Extract numbers from a key
Werner Koch
wk at gnupg.org
Thu Aug 4 21:25:25 CEST 2011
On Thu, 4 Aug 2011 19:23, tigresetdragons at yahoo.fr said:
> cipher/rsa.c and I found that d is evaluated to match e*d mod f = 1 ,
> with f = phi/gcd((p-1),(q-1)) .
> Why is it coded like that ? Is it safe ?
Using the universal exponent of n (lambda, in the code denoted as f) has
the advantages that d will be smaller. And thus decryption will be
faster. It is more a theoretical advantages because we choose p and q
at random and thus lambda won't be much smaller than phi.
Yes, it is secure. IIRC, X9.31 even requires that.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list