? It is equivalent to solving the unary quadratic equation 23 * d+ 192 * y = 1.
? One of the solutions is (d= 167, y=-20).
? So far, all the calculations have been completed.
? For the above example, to the public key (22 1, 23) and the private key (22 1, 167).
In the above calculation process, a * * * is used.
Only the public key part of the above numbers is public, namely (22 1, 23). So can we deduce the private key part, which is known as N and E, and deduce D through the public key?
(1)ed 1(mod (n)), d can only be solved if it knows (n).
(2) (n) = (p) (q) = (p-1) (q-1), and only when we know p and q can we get (n).
(3) If n = p q, you need to factorize n..
So if you can factorize n, you can find d, which means the private key has been cracked.
Then the reliability of RSA encryption lies in the difficulty of decomposing n. At present, there is no clever algorithm to decompose an integer n, so we can only rely on brute force. In practical application, the value of n is usually above 1024, and the known maximum factorization number is 768. So RSA encryption is reliable at this stage.
Now we can encrypt and decrypt.
We use the public key (22 1, 23) generated above for encryption. If the information we need to encrypt is m( m must be an integer, and m should be less than n), take m as 56, and the encrypted string c can be obtained by the following formula:
? C (model n)
? 10 (model 22 1)
It can be found that the encryption result c is 10.
The key is (22 1, 167), and the encryption result is c= 10. The encrypted information can be obtained by using the following formula.
? M (mod n), that is, the remainder of the d power of the encryption result divided by n, is m.
? 56 (model 22 1)
RSA encryption is a block encryption algorithm, which always operates on fixed-length blocks. If the encrypted string is too long, it needs to be cut; if it is too short, it needs to be filled.
The following mainly introduces RSA_PKCS 1_PADDING filling mode and RSA_NO_PADDING mode.
This filling mode is the most commonly used filling mode. In this filling mode, the input length is limited by the length of the encryption key, and the maximum input length is the number of bits of the encryption key k- 1 1. If the length of the public key is 1024 bits, that is, 128 bytes, then the input length is at most11=17 bytes. If the length is less than 1 17, it needs to be filled. If the length of the input T is 55 bytes and the padding block is EM, the EM format is as follows:
EM= 0x00 || BT || PS || 0x00 || T
In this padding mode, the input length is at most as long as the RSA public key length, and if it is less than the public key length, 0x00 will be padded in front. If the length of the public key is 128 bytes, the length of the input t is 55 bytes, and the padding block is EM, the format of EM is as follows:
EM=P || T
Reference:
/blog/2065 438+03/06/RSA _ algorithm _ part _ one . html
/blog/2065 438+03/07/RSA _ algorithm _ part _ two . html
/3pgp/blog/749 195