0

I have an RSA Private key file my_private_key.pem with the header -----BEGIN RSA PRIVATE KEY-----. I can parse that with the openssl utility: openssl asn1parse < my_private_key.pem

That shows me a bunch of integers: a 4096 bit integer, a 17 bit integer, another 4096 bit integer, and then five 2048 bit integers.

I understand the textbook RSA primitive where the private key is $(p,q,e)$ where $p,q$ are large secret primes and $e$ is the encryption exponent where $\gcd(e, (p-1)(q-1)) = 1$ and you encrypt plaintext $m$ by $c \equiv m^e \pmod{N}$ where $N=p \cdot q$. How does that textbook version of RSA relate to these integer numbers I see in a .pem file?

I'm sure this is a newbie question. Where do I start to read on this?

clay
  • 165
  • 1
  • 8
  • 2
    See this answer of mine. – yyyyyyy Oct 24 '17 at 23:21
  • 2
    $d$ is the private exponent (for decryption and signing) and $e$ the public one (for encryption and verification). The file structure is defined in PKCS1 republished as https://tools.ietf.org/html/rfc8017#appendix-A.1.2 ; the rest of PKCS1 explains how the CRT (Chinese Remainder Theorem) components are computed and used, but you might want to start with https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29 for an appreciation of why this is done. – dave_thompson_085 Oct 24 '17 at 23:28
  • The RFC Appendix was exactly what I was looking for. The whole RFC itself is extremely readable and helpful. Thank you! – clay Oct 25 '17 at 13:25

1 Answers1

1

Here is a labeled example output (don't worry I created a new key):enter image description here

Which you can verify for example in Sage. Although, surprisingly, it apparently doesn't allow decryption because the exponent is too large.

Elias
  • 4,903
  • 1
  • 14
  • 31