|ohdave.com Equal parts Joe Diffie and Diffie-Hellman||dashboard | contact | twitter|
As it turns out, people were interested in using this stuff. Some folks have written articles about it, and others have actually put it into production. To this day, most of the traffic on my site is related to this RSA business (which is crazy – haven't you seen my collection of guitar transcriptions??). I have received quite a few queries over the years asking how to make the library compatible with OpenSSL. The obstacle was always padding.
About a year ago, a gentleman named Eric Wilde solved all of our problems. He implemented PKCS #1 v1.5 padding and baked it right in, so you just have to add a flag to one function call, and you get the results correctly formatted for OpenSSL. In the process, he documented the RSA library more thoroughly, and also provided a stripped version (using jsmin) for production use.
How to use
On the server, you can use whatever language you'd like. In this example, we're using PHP.Other languages, including Perl, Python, and Ruby, are coming soon.
Creating and managing keys
I recommend using OpenSSL to create and manage RSA keys. The OpenSSL toolkit is readily available on Unix and Windows OSes, and if you're working with a third party's public key, you'll mostly likely get it in the PEM container format, which OpenSSL works nicely with.
Creating a new keypair: To create a new 2048-bit keypair from a command-line interpreter such as bash, use this command:
This prints out all key components as hexadecimal numbers. The component called "publicExponent" is what you're looking for, and by default it has the value 0x10001:
Using a third-party public key: If someone else gives you their public key file in PEM format, you can extract the
public exponent and the modulus using the same commands, but with the additional
And to print the modulus, use:
Many thanks to Eric Wilde and Rob Saunders for helping with padding and endianness issues.