OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:1" - Bad RSA Key

Q

Can I use 1 as the public exponent to generate an RSA private key?

✍: FYIcenter.com

A

No. Using public exponent of 1 will generate identical RSA private key and public key as shown below:

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -algorithm rsa -out rsa_test.key -pkeyopt rsa_keygen_bits:256 
   -pkeyopt rsa_keygen_pubexp:1
.........+++++++++++++++++++++++++++
................+++++++++++++++++++++++++++

OpenSSL> pkey -in rsa_test.key -text -noout
Private-Key: (256 bit)
modulus:
    00:9c:e6:28:67:b8:c5:7c:fa:a6:67:bc:b4:e9:eb:
    64:1d:06:37:d4:a6:f7:9d:20:2d:79:6b:aa:90:ea:
    c7:d1:1d
publicExponent: 1 (0x1)
privateExponent: 1 (0x1)
prime1:
    00:d0:28:ab:a1:8f:18:a1:19:68:e7:7b:2d:60:e7:
    a1:0d
prime2:
    00:c0:f5:8a:ac:a2:52:4f:07:aa:80:e7:c1:fc:e6:
    4c:51
exponent1: 1 (0x1)
exponent2: 1 (0x1)
coefficient:
    2b:77:16:b9:cb:e8:56:06:08:75:20:58:14:09:b8:
    2f

What this test tells us:

  • If public exponent is set to 1, the private exponent is calculated as 1. So the private key is identical to the public key. This is a bad RSA key.
  • OpenSSL should include validation logic to error this input parameter.

 

OpenSSL "genpkey" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2018-01-06, 632👍, 0💬