2

I have the public key and I dont know how to obtain Modulus and exponent. After referring stack overflow, I have used below command line to obtain e and M finally as mentioned below.

openssl.exe rsa -pubin -inform PEM -text -modulus < key1024_pub.pem

Public-Key: (1024 bit)

Modulus: 00:c4:bd:2a:41:92:5a:a1:0b:98:07:81:96:4f:9b: bc:ae:15:f9:01:b3:1c:37:df:9f:a0:a2:ab:0f:96: 8f:cb:79:1a:21:31:49:ce:17:30:63:8f:7b:d5:24: 96:e2:03:11:f8:fd:c2:20:62:13:e1:a1:b6:cd:73: 58:c1:f0:67:56:57:d7:e2:88:ce:94:0d:8f:aa:ee: 49:ac:cd:f7:37:57:47:1d:e6:00:76:c7:c9:1a:bb: 46:29:31:6e:79:97:6e:c1:46:ef:38:b7:c2:ac:13: d5:ec:e1:98:94:ce:59:6e:a8:30:fd:25:26:69:f8: 12:17:6b:9a:68:41:f0:cb:c5

Exponent: 3 (0x3)

Modulus=C4BD2A41925AA10B980781964F9B BCAE15F901B31C37DF9FA0A2AB0F968FCB79 1A213149CE1730638F7BD52496E20311F8FD C2206213E1A1B6CD7358C1F0675657D7E288 CE940D8FAAEE49ACCDF73757471DE60076C7 C91ABB4629316E79976EC146EF38B7C2AC13 D5ECE19894CE596EA830FD252669F812176B 9A6841F0CBC5

But now I am confused now which exponent to use either e=3 or 65537 Since i read Public exponent e - 65537 is default for 1024 bits of RSA. Could someone help me which value to use?

danny
  • 253
  • 1
  • 2
  • 12

1 Answers1

3

Use the value of public exponent $e$ that came with the public key, here $e=3$ according to the question. Otherwise, signatures won't check.

Common RSA public exponents include $65537$ and $3$, and more generally the Fermat primes $2^{(2^k)}+1$ with $0\le k\le4$; and $37$ (used by Putty).

$e=3$ leads to the fastest RSA public key operation, because we can compute $x^3\bmod n$ as $((x\times x\bmod n)\times x\bmod n)$; more generally, when using $e=2^{(2^k)}+1$, the public key operation $x\to x^e\bmod n$ requires $2^k$ modular squarings and one modular multiplication.

Using $e=3$ is believed safe when used with good padding techniques (including signature per RSASSA-PSS as in the question), but $e=65537$ is recommended by many authorities and can sometime act as an effective patch (for example, it has the potential to save implementations of PKCS#1 v1.5 decryption from disaster by side channel leakage thru error codes or timing attacks; and faulty implementations of PKCS#1 v1.5 signature verification that incorrectly validate the padding).

fgrieu
  • 140,762
  • 12
  • 307
  • 587
  • 1
    Note that for fun I tested various smaller exponents in Java and I didn't see any kind of notable difference. Sticking to the fourth number of Fermat, $e = 65537$ is just the most reassuring option if just for compatibility reasons. It's also the one that most likely works (e.g. I could imagine a library that manages to ASN.1 encode a public key exponent into the usual 3 bytes instead of the single byte required). – Maarten Bodewes Jun 19 '17 at 13:07
  • e.g. I could imagine a library that manages to ASN.1 encode a public key exponent of 3 into the usual 3 bytes instead of the single byte required) – Maarten Bodewes Jun 19 '17 at 13:17