PKCS #1: RSA Encryption Standard
An RSA Laboratories Technical Note
Version 1.5
Revid November 1, 1993*
1. Scope
This standard describes a method for encrypting data using the RSA public-key cryptosystem. Its intended u is in the construction of digital signatures and digital envelopes, as described in PKCS #7:
•For digital signatures, the content to be signed is first reduced to a message digest with a message-digest algorithm (such as MD5),
and then an octet string containing the message digest is encrypted
with the RSA private key of the signer of the content. The content
and the encrypted message digest are reprented together
according to the syntax in PKCS #7 to yield a digital signature. This漏景
application is compatible with Privacy-Enhanced Mail (PEM)
methods.
•For digital envelopes, the content to be enveloped is first encrypted under a content-encryption key with a content-encryption
algorithm (such as DES), and then the content-encryption key is
encrypted with the RSA public keys of the recipients of the content.
The encrypted content and the encrypted content-encryption key
are reprented together according to the syntax in PKCS #7 to
yield a digital envelope. This application is also compatible with
PEM methods.
*Superdes June 3, 1991 version, which was also published as NIST/OSI Implementors' Workshop document SEC-SIG-91-18. PKCS documents are available by electronic mail to <>. Copyright © 1991–1993 RSA Laboratories, a division of RSA Data Security, Inc. Licen to copy this document is granted provided that it is identified as "RSA Data Security, Inc. Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document.
003-903018-150-000-000
Page 2PKCS #1: RSA E NCRYPTION S TANDARD The standard also describes a syntax for RSA public keys and private keys. The public-key syntax would be ud in certificates; the private-key syntax would be ud typically in PKCS #8 private-key information. The public-key syntax is identical to that in both X.509 and Privacy-Enhanced Mail. Thus X.509/PEM RSA keys can be ud in this standard.
The standard also defines three signature algorithms for u in signing X.509/PEM certificates and certificate-revocation lists, PKCS #6 extended certificates, and other objects employing digital signatures such as X.401 message tokens.
断舍离是什么意思Details on message-digest and content-encryption algorithms are outside the scope of this standard,
as are details on sources of the pudorandom bits required by certain methods in this standard.
2. References
FIPS PUB 46–1National Bureau of Standards. FIPS PUB 46–1: Data Encryption Standard. January 1988.
PKCS #6RSA Laboratories. PKCS #6: Extended-Certificate Syntax Standard. Version 1.5, November 1993.
PKCS #7RSA Laboratories. PKCS #7: Cryptographic Message Syntax Standard. Version 1.5, November 1993.
PKCS #8RSA Laboratories. PKCS #8: Private-Key Information Syntax Standard. Version 1.2, November 1993.
RFC 1319 B. Kaliski. RFC 1319: The MD2 Message-Digest Algorithm. April 1992.
RFC 1320R. Rivest. RFC 1320: The MD4 Message-Digest Algorithm. April 1992.
RFC 1321R. Rivest. RFC 1321: The MD5 Message-Digest Algorithm. April 1992.
RFC 1423 D. Balenson. RFC 1423: Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers. February 1993.
X.208CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.
X.209CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). 1988.
X.411CCITT. Recommendation X.411: Message Handling Systems: Message Transfer System: Abstract Service Definition and Procedures.1988.
X.509CCITT. Recommendation X.509: The Directory—Authentication Framework. 1988.
3. D EFINITIONS Page 3 [dBB92] B. den Boer and A. Boslaers. An attack on the last two rounds of MD
4. In J.
Feigenbaum, editor, Advances in Cryptology—CRYPTO '91 Proceedings, volume
576 of Lecture Notes in Computer Science, pages 194–203. Springer-Verlag, New
York, 1992.
[dBB93] B. den Boer and A. Boslaers. Collisions for the compression function of MD5.
Prented at EUROCRYPT '93 (Lofthus, Norway, May 24–27, 1993).
