Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1

Abstract: This memo represents a republication of PKCS #1 v2

“…The only situation we are aware of in which RSA-SCP might have an advantage over FACT-SCP is when the most often executed operation is Express, and deployment of multiprime RSA is acceptable (e.g., N = pqr). Briefly, in the multiprime RSA setting [17,13], private key operations can be implemented particularly efficiently, based on the Chinese Remainder Theorem (CRT). Observe that Definition 8 (in Appendix C) is general enough to cover the multiprime setting.…”

“…A standard trick [17,6] to speed up private operations in factoring-based schemes is via the Chinese Remainder Theorem (CRT). For instance, if an exponentiation y ← x k mod N is to be computed and the factorization N = pq is known, then y can be obtained by CRTdecomposing x into x p ← x mod p and x q ← x mod q, by computing y p ← x k mod ϕ(p) p mod p and y q ← x k mod ϕ(q) q mod q independently of each other, and by mapping (y p , y q ) back to Z N (by applying the CRT a second time).…”

Practical Secure Logging: Seekable Sequential Key Generators

“…The only situation we are aware of in which RSA-SCP might have an advantage over FACT-SCP is when the most often executed operation is Express, and deployment of multiprime RSA is acceptable (e.g., N = pqr). Briefly, in the multiprime RSA setting [17,13], private key operations can be implemented particularly efficiently, based on the Chinese Remainder Theorem (CRT). Observe that Definition 8 (in Appendix C) is general enough to cover the multiprime setting.…”

“…A standard trick [17,6] to speed up private operations in factoring-based schemes is via the Chinese Remainder Theorem (CRT). For instance, if an exponentiation y ← x k mod N is to be computed and the factorization N = pq is known, then y can be obtained by CRTdecomposing x into x p ← x mod p and x q ← x mod q, by computing y p ← x k mod ϕ(p) p mod p and y q ← x k mod ϕ(q) q mod q independently of each other, and by mapping (y p , y q ) back to Z N (by applying the CRT a second time).…”

Practical Secure Logging: Seekable Sequential Key Generators

“…This key and its corresponding private key are generated by the client before contacting the server. Implementations of this protocol MUST support RSA keys, in which case the key is a DER-encoded RSAPublicKey as defined in [RFC3447], Section A.1.1, and then it is stored in this octet string in the request. Its encoding as an OCTET STRING starts with the 0x30 byte sequence at the beginning of a DER-encoded RSAPublicKey.…”

kx509 Kerberized Certificate Issuance Protocol in Use in 2012

“…The "RSA-SHA1" signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447], Section 8.2 (also known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. To use this method, the client MUST have established client credentials with the server that included its RSA public key (in a manner that is beyond the scope of this specification).…”

“…The signature base string is signed using the client's RSA private key per [RFC3447], Section 8.2.1:…”

The OAuth 1.0 Protocol