saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cryptography/docs
History
Daniel Lenski 8a7f27be3d
Add rsa_recover_private_exponent function (#11193) 
Given the RSA public exponent (`e`), and the RSA primes (`p`, `q`), it is possible
to calculate the corresponding private exponent `d = e⁻¹ mod λ(n)` where
`λ(n) = lcm(p-1, q-1)`.

With this function added, it becomes possible to use the library to reconstruct an RSA
private key given *only* `p`, `q`, and `e`:

    from cryptography.hazmat.primitives.asymmetric import rsa

    n = p * q
    d = rsa.rsa_recover_private_exponent(e, p, q)  # newly-added piece
    iqmp = rsa.rsa_crt_iqmp(p, q)                  # preexisting
    dmp1 = rsa.rsa_crt_dmp1(d, p)                  # preexisting
    dmq1 = rsa.rsa_crt_dmq1(d, q)                  # preexisting

    assert rsa.rsa_recover_prime_factors(n, e, d) in ((p, q), (q, p))  # verify consistency

    privk = rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, rsa.RSAPublicNumbers(e, n)).private_key()

Older RSA implementations, including the original RSA paper, often used the
Euler totient function `ɸ(n) = (p-1) * (q-1)` instead of `λ(n)`.  The
private exponents generated by that method work equally well, but may be
larger than strictly necessary (`λ(n)` always divides `ɸ(n)`).  This commit
additionally implements `_rsa_recover_euler_private_exponent`, so that tests
of the internal structure of RSA private keys can allow for either the Euler
or the Carmichael versions of the private exponents.

It makes sense to expose only the more modern version (using the Carmichael
totient function) for public usage, given that it is slightly more
computationally efficient to use the keys in this form, and that some
standards like FIPS 186-4 require this form.  (See
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=63)
2024-07-05 15:14:04 -07:00
..
_ext Switch from flake8 to ruff (#7920) 2022-12-21 09:44:47 +07:00
_static
development policy/extension: improve extension policy errors (#11162) 2024-06-25 21:51:24 -04:00
hazmat Add rsa_recover_private_exponent function (#11193) 2024-07-05 15:14:04 -07:00
x509 Add _utc datetime methods to x509.ocsp (#11183) 2024-06-30 12:08:56 -04:00
api-stability.rst document that we raise CryptographyDeprecationWarning on deprecation more clearly (#10053) 2023-12-23 14:48:55 -05:00
changelog.rst
community.rst Point folks towards irc.libera.chat (#6054) 2021-05-19 14:56:36 -05:00
conf.py Bump copyright years (#10101) 2024-01-01 07:32:57 -03:00
doing-a-release.rst Update various links in the docs for permanent redirects (#10109) 2024-01-02 21:00:20 -03:00
exceptions.rst
faq.rst Remove FAQ that's no longer up to date (#9484) 2023-08-22 07:05:13 -07:00
fernet.rst UNIX is a trademark, Unix is a category (#8008) 2023-01-08 03:19:27 +00:00
glossary.rst Fix more misspellings (#10933) 2024-05-05 16:12:27 +00:00
index.rst add decrepit namespace and put SEED, IDEA, Blowfish, and CAST5 in it (#10284) 2024-01-28 17:34:33 -05:00
installation.rst Remove buster from CI (#11182) 2024-06-30 14:07:09 +03:00
limitations.rst more warnings and context around RSA online decryption (#7699) 2022-10-12 11:14:56 -04:00
make.bat
Makefile
openssl.rst drop support for openssl < 1.1.1d (#8449) 2023-03-24 08:36:58 -04:00
random-numbers.rst remove out of date details in random numbers docs (#8482) 2023-03-10 05:19:39 +08:00
security.rst fixes #9048 -- document where to find known vulnerabilities (#9055) 2023-06-10 14:12:44 -06:00
spelling_wordlist.txt Add rsa_recover_private_exponent function (#11193) 2024-07-05 15:14:04 -07:00