[DO86]Y. Desmedt and A.M. Odlyzko. A chon text attack on the RSA cryptosystem and some discrete logarithm schemes. In H.C. Williams, editor, Advances in
Cryptology—CRYPTO '85 Proceedings, volume 218 of Lecture Notes in Computer
Science, pages 516–521. Springer-Verlag, New York, 1986.
[Has88]Johan Hastad. Solving simultaneous modular equations. SIAM Journal on Computing, 17(2):336–341, April 1988.
手机管家怎么卸载[IM90]Colin I'Anson and Chris Mitchell. Security defects in CCITT Recommendation X.509—The directory authentication framework. Computer Communications
Review, :30–34, April 1990.
[Mer90]R.C. Merkle. Note on MD4. Unpublished manuscript, 1990.
[Mil76]G.L. Miller. Riemann's hypothesis and tests for primality. Journal of Computer and Systems Sciences, 13(3):300–307, 1976.
[QC82]J.-J. Quisquater and C. Couvreur. Fast decipherment algorithm for RSA public-key cryptosystem. Electronics Letters, 18(21):905–907, October 1982.
[RSA78]R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–
126, February 1978.
煎咸鱼
3. Definitions
For the purpos of this standard, the following definitions apply. AlgorithmIdentifier: A type that identifies an algorithm (by object identifier) and associated parameters. This type is defined in X.509.
ASN.1: Abstract Syntax Notation One, as defined in X.208.
BER: Basic Encoding Rules, as defined in X.209.
DES: Data Encryption Standard, as defined in FIPS PUB 46-1.
MD2: RSA Data Security, Inc.'s MD2 message-digest algorithm, as defined in RFC 1319.
Page 4PKCS #1: RSA E NCRYPTION S TANDARD MD4: RSA Data Security, Inc.'s MD4 message-digest algorithm, as defined in RFC 1320.
MD5: RSA Data Security, Inc.'s MD5 message-digest algorithm, as defined in RFC 1321.
modulus: Integer constructed as the product of two primes.
PEM: Internet Privacy-Enhanced Mail, as defined in RFC 1423 and related documents.
RSA: The RSA public-key cryptosystem, as defined in [RSA78].
private key: Modulus and private exponent.
public key: Modulus and public exponent.
4. Symbols and abbreviations
Upper-ca italic symbols (e.g., BT) denote octet strings and bit strings (in the ca of the signature S); lower-ca italic symbols (e.g., c) denote integers.
5. General overview
The next six ctions specify key generation, key syntax, the encryption process, the decryption process, signature algorithms, and object identifiers.
Each entity shall generate a pair of keys: a public key and a private key. The encryption process shall be performed with one of the keys and the decryption process shall be performed with the other
key. Thus the encryption process can
6. K EY GENERATION Page 5 be either a public-key operation or a private-key operation, and so can the decryption process. Both process transform an octet string to another octet string. The process are invers of each other if one process us an entity's public key and the other process us the same entity's private key.
The encryption and decryption process can implement either the classic RSA transformations, or variations with padding.
招聘58同城6. Key generation
This ction describes RSA key generation.
我投资你办厂Each entity shall lect a positive integer e as its public exponent.
Each entity shall privately and randomly lect two distinct odd primes p and q such that (p−1) and e have no common divisors, and (q−1) and e have no common divisors.
The public modulus n shall be the product of the private prime factors p and q:
n = pq .
The private exponent shall be a positive integer d such that de−1 is divisible by both p−1 and q−1.
The length of the modulus n in octets is the integer k satisfying
28(k−1)≤n< 28k .
The length k of the modulus must be at least 12 octets to accommodate the block formats in this standard (e Section 8).
Notes.
1.The public exponent may be standardized in specific applications.
The values 3 and F4 (65537) may have some practical advantages,
as noted in X.509 Annex C.
2.Some additional conditions on the choice of primes may well be
taken into account in order to deter factorization of the modulus.
关于交友的诗词
The curity conditions fall outside the scope of this standard.
约瑟夫坎贝尔
The lower bound on the length k is to accommodate the block
formats, not for curity.
