.net 给定一个私钥,是否有可能推导出它的公钥?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/696472/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Given a private key, is it possible to derive its public key?
提问by Hemant
From whatever little I understand by reading various material, public-private key pair are the basis of assymetric encryption and also something about choosing 2 prime numbers (which is roughly your private key) and multiplying them (which is roughly your public key), I appears that it is possible to generate a public key if you know the private key. Is it correct or I am mistaking something?
从我通过阅读各种材料了解到的一点点,公私钥对是非对称加密的基础,也是关于选择 2 个质数(大致是您的私钥)并将它们相乘(大致是您的公钥)的基础,我如果您知道私钥,似乎可以生成公钥。这是正确的还是我弄错了什么?
[EDIT]
[编辑]
What made me more confusing was that it is not possible to serialize the RSA key to XML with onlyprivate key (using .NET class RSACryptoServiceProvider). Not sure whether this limitation is intentional or not!
让我更困惑的是,仅使用私钥(使用 .NET 类 RSACryptoServiceProvider)无法将 RSA 密钥序列化为 XML 。不确定这个限制是否是故意的!
采纳答案by sleske
That depends on the crypto system.
这取决于加密系统。
In RSA, we have (citing Wikipedia):
在RSA 中,我们有(引用维基百科):
The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret.
公钥由模数 n 和公共(或加密)指数 e 组成。私钥由模数 n 和必须保密的私有(或解密)指数 d 组成。
Now if we have n and d (the private key), we are only missing e for the public key. But e is often fairly small (less than three digits), or even fixed (a common value is 65537). In these cases getting the public key is trivial.
现在如果我们有 n 和 d(私钥),我们只缺少公钥的 e。但 e 通常相当小(小于三位数),甚至是固定的(常见值为 65537)。在这些情况下,获取公钥是微不足道的。
For Elliptic Curve Diffie-Hellman, the private key is d, and the public key dG (with G also public), so it's trivial as well.
对于Elliptic Curve Diffie-Hellman,私钥是 d,公钥是 dG(G 也是 public),所以也很简单。
回答by vaab
In most asymmetrical crypto system implementation, the only fact that is ensured is that you cannot find the private key from the public key. The other way round, finding the public key from the private key is trivial in most case.
在大多数非对称加密系统实现中,唯一可以确保的事实是您无法从公钥中找到私钥。反过来,在大多数情况下,从私钥中找到公钥是微不足道的。
For instance, in RSA, you can create public key from private key with:
例如,在 RSA 中,您可以使用以下方法从私钥创建公钥:
openssl rsa -in private.pem -pubout -out public.pem
What is misleading is the terminology: "private key" refers to 2 different concepts whether you are speaking of the theory, or wether you are speaking of practical implementation:
令人误解的是术语:“私钥”是指 2 个不同的概念,无论您是在谈论理论,还是在谈论实际实施:
- The theoreticalprivate key is the couple (d, n)which shares perfect symmetrical (mathematical) relation with (e, n). If you are comparing these, one cannot be computed from the other.
- The practicalprivate key (as in openssl implementation for example), refers to a file containing (d, n)but also several important intermediate values for decoding speed purpose. In addition to that, the theoretically "unknown" part of the public key eis often fixed to common values by convention (which is
0x10001by default in openssl and albeit it can be changed, it is strongly recommended to stick to only very specific values). So deducing the public key (e, n)from the private key is trivial for more than one reason.
- 该理论的私钥是夫妻(d,n)的这股完美对称(数学)与关系(E,N) 。如果您正在比较这些,则无法从另一个计算出一个。
- 的实际私钥(如在例如OpenSSL实现),是指包含一个文件(d,n)的同时也用于解码速度目的的几个重要的中间值。除此之外,公钥e理论上“未知”的部分通常按照约定固定为通用值(
0x10001默认情况下在 openssl 中是可以更改的,但强烈建议只使用非常特定的值) . 因此,由于不止一个原因,从私钥中推导出公钥(e, n)是微不足道的。
回答by erickson
It depends on the algorithm, and what you mean by "private key".
这取决于算法,以及您所说的“私钥”是什么意思。
RSA private keys are often stored in their "Chinese Remainder Theorem" form. For example, the RSAPrivateKeystructure defined in PKCS #1 and re-used by many other crypto standards take this form. This form includes the two secret numbers often denoted pand q, from which the totient is computed. With totient and the private exponent, the public exponent is quickly computed.
