Extract numbers from a key

Werner Koch wk at gnupg.org
Thu Aug 4 21:25:25 CEST 2011


On Thu,  4 Aug 2011 19:23, tigresetdragons at yahoo.fr said:

> cipher/rsa.c and I found that d is evaluated to match e*d mod f = 1 ,
> with f = phi/gcd((p-1),(q-1)) .
> Why is it coded like that ? Is it safe ?

Using the universal exponent of n (lambda, in the code denoted as f) has
the advantages that d will be smaller.  And thus decryption will be
faster.  It is more a theoretical advantages because we choose p and q
at random and thus lambda won't be much smaller than phi.

Yes, it is secure.  IIRC, X9.31 even requires that.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list