Does the public and private key really have equality in encryption?
Is it easier to calculate the public key when you know a private key?
Or does it have the same difficulty to calculate another key when you know one of them?
Maybe my expression is not clear.
I mean. Is it easier to calculate the public key from the private key than calculate the private key from the public key ?
No. The private key should be kept private as the public key can be generated from the public.
The formula to encrypt with the private key and the formula to encrypt with the public key is not the same.
openssl rsa -in privatekey.pem -pubout
https://security.stackexchange.com/questions/172274/can-i-get-a-public-key-from-an-rsa-private-key
d and e are chosen such that they are inverses mod phi(n), which is the only relationship they need for the RSA math to work.
In the original RSA paper the formula was to choose a large d relatively prime to phi(n), and calculate e as a consequence.
Now the algorithm is to choose e to be a small value relatively prime to phi(n) and calculate d. (e is almost always 0x010001 these days). This lets implementations use a fast calculation for public key operations and a Montgomery ladder to do a Hamming-weight-blinded computation with the private key.
If a modern key generator produced your key, swapping d and e would be bad, because everyone would have a good guess at your private exponent once your public exponent was so big.
Related
I'm using JPA, Hibernate and Postgres. I'd like the code to be as solution neutral as possible, where JPA is a given.
My simplified entity looks like this:
#Entity
#Table(name = "example")
public class ExampleEntity {
#Id
#GeneratedValue
private UUID id;
private String businessId; //format is YYYY000001 where YYYY = current year. Current assumption: number is incrementing and reset every year, number is always filled up with leading 0 to make the key 10 digits
}
I always have a generated UUID as the primary key. The business-id shall only be set if a certain state has been reached and is therefore unrelated to when the entity has been created. I would like the database to take care of the incrementing number.
Preferably I'd like to solve this through JPA, but also see a "dirtier" solution where I fetch the sequence-id and generate the business-key in my logic.
So I stumbled upon this article earlier today
https://blogs.msdn.microsoft.com/azuremobile/2014/05/22/tables-with-integer-keys-and-the-net-backend/
In the article, the author makes a comment that got my attention. He said
Note: Typically, when starting from an Entity Framework Code-First model in your .NET Backend, you would use string ids
From what I've read, using string Ids can be a performance issue in as your table grows. So I would just like to know if this was just the authors opinion or it is a standard. If it is the later, I would like to know the reasons behind this.
IMHO identity field should be numeric for performance reasons matching int is way much faster than matching string and numeric field saves a lot of space than string.
Technically yes, you can use the string as primary key, but if a string makes sense to be the primary key then you should probably use it. You have to take in your account some consideration.
Digtis comparison is faster then string comparison
Longer string mean harder to compare
When you must use a string as primary key then set the length e.g. MaxLength = 20 = nvarchar(20)
public class User
{
[Key, DatabaseGenerated(DatabaseGeneratedOption.None), MaxLength(20)]
public string UserId { get; set; }
....
This will help you to avoid some performance issues.
You can also change the generated key from nvarchar to varchar by using dbcontext.executesqlcommand this will give you more space (One charachter will use only one byte and not 2).
Alternatively, you can with code first change the column data type as following:
[Key, DatabaseGenerated(DatabaseGeneratedOption.None), Column(TypeName = "varchar"), MaxLength(20)]
public string UserId { get; set; }
....
I am working on EMV technology and trying to decrypt ISSUER PUBLIC KEY CERTIFICATE.
As per my understanding about CA Certificate, certificate contain Issuer Public key inside it. CA authority keep data along with public key and encrypt this all with its PRIVATE KEY.
EMV BOOK 2 Table 6: Format of Data Recovered from Issuer Public Key Certificate,
Define certificate format. it means if I will decrypt the certificate from CA public key, we could get the data in the format specified in table -6.