RSA 私钥通常以它们的“ CN 剩余定理”形式存储。例如,RSAPrivateKey在 PKCS #1 中定义并被许多其他加密标准重新使用的结构采用这种形式。这种形式包括两个通常用p和表示的秘密数字q,从这些数字可以计算出totient。使用 totient 和私有指数,可以快速计算公共指数。
In any case, most RSA key pairs use 65537 as the public exponent, and the modulus is always carried as part of the private key.
在任何情况下,大多数 RSA 密钥对都使用 65537 作为公共指数,并且模数始终作为私钥的一部分携带。
回答by Colonel Panic
For the specific case of OpenSSH and ssh-keygen, yes you can:
对于 OpenSSH 和ssh-keygen的特定情况,是的,您可以:
ssh-keygen -y
This option will read a private OpenSSH format file and print an public key to stdout.
ssh-keygen -y
此选项将读取私有 OpenSSH 格式文件并将公钥打印到标准输出。
Generally, it depends on the algorithm and what you label the private key. However, any sensible implementation will include the complete information (public and private keys) in the secret file.
通常,这取决于算法以及您标记私钥的内容。但是,任何合理的实现都将在机密文件中包含完整的信息(公钥和私钥)。
回答by Adam Hawes
In ANY public key crypto system the public key is mathematically related to the private key. It's very simple.
在任何公钥密码系统中,公钥在数学上与私钥相关。这很简单。
The public key is derived from the private key at generation time, and with the private key at any point in the future it is possible to re-derive the public key easily.
公钥是从生成时的私钥派生出来的,以后任何时候有了私钥,就可以很容易地重新派生出公钥。
It is not feasible to go the other way. Given a public key it is not easy to derive the private key. That's why we can safely share public keys with other people. If you have enough time/CPU cycles you could brute force it but it's probably easier to wait for a mathematical attack on the key.
走另一条路是不可行的。给定一个公钥,导出私钥并不容易。这就是为什么我们可以安全地与其他人共享公钥。如果您有足够的时间/CPU 周期,您可以强制执行它,但等待对密钥的数学攻击可能更容易。
回答by Michael Chourdakis
There is a misconception on what the private key is. The private key is just the (d,n) pair and, given only that, it is infeasible to generate the public key from it unless you can assume that the public exponent is 65537, which is the case on almost all rsa keys.
关于私钥是什么存在误解。私钥只是 (d,n) 对,仅考虑到这一点,从它生成公钥是不可行的,除非您可以假设公钥是 65537,几乎所有 rsa 密钥都是这种情况。
If, for any reason, the public exponent is a larger number you cannot create the public key from the private one.
如果出于任何原因,公共指数是一个较大的数字,则您无法从私有指数创建公钥。
That said, the value stored as "private key" to pem files is not just the private key, but also contains the prime factors (among other things) and, therefore, it's easy to generate the public key from it.
也就是说,存储为 pem 文件的“私钥”的值不仅是私钥,还包含主要因素(除其他外),因此很容易从中生成公钥。
回答by petr
public key is modulus N (and public exponent e, usually 65537), private key is given by the two primes p, q (and private exponent d, sometimes also CRT parts d_p, d_q for speedup) essentially you have N=pq and ed=1 mod ((p-1)(q-1)), you can also compute d_p and d_q using CRT given private key, computation of public key modulus is "boring" multiplication and public exponent is in specification or computed using extended euclid algorithm if standard e was not good enough. given public key, computation of private key requires either finding d (RSA problem) or p,q (factoring, see number field sieve for best algo to do this). These problems are shown to be equivalent under reasonable conditions [Breaking RSA Generically is Equivalent to Factoring, D. Aggarwal and U. Maurer, 2008]
公钥是模数 N(和公钥 e,通常是 65537),私钥由两个素数 p、q(和私钥 d,有时也是 CRT 部分 d_p、d_q 用于加速)给出,本质上你有 N=pq 和 e d=1 mod ((p-1)(q-1)),您也可以使用给定私钥的 CRT 计算 d_p 和 d_q,公钥模数的计算是“无聊的”乘法,公共指数在规范中或使用扩展计算euclid 算法,如果标准 e 不够好。给定公钥,私钥的计算需要找到 d(RSA 问题)或 p,q(分解,请参阅数字字段筛选以获得最佳算法)。这些问题在合理条件下被证明是等效的 [Breaking RSA Generically is Equivalent to Factoring, D. Aggarwal 和 U. Maurer, 2008]
回答by AnthonyWJones
Yes with access to the private key the public key can be generated
是的,可以访问私钥,可以生成公钥
回答by Mark Probst
It is theoretically possible but for large keys computationally infeasible.
这在理论上是可能的,但对于大密钥在计算上是不可行的。
