OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:1" - Bad RSA Key

Q

Can I use 1 as the public exponent to generate an RSA private key?

✍: FYIcenter.com

A

No. Using public exponent of 1 will generate identical RSA private key and public key as shown below: 

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -algorithm rsa -out rsa_test.key -pkeyopt rsa_keygen_bits:256 
   -pkeyopt rsa_keygen_pubexp:1
.........+++++++++++++++++++++++++++
................+++++++++++++++++++++++++++

OpenSSL> pkey -in rsa_test.key -text -noout
Private-Key: (256 bit)
modulus:
    00:9c:e6:28:67:b8:c5:7c:fa:a6:67:bc:b4:e9:eb:
    64:1d:06:37:d4:a6:f7:9d:20:2d:79:6b:aa:90:ea:
    c7:d1:1d
publicExponent: 1 (0x1)
privateExponent: 1 (0x1)
prime1:
    00:d0:28:ab:a1:8f:18:a1:19:68:e7:7b:2d:60:e7:
    a1:0d
prime2:
    00:c0:f5:8a:ac:a2:52:4f:07:aa:80:e7:c1:fc:e6:
    4c:51
exponent1: 1 (0x1)
exponent2: 1 (0x1)
coefficient:
    2b:77:16:b9:cb:e8:56:06:08:75:20:58:14:09:b8:
    2f

What this test tells us:

  • If public exponent is set to 1, the private exponent is calculated as 1. So the private key is identical to the public key. This is a bad RSA key.
  • OpenSSL should include validation logic to error this input parameter.

 

OpenSSL "genpkey" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2018-01-06, 561👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows