Background

The RSA procedure^[1] developed in 1977 is an asymmetric crypto procedure, which is still used widely today - both for encrypting messages and for creating digital signatures. The procedure was named after its developers R. Rivest, A. Shamir and L. Adleman.

This plugin is a web application that runs purely locally in the browser. It helps with three different approaches to understand the RSA procedure.

Note: More detailed than here in the second tab, RSA and its formulas are explained in the plugin RSA (step-by-step).

About the plugin

The plugin provides access to RSA in three types which complement each other and are each represented in a separate sub tab:

• RSA visual shows graphically how the (numerical) values of plaintext and secret text are assigned to each other and prepares the input of the RSA parameters didactically.
• RSA didactic shows the RSA algorithm in its pure form (the so-called textbook RSA) with key generation and encryption/decryption.
• RSA real use: In addition to the two didactic tabs, the third tab shows how RSA is used in practice with OpenSSL (to create web server keys, to protect and store them, to pass on certificates, and to use padding when encrypting).

RSA visual

This tab consists of an upper and a lower part. In the upper part you can enter the RSA parameters p and q and have the key parameters e, d, n generated or enter them as well. A valid input for the prime numbers will activate the inputs of the two parameters φ(n) (or lcm) and n. If these are also valid, the last elements e and d will be activated. Except for the prime numbers, it is possible to have the fields filled automatically for the remaining parameters. This is done by pressing the pencil icon to the right of the input. The parameter pair (e,n) is called the public RSA key, the parameter pair (d,n) is called the private RSA key.

The "Generate another set of parameters" button also allows you to regenerate all parameters. For didactic reasons, small prime numbers are used in the left tab. A typical (p,q) pair is (5,11). This results in phi(n)=40 and n=55; and for (e,d) then e.g. (3,27), (7,23), (13,37), ...

In the lower part you can visualize the RSA procedure with a correct pair of keys. If a valid key is created, it is automatically accepted for the visualizations. It should be noted that the key parameter n in the visualization must be less than or equal to 200. For higher values of n, the clarity of the visualizations would be lost. If an attempt is made to accept a value for n greater than 200, a warning is issued.

There are two types of visualization: The RSA procedure can be represented in a two-line assignment or in a circle assignment. You can choose between encryption and decryption. The two-line assignment presentation clearly shows that RSA also has fixed points; the circle assignment representation better reflects the module calculation in a finite body.

The graph and views of the arithmetic steps to the right are displayed dynamically and synchronously. Here you have the possibility to start the visualization with the help of the buttons below the graphic, to go one step back or forward, and to reset the entire visualization. You can also set the speed of an automatic execution.

RSA didactic

Here in the second tab, the RSA algorithm is implemented in pure form (textbook RSA) for teaching and learning purposes (what is added in reality can then be tried out in the third tab "RSA real use"). Nevertheless, even VERY large numbers can be used here (as in real RSA applications).

An alternative representation of the RSA algorithm can be found in CrypTool-Online in the plugin RSA (step-by-step).

The main tab "RSA didactic" has three sub tabs: "Key generation", "Encryption", and "Keys".

In the sub tab Key generation the RSA key pair is generated. The parameters for this can be entered manually or can be generated. You can specify the range in which the prime numbers p and q should lie.

In the sub tab Key the internal key memory is displayed. It can contain several keys for different names. With the icons in the selected line you can download or delete the respective key. Alternatively, you can tick several keys and download them at once using the "Export selected keys" buttons or delete them at once using "Delete selected keys". In addition, you can upload keys to the keystore using the "Import" button. This way students can exchange public keys with each other in class.

The key files must be structured as follows to be imported correctly:

[
  {
    "name": "Alice",
    "keytype": "public",
    "keys": {
      "e": "65537",
      "n": "49163"
    }
  }
]

In the sub tab Encryption, several options are available for encryption and decryption: Among others, one can choose between ASCII-256 coding and a self-defined alphabet. With the self-defined alphabet, care is taken that no double characters occur. If characters are entered twice, these characters are removed from the alphabet and then displayed in an information box.

In addition, you can specify which separator should be used to mark where a block ends. The default character is comma (','). Alternatively, you can select one of the two characters space (' ') or hash ('#').

