RSA key generation and ANSI X9.31
Francois Grieu
"RSA keys are generated according to procedures described in ANSI X9.31."
ANSI X9.31:1998, section 4.1.2, requires in particular that
* p-1, p+1, q-1, q+1 each should have prime factors p1, p2, q1, q2
that are randomly selected primes in range 2^100 to 2^120.
* p and q shall be the first primes discovered in an approriate
interval, from a random starting point, that meet the above.
* p and q shall be different in one at least of their first 100 bits.
I failed to locate any code performing the above. Did I miss something,
or is the above quotation of the security policy to be taken as implying
that some (e.g. appendix A), but not all of ANSI X9.31 (e.g. body)
is followed?
Note: I am convinced that NOT following the above ANSI X9.31 requirements
does NOT jeopardize security in any way; I just want to know if
conformance to ANSI X9.31 can be claimed by using Crypto++
Francois Grieu
Wei Dai
> ANSI X9.31:1998, section 4.1.2, requires in particular that
> * p-1, p+1, q-1, q+1 each should have prime factors p1, p2, q1, q2
> that are randomly selected primes in range 2^100 to 2^120.
> * p and q shall be the first primes discovered in an approriate
> interval, from a random starting point, that meet the above.
> * p and q shall be different in one at least of their first 100 bits.
>
> I failed to locate any code performing the above. Did I miss something,
> or is the above quotation of the security policy to be taken as implying
> that some (e.g. appendix A), but not all of ANSI X9.31 (e.g. body)
> is followed?
You're right, this section of ANSI X9.31 is not followed.