Closed dlenskiSB closed 4 days ago
Looks like you'll need to add totient
to docs/spelling_wordlist.txt
Looks like you'll need to add totient to docs/spelling_wordlist.txt
@reaperhulk Yep, just fixed that. (And added Euler
and Carmichael
while we're at it.)
Given the RSA public exponent (
e
), and the RSA primes (p
,q
), it is possible to calculate the corresponding private exponentd = e⁻¹ mod λ(n)
whereλ(n) = lcm(p-1, q-1)
.With this function added, it becomes possible to use the library to reconstruct an RSA private key given only
p
,q
, ande
:Older RSA implementations, including the original RSA paper, often used the Euler totient function
ɸ(n) = (p-1) * (q-1)
instead ofλ(n)
. The private exponents generated by that method work equally well, but may be larger than strictly necessary (λ(n)
always dividesɸ(n)
). This commit additionally implements_rsa_recover_euler_private_exponent
, so that tests of the internal structure of RSA private keys can allow for either the Euler or the Carmichael versions of the private exponents.It makes sense to expose only the more modern version (using the Carmichael totient function) for public usage, given that it is slightly more computationally efficient to use the keys in this form, and that some standards like FIPS 186-4 require this form. (See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=63)