From 04376627a67d7af83e839ce11ee4f93433bc5af5 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Wed, 28 Jun 2006 22:29:25 +0000 Subject: [PATCH] * rsa.c (generate): Use e=65537 for new RSA keys. --- cipher/ChangeLog | 4 ++++ cipher/rsa.c | 22 +++++++++------------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 869ae6585..94849a647 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,7 @@ +2006-06-28 David Shaw + + * rsa.c (generate): Use e=65537 for new RSA keys. + 2006-04-20 David Shaw * dsa.c (dsa2_generate): New function to generate a DSA key with a diff --git a/cipher/rsa.c b/cipher/rsa.c index 8b23326f2..0b00e215e 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -136,25 +136,21 @@ generate( RSA_secret_key *sk, unsigned nbits ) mpi_gcd(g, t1, t2); mpi_fdiv_q(f, phi, g); - /* find an public exponent. - We use 41 as this is quite fast and more secure than the - commonly used 17. Benchmarking the RSA verify function - with a 1024 bit key yields (2001-11-08): + /* Find an public exponent. + Benchmarking the RSA verify function with a 1024 bit key yields + (2001-11-08): e=17 0.54 ms e=41 0.75 ms e=257 0.95 ms e=65537 1.80 ms + + This code used 41 until 2006-06-28 when it was changed to use + 65537 as the new best practice. See FIPS-186-3. */ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - mpi_set_ui( e, 41); - if( !mpi_gcd(t1, e, phi) ) { - mpi_set_ui( e, 257); - if( !mpi_gcd(t1, e, phi) ) { - mpi_set_ui( e, 65537); - while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ - mpi_add_ui( e, e, 2); - } - } + mpi_set_ui( e, 65537); + while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ + mpi_add_ui( e, e, 2); /* calculate the secret key d = e^1 mod phi */ d = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );