EKR (ekr@rtfm.com)
03 Mar 1999 08:02:05 -0800
Vin McLellan <vin@shore.net> writes:
> Eric Rescorla <ekr@rtfm.com> wrote:
>
> >There's more to correctly implementing RSA than simply
> >correctly implementing PKCS-1. Consequently, PKCS-1 test
> >vectors don't do the whole job.
>
> Well, maybe.
Uh, no, definitely. You need (1) a good PRNG and (2) a reasonable
primality tester. These are both tricky. Especially the PRNG.
> Over the past couple of years, however, the work of
> Bob Silverman of RSA Labs seems to have shown that a lot of the
> pre-qualifications and conditional tests previously required in the process
> of generating RSA keys were unnecessary. Busy-work which complicated
> everything but made no appreciable difference in the security of RSAPKC
> implementations.
Yes, I'm quite aware of this, but it's not relevant to my point.
I'm talking about the basic operation.
> >The tricky bit is correctly generating the key. I don't know
> >of any test vectors for this, a la the test vectors in FIPS-186a
> >for DSS parameter and key generation.
>
> Generating RSA keys may have become less complicated, rather than
> (like everything else) more complicated.
It's still far more complicated than the simple PKCS-1 encryption
and signature modules.
>but I believe the IEEE's P1363 group -- which
>is also developing standard specifications for public key cryptography --
>has recently published an example of test vectors for RSA key generations
>(originally from the X9.32 docs) at:
><http://grouper.ieee.org/groups/1363/testvector.txt>
These test vectors do not appear to include RSA keygen examples.
> If you are waiting for NIST to offer the sort of full crypto module
> validation tests that are offered to provide assurance for the DSA/Fortezza
> version of FIPS-186(a), don't hold your breath.
I'm not. I'd simply like to see a full set of key generation
procedures that allowed you to insert a seed and compare your
output key to the test vector. Precisely the way that FIPS-186a
does for DSA.
-Ekr
-- [Eric Rescorla ekr@rtfm.com]
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:49