a reference that explains those variables?
ma flag
(n = p * q) is indeed shared for both the public and private keys. Again, I said that the other variables are implementation-specific and you need to do your own reading.
SAI Peregrinus avatar
si flag
"Now assume I want to give the private key to someone, along with the encrypted message." WHY‽ NEVER share a private key, that defeats the point of using RSA. Have the other person generate a key pair and give you their public key. Or better yet, use [age](https://age-encryption.org) to get some major security benefits over encrypting messages with RSA (it's almost always a bad idea to do that).
Score:1
in flag

In RSA, there are various numbers that are (kind of) equivalent to the private key, but aren't the private key per se. These are numbers that if you know them, you can calculate the rest of the private key quickly. Some of these numbers improve signing/decryption speed of the private key if you know them, so RSA implementations often keep them with the private key for speed.

I looked up this implementation and found the following meaning:

  • n is the modulus, the number modulo which key operations are done.
  • e is the public exponent, the power to which a message is taken to encrypt it (or validate its signature).
  • d is the private exponent. Taking a number to power d (modulo n) is the inverse operation to taking a number to power e. This is because in RSA, for any $m$ in range, $(m^e)^d \equiv (m^d)^e \equiv m \pmod n$.
  • p is the larger factor of n.
  • q is the smaller factor of n. The fact that it's smaller is important to the meaning of coef.
  • exp1 is $d \mod (p-1)$.
  • exp2 is $d \mod (q-1)$.
  • coef is $q^{-1} \mod p$. It's the coefficient for the CRT speedup technique.
  • blindfac is a random number chosen during decryption or signing. It is used during these operations to hide the value of private numbers from timing and power attacks: to "blind" timing attacks.
  • blindfac_inverse is the inverse of blindfac modulo n, used for the blinding process.
  • mutex is internal to the implementation, and isn't a number. It appears to be used for thread-safety of the implementation.

The public key consists of the numbers n and e.

The private key consists of the numbers n and d; e is usually included for convenience. You can do all operations with just d and the public key, but it may not have optimal performance.

p, q, exp1, exp2, and coef are additional private numbers that, when provided, speed up RSA decryption and signing operations. You want to keep these numbers if you can, but they are not necessary. For more information on what these do: Chinese Remainder Theorem and RSA

blindfac and blindfac_inverse are temporary numbers generated by the blind() function in that Python RSA implementation. Do not save these numbers.

user9278661 avatar
mx flag
Thanks that is a great answer. Can you please add some references for completeness? Where did you find the explanation for these parameters?
Myria avatar
in flag
@user9278661 Hmm. I just knew how they were used, and the "CRT and RSA" link is a reference for the extra numbers. This is all very generic RSA stuff and not specific to python-rsa. For understanding the particular variable names, I looked up the python-rsa source code: https://github.com/sybrenstuvel/python-rsa/blob/main/rsa/key.py
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.