On the internet I found BP-TOOL which doing this kind of activity and very similar what I want to get. sharing here BP-Tool example:-
DDA: Issuer Public Key Recovery
CA PK Modulus:
BE9E1FA5E9A803852999C4AB432DB28600DCD9DAB76DFAAA47355A0FE37B1508AC6BF38860D3C6C2E5B12A3CAAF2A7005A7241EBAA7771112C74CF9A0634652FBCA0E5980C54A64761EA101A114E0F0B5572ADD57D010B7C9C887E104CA4EE1272DA66D997B9A90B5A6D624AB6C57E73C8F919000EB5F684898EF8C3DBEFB330C62660BED88EA78E909AFF05F6DA627B
Issuer's Public Key Certificate:
7F4C6034C33BF35BAFFF53F51C0F8A2B32C8FDE1D033DDB69DCA85C5B4797BD2F55BE970C026B75B76E9C17E8564111FDEB97B26E350F59F6C63C30B0BD80E33123DF73CF8F87B28D54D28E4D6284F44E6E61AD95826474EBF6C28796B9B222DF14194A539E92DB185D86D8EDDD8AA01ECBE93E0EC3F87383D879534FE0BD397D7D59FC6E37012258B894400EE715338
----------------------------------------
Recovered Data: 6A02457896FF12170314EF01019001E04E4FC478A42241068E2C9CFDEE9D7450F48F812FA66CEFB8ECBE31DD3C26C3B8A3891B77C1AA2A5A7448B869B7213D36C341E9B71302ADF478F67537032C080186C44034B1801D7644B6EEFAEA566D7336A8C83F42B7992F28BF5EA6B9D14C05870AD4DBD8CDAB8771F65F83D800B353B11E1805C7E4529F261C16A38DE756BC
Data Header: 6A
Data Format: 02
Issuer Identifier: 457896FF
Certificate Expiration Date: 1217
Certificate Serial Number: 0314EF
Hash Algorithm Indicator: 01
Issuer Public Key Algorithm Indicator: 01
Issuer Public Key Length: 90
Issuer Public Key Exponent Length: 01
Issuer Public Key: E04E4FC478A42241068E2C9CFDEE9D7450F48F812FA66CEFB8ECBE31DD3C26C3B8A3891B77C1AA2A5A7448B869B7213D36C341E9B71302ADF478F67537032C080186C44034B1801D7644B6EEFAEA566D7336A8C83F42B7992F28BF5EA6B9D14C05870AD4DBD8CDAB8771F65F
Hash Result: 83D800B353B11E1805C7E4529F261C16A38DE756
Data Trailer: BC
I am looking for the algorithm used in this example. your any help would be a lot for me.
Thanks in advance...
You can use a Big Digit library which will enable you to view how the algorithm works if you plan to implement your own, or use it to perform the decryption for you. I got mine from here and used it to create a decryption function for my EMV program. I just pass values to it and it gives me back the answer. There are examples in the link to help you get up to speed.
Have a look at class IssuerPublicKeyCertificate from javaemvreader project. It implements the recovery of issuer certificate.
Also take into account that a part of the issuer public key might be stored inside "Issuer Public Key Remainder" tag (0x92).
I'm working on a JavaEE application with EJB and JPA.
My Entities, are defined, for instance, like this:
#Entity
public class Utente implements Serializable {
#Id
#GeneratedValue
private int cod_utente;
private String nome_utente;
private String morada_utente;
#Temporal(TemporalType.DATE)
private GregorianCalendar dnasc_utente;
private int tel_utente;
private List<GregorianCalendar> agenda;
#OneToMany
#JoinColumn(nullable=true)
private List<Prescricao> lista_presc;
When I create entities Utente, the keys are generated sequentially starting from one. If I shut down the clients and server and execute them again, the "counter" of the key generator is reestablished. This results in an error because the application will try to create another Utente with primary key "1".
Can please someone help me solve this problem?
The code:
#Id
#GeneratedValue
private int cod_utente;
doesn't set a specific stategy to generate the values for the ID.
