RSA Plausibility Tests?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

RSA Plausibility Tests?

Keefe, Francoise B.

Does anyone know whether Bouncy Castle has the ability to validate Public Keys in accordance with NIST SP 800-89 RSA plausibility tests? I see how to extract the modulus and exponent, but that’s it. If not using Bouncy Castle, are you aware of any other open source libraries that do these tests?

 

Thanks!

Francoise Keefe

 

Reply | Threaded
Open this post in threaded view
|

Re: RSA Plausibility Tests?

Peter Dettman-3
Hi Francoise,
Our FIPS jars perform this validation automatically before any RSA key
can be used.

If you are using the regular API, you would currently need to apply the
checks yourself. The example 6-step process in SP 800-89 is:

a) Length of the modulus
b) Size of the public exponent e
c) Oddness
d) Compositeness
e) Not a power of a prime
f) No very small factors

a, b, c, f should be straight-forward. For d, e you can use
org.bouncycastle.math.Primes.enhancedMRProbablePrimeTest (which we use
internally in the FIPS version also).

Regards,
Pete Dettman

On 24/6/20 7:27 am, Keefe, Francoise B. wrote:

> Does anyone know whether Bouncy Castle has the ability to validate
> Public Keys in accordance with NIST SP 800-89 RSA plausibility tests? I
> see how to extract the modulus and exponent, but that’s it. If not using
> Bouncy Castle, are you aware of any other open source libraries that do
> these tests?
>
>  
>
> Thanks!
>
> Francoise Keefe
>
>  
>


Reply | Threaded
Open this post in threaded view
|

RE: EXTERNAL: Re: [dev-crypto] RSA Plausibility Tests?

Keefe, Francoise B.
Hi Peter,

Thanks so much for the reply. As you guessed, it's d and e that are the most difficult and really what I mostly want, although I've seen some (for purchase) libraries that will do all 6 steps in one method call. I'll take a look at the FIPS jars.

Best,
Francoise

-----Original Message-----
From: Peter Dettman <[hidden email]>
Sent: Thursday, June 25, 2020 12:16 AM
To: [hidden email]
Subject: EXTERNAL: Re: [dev-crypto] RSA Plausibility Tests?

Hi Francoise,
Our FIPS jars perform this validation automatically before any RSA key can be used.

If you are using the regular API, you would currently need to apply the checks yourself. The example 6-step process in SP 800-89 is:

a) Length of the modulus
b) Size of the public exponent e
c) Oddness
d) Compositeness
e) Not a power of a prime
f) No very small factors

a, b, c, f should be straight-forward. For d, e you can use org.bouncycastle.math.Primes.enhancedMRProbablePrimeTest (which we use internally in the FIPS version also).

Regards,
Pete Dettman

On 24/6/20 7:27 am, Keefe, Francoise B. wrote:

> Does anyone know whether Bouncy Castle has the ability to validate
> Public Keys in accordance with NIST SP 800-89 RSA plausibility tests?
> I see how to extract the modulus and exponent, but that's it. If not
> using Bouncy Castle, are you aware of any other open source libraries
> that do these tests?
>
>  
>
> Thanks!
>
> Francoise Keefe
>
>  
>