The RSA public key algorithm was devised in 1979 by Rivest, Shamir and Adleman (hence the name). It is an asymmetric cryptographic algorithm, which means that the encryption and decryption keys are different, and that it is computationally infeasible to deduce the decryption key from the encryption key. The encryption key may be made public and distributed in clear without compromising the security of the decryption key, hence the term Public Key Cryptography.
RSA public-key cryptography is usually used in two ways:
· To digitally sign electronic messages to provide proof of the identity of the sender, and to protect the integrity of the contents of the messages.
· To automate and simplify the difficult problem of secret key distribution and management in large distributed networks, such as the Internet.
The RSA algorithm is implemented in all variants of the HSM 8000.
Functions are provided for:
· Generation of variable-length RSA keys.
· Validation of public key certificates.
· Generation and validation of digital signatures.
· Secure DES key management using RSA public master keys.
· Generation of hash values.
To conform to international export controls, no functions are provided for straightforward RSA data encryption and decryption.
The length of the RSA keys used can be selected from 320 to 2048 bits.
HSM Buffer Sizes
The HSM has a 32K-byte input buffer and it is the responsibility of the host application to ensure that that the total amount of data sent in an HSM command does not cause a buffer overflow.
Data Formats
Certificates, signatures, encrypted key blocks and message data supplied in commands specified in this document are binary fields, with the leftmost byte being the most significant and the rightmost byte being the least significant. Note that the binary data may be right justified and padded to the left with zeros, if necessary, in order to make the data length (in bits) an exact multiple of eight.
Even Public Exponent
There is a variant of RSA (known as the “Rabin” variant) which utilises an even Public Exponent. This variant cannot be used for unique encryption/decryption unless the associated data contains some redundant information which can be used to determine the correct result. Although the commands specified in this document, which use a Public Key, could be used with an even Exponent, there is no guarantee that the results produced by these commands will be correct. It is strongly recommended that the commands in this document are used only with odd Public Exponents. Note that it is not possible to use the HSM to generate an RSA Key Set that has an even Public Exponent.