It is the same as this code:
#Id
#GeneratedValue(strategy=GenerationType.AUTO)
private int cod_utente;
GenerationType.AUTO means that the persistence provider (in Glassfish the default persistence provider is EclipseLink) should choose an appropriate strategy for the database you are using. It looks like the persistence provider is choosing a strategy which is restarting the values after a server restart in your case.
There are different generation strategies, you can find some detailed information in the EclipseLink Wiki.
I guess your best bet is to use a database sequence (GenerationType.SEQUENCE) to generate the ID values.
Example:
Create a database sequence named GEN_SEQUENCE (if you let the persistence provider generate your tables I guess you can also let it create the sequence somehow but this example will show how to do it manually), you should look for information on how to do that in the database you are using (probably something like CREATE SEQUENCE gen_sequence;). Change your code to this:
#Id
#GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "my_seq_gen")
#SequenceGenerator(name = "my_seq_gen", sequenceName = "GEN_SEQUENCE")
private int cod_utente;
You can also use the same sequence for different classes.
Update:
For the #SequenceGenerator you can set an allocationSize, this value is the amount of sequence values which get reserved. The default value is 50. When you have a sequence which starts at 0, the first time a value is requested from the sequence, the sequence allocates (and reserves) the values 0-49 (or 1-50). These values can be used by the persistence provider until all values have been used, then the next 50 values (50-99 or 51-100) will get allocated and reserved. The sequence remembers the current position, so that it doesn't give out the same range twice if it is used by multiple classes.
For the value of the allocationSize you can keep the default, but this may produce gaps in the IDs. If a sequence range (e.g. 0-49) gets allocated (reserved) and only one or some of the values are used (e.g. 0, 1 and 2) the other values of this range (3-49) will get "lost" on server restart. The next time a range of values is allocated it will be 50-99, so the next ID in your table will be 50.
Now you have the following IDs in your table: 0,1,2,50. Normally this shouldn't be a problem, but you can also set the allocationSize to a lower value or to 1 to avoid creating such gaps.
See also:
what is the use of annotations #Id and #GeneratedValue(strategy = GenerationType.IDENTITY)? Why the generationtype is identity?
what is sequence (Database) ? When we need it?
The differences between GeneratedValue strategies
I'm using Spring-data to map pojos to mongo json documents.
The mongo Object Id reference says "If your document has a natural primary key that is immutable we recommend you use that in _id instead of the automatically generated ids." My question is, if my document has a natural primary key but it is some combination of the object's attributes, should I combine them to create the natural primary key?
Assume that neither of the values can ever change, and when concatenated together the result is guaranteed to be unique. Note that whatever type you declare for id, Spring converts it to an ObjectId (unless they don't have a converter for that type, then they convert it to a String).
Here is an example:
#Document
public Class HomeworkAssignment {
#Id
private String id;
private final String yyyymmdd;
private final String uniqueStudentName;
private double homeworkGrade;
public HomeworkAssignment(String yyyymmdd, String uniqueStudentName) {
this.yyyymmdd = yyyymmdd;
this.uniqueStudentName = uniqueStudentName;
// can either set the 'id' here, or let Spring give me an artificial one.
}
// setter provided for the homeworkGrade
}
There is guaranteed to be no more than one homework assignment per student per day. Both yyyymmdd and uniqueStudentName are given to me as Strings.
For example, "20120601bobsmith" uniquely identifies Bob Smith's homework on June 1, 2012. (If there is more than one Bob Smith, it is already handled in the uniqueName I'm given).
Assume that I want to follow the mongo reference advice and use a natural primary key if there is one. There is one, but it is a combination of 2 fields. Is this a case where I should combine them like so?
this.id = yyyymmdd + uniqueStudentName.toLowerCase();
It is certainly reasonable to use a combination of attributes as a primary key. However, rather than concatenating them, it is probably more logically intuitive to place them into a subdocument with two fields (uniqueStudentName and yyyymmdd) that is used as the _id.
Take a look at this question, which involves using a compound primary key:
MongoDB Composite Key