Publication Type: Journal Article
Source: Information & Security: An International Journal, Volume 37, p.29-34 (2017)
Keywords: asymmetric cryptosystems
, public keys
, software tool
The asymmetric cryptosystem RSA is one of the first practical public-key cryptosystems, widely used for secure data transmission. The key generation of the RSA algorithm relies on specifically chosen numbers. Through the years, as the variety of attacks on RSA increased, plenty of recommendations and strategies for keys generation were published (ex. NIST.FIPS.186-4 ). Following the good practices, the regular users, companies or governments, can bootstrap their implementation of key generation software (a priori analysis). From the perspective of the other side of the communication channel, the key generation process and the keys themselves are a form of a "black box". Furthermore, most of the recommendations and good practices published online don’t reference the reasons/attacks, which can exploit the specific wrongly chosen parameter. An automatic a posteriori cryptanalysis tool will link each recommendation with an existing attack, giving the other side of the communication channel a tool to detect unsafely (including weakened by purpose) generated keys.