OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:2" Runs Forever

Q

What will happen if I use 2 as the public exponent to generate an RSA private key?

✍: FYIcenter.com

A

OpenSSL will run forever, if you use 2 as the public exponent to generate an RSA private key, because OpenSSL can no find any private exponent to meet the RSA requirements. See the test below:

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -algorithm rsa -out rsa_test.key -pkeyopt rsa_keygen_bits:256 
   -pkeyopt rsa_keygen_pubexp:2

....+++++++++++++++++++++++++++*....+++++++++++++++++++++++++++*.....+++++++++++
++++++++++++++++*...+++++++++++++++++++++++++++*..+++++++++++++++++++++++++++*..
..........+++++++++++++++++++++++++++*....+++++++++++++++++++++++++++*...+++++++

.... (running forever)

What this test tells us:

  • OpenSSL needs to be enhanced to include logic to validate the "rsa_keygen_pubexp" parameter to prevent this happening.

 

OpenSSL "genpkey -des" - DES Encrypt RSA Keys

OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:1" - Bad RSA Key

OpenSSL "genpkey" Command for RSA Keys

⇑⇑ OpenSSL Tutorials

2017-09-08, 2536👍, 0💬