fermat primes and dnssec-keygen bug?
Bill Owens
owens at nysernet.org
Wed Mar 7 14:14:26 UTC 2012
On Wed, Mar 07, 2012 at 12:13:35PM +0000, Chris Thompson wrote:
> This is wrong (although I have seen the same thing stated in a number
> of other places). When the default public exponent was changed from
> 3 to 2^16+1 (change 2088) the one selected by -e was changed from
> 2^16+1 to 2^30+3 ... *not* 2^32+1. And so it remains today.
...
> And you will find that the ones generated by "dnssec-keygen -e" start
> BEAAAA...
Umm, no:
[littledebian:~/dns] owens% dnssec-keygen -e example.com
Generating key pair....................................++++++ .............++++++
Kexample.com.+005+43304
[littledebian:~/dns] owens% cat Kexample.com.+005+43304.key
; This is a zone-signing key, keyid 43304, for example.com.
; Created: 20120307140855 (Wed Mar 7 09:08:55 2012)
; Publish: 20120307140855 (Wed Mar 7 09:08:55 2012)
; Activate: 20120307140855 (Wed Mar 7 09:08:55 2012)
example.com. IN DNSKEY 256 3 5 BQEAAAABw3A8Wji6BjyanbOXUtIH1UcroHZKh06qRKXASbxHAQHJogaw 6m2wYX77KvtzVSto/nbHXM/53Vbu/Ar8CAXC/+r/R5BOHw73qA12LqXr 7utMeLmBPjq4RUqluurlVTHt5/FD85tr0yr8mu7h39gVmMY0bnRpgx6p aj2zjpv3O3U=
The code definitely uses 2^32+1:
[littledebian:bind-9.9.0/lib/dns] owens% grep -A 3 -B 5 F5 opensslrsa_link.c
if (exp == 0) {
/* RSA_F4 0x10001 */
BN_set_bit(e, 0);
BN_set_bit(e, 16);
} else {
/* F5 0x100000001 */
BN_set_bit(e, 0);
BN_set_bit(e, 32);
}
Note - I have no opinion on whether this is good, bad, or merely ugly since I don't write crypto code and don't understand enough about RSA to be able to form an opinion. But that's what BIND does, as of the current version.
Bill.
More information about the bind-users
mailing list