RSA Public exponent defaults to 65537. What should this value be? What are the impacts of my choices?

Question

I'm creating unit tests for software that may encounter different exponent sizes. (see section 3.3.1 of this RFC)

How can I use Bouncy Castle, or any other C# library to generate a RSA key pair that doesn't have a key size of 65537.

If the answer is that I can directly modify this, as long as I update the private key as well, what specific changes (or re-computation) should I make for the public and private key?

Here is the sample code that I'm using to create the key with the exponent of 65537:

        // Create key
        RsaKeyPairGenerator generator = new RsaKeyPairGenerator();
        var param = new KeyGenerationParameters(new SecureRandom(), 1024);
        generator.Init(param);
         AsymmetricCipherKeyPair keyPair= generator.GenerateKeyPair();

        // Save to export format
        SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
        byte[] ret =  info.GetEncoded();
        string ovalue1 = Convert.ToBase64String(ret);

        // Read from export format
        byte[] publicKeyBytes = Convert.FromBase64String(ovalue1);
        AsymmetricKeyParameter asymmetricKeyParameter = PublicKeyFactory.CreateKey(publicKeyBytes);

        RsaKeyParameters rsaKeyParameters = (RsaKeyParameters)asymmetricKeyParameter;
        RSAParameters rsaParameters = new RSAParameters();
        rsaParameters.Modulus = rsaKeyParameters.Modulus.ToByteArray();
        rsaParameters.Exponent = rsaKeyParameters.Exponent.ToByteArray();
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(rsaParameters);

`KeyGenerationParameters` has a subclass `RSAKeyGenerationParameters` that can be instantiated with a public exponent. — Brett Hale, Jul 01 '12 at 10:35
@BrettHale - That solved it for me! If you want the rep for that answer, feel free to post it .. — makerofthings7, Jul 01 '12 at 20:22

score 2 · Answer 1 · edited May 23 '17 at 11:46

Thanks to @BrettHale I was able to solve the issue.

This is how to create a key pair in Bouncy Castle

      // Create key
        RsaKeyPairGenerator generator = new RsaKeyPairGenerator();

        /*
         * This value should be a Fermat number. 0x10001 (F4) is current recommended value. 3 (F1) is known to be safe also.
         * 3, 5, 17, 257, 65537, 4294967297, 18446744073709551617,
         * 
         * Practically speaking, Windows does not tolerate public exponents which do not fit in a 32-bit unsigned integer. Using e=3 or e=65537 works "everywhere". 
         */
        BigInteger exponentBigInt = new BigInteger(exponent.ToString());

        var param = new RsaKeyGenerationParameters(
            exponentBigInt, // new BigInteger("10001", 16)  publicExponent
            new SecureRandom(),  // SecureRandom.getInstance("SHA1PRNG"),//prng
            keyStrength, //strength
            certaninty);//certainty
        generator.Init(param);

Additional links that relate to his recommendation to use RSAKeyGenerationParameters include:

Why is exponent value 65537 used, what are the alternatives and impacts?
What is certainty, and what is the correct value for this (hint: it depends on key length)

These recommendations are largely due to [Coppersmith's attack](http://en.wikipedia.org/wiki/Coppersmith's_Attack) and its variants. — Brett Hale, Jul 02 '12 at 07:11

RSA Public exponent defaults to 65537. What should this value be? What are the impacts of my choices?

1 Answers1

Linked