[cryptography] Modern replacement for ANSI X9.31 as far as RSA key generation goes?

Francois Grieu fgrieu at gmail.com
Thu Dec 2 13:19:39 EST 2010

On 02/12/2010 18:46, Paul Rubin wrote:
> Francois Grieu <fgrieu at gmail.com> writes:
>> I'm thus in search for a current public standard (not
>> necessarily free) specifying algorithms for RSA key
>> generation, as a replacement for ANSI X9.31:1998;
> Does IEEE 1363 have what you want?

Upon checking, yes and that's a good idea. Thanks.
I found a few issues though.

One issue is that there is nothing prescribed in the
body of the P1363 standard, but at least there is a
SUGGESTION to use "A.16.11 An Algorithm for Generating
RSA Keys" and that can be given as a reference.

The worse is is that the factors generated per A.16.11
in P1363 do not seem guaranteed to be compatible with a
gizmo working per ANSI X9.31:1998, for the former allows
p and q to be of different bit size (and unless I err
often does so), while the later prescribes primes of
equal size. That could be a serious issue for CRT
implementations of the private key function.

Also ANSI X9.31:1998 has requirements for the bit size
of e and n, that are not in P1363 as far as I see.

Ahhh, standards, how to choose between them?

  Francois Grieu

More information about the cryptography mailing list