The parameters d, e, n for encryption and decryption can only come from a key that was either previously generated (in the Key generation sub-tab) or uploaded as a file. Note: For encryption it is sufficient to have only one public key.

Then select the method for converting the letters (string to integer). As a default method b-adic is selected. Another method is the base system (which can also be written as concatenation). Depending on the bit length of the RSA module n and the alphabet length, the maximum block length (number of letters that are combined into a total number) is determined. This upper limit ensures that the numerical value of a block is always less than n. A selection can then be made between the possible block lengths if the maximum block length is greater than 1.

If the alphabet itself has been specified and the selected block length k is bigger than 1, then after the letters have been converted into numbers, k of these individual numbers are combined into a total number. Two variants are implemented for the conversion: b-adic (where b is the number of letters in the alphabet) and the base system.

In the following example the alphabet has 27 characters and the characters have the numerical values from 0 to 26 (<Blank> = 0, A = 1, ..., Z = 26). The message ATTACK AT DAWN, divided into blocks of length 2, results in: AT # TA # CK # <Blank>A # T <Blank> # DA # WN .
The conversion of the single letters into numbers results in:
01 20 # 20 01 # 03 00 # 01 20 # 00 04 # 01 23 # 14 00
(When converting plain text to numbers, the numbers are written with leading zeros so that they always have the same length).

How to generate a total number from the individual numbers of a block, which can then be used for calculation, is determined by the conversion methods b-adic or base system:

• Example b-adic: Conversion of the single numbers of the according to the b-adic formula (each new block in the example consists of two letters). The bases b is the alphabet length (here 27). The whole results in a place value system, where the letters are indexed from the right starting at 0:
  
  <letter1> * b¹ + <letter0> * b⁰
  ⇔ A * b¹ + T * b⁰
  ⇔ A * 27¹ + T * 27⁰
  ⇔ 1 * 27¹ + 20 * 27⁰
  ⇔ 27 + 20
  ⇔ 47
  
  
• Example base system (10^l-system) ("Concatenation"): Conversion of the single numbers according to the base system method (choose l so that applies: 10^l >= alphabet length). If the alphabet length is 27, it must be l=2, since 10² = 100 > 27. We now refer to the value b = 10^l = 100 as the base.
  
  <letter1> * 100¹ + <letter0> * 100⁰   provides the encoding
  ⇔ A * b¹ + T * b⁰
  ⇔ A * 100¹ + T * 100⁰
  ⇔ 1 * 100¹ + 20 * 100⁰
  ⇔ 100 + 20
  ⇔ 120
  
  

  Analogously for all single numbers we calculate the following total numbers of the plaintext: 0120 # 2001 # 0311 # 0001 # 2000 # 0401 # 2314

  This type of conversion is not optimal, since it generates totals that are no longer as small as possible.

  Instead of the calculation you can also simply concatenate the single numbers, because the single numbers are built up according to the 10s system. If the number of decimal places in the concatenation is smaller than the length l (here l=2), you must prefix the single number with a leading zero. If for example l>=3, it is possible that you even have to prefix 2 leading zeros: A=1 becomes 001, B=2 becomes 002, etc. The leading zeros are only necessary if you concatenate the single numbers without base system conversion. If you calculate with the base system, you do not need to write leading zeros.

The number system (decimal, octal, binary, and hexadecimal) has no influence on the block length and on the conversion into numerical values, but is only used for the representation/encoding of the numbers. However, the length of the ciphertext changes if you change the number system.

RSA real-use

In this tab you can use the RSA process with OpenSSL as in practice to generate and manage keys or to encrypt and decrypt texts/files. In contrast to the tab "RSA didactic" the input is padded before the encryption and the hybrid encryption is used: With RSA you encrypt only the randomly generated session key; the actual data is encrypted with a symmetric method such as AES, and the session key serves as the symmetric key.

The basis for this is provided by the open source software OpenSSL^[2].

The main tab "RSA real-use" has four sub tabs: "RSA key generation", "Encryption", "Create config files", and "Files".

Sub tab RSA key generation

In the first sub tab you can use the GUI and OpenSSL to generate either RSA key pairs or X.509 certificates. This tab implements the commands genrsa, rsa, and req from OpenSSL. To generate an RSA key the command genrsa is used. The command rsa can be used to display information about the RSA key, for example. The command req is used to generate certificates. If a private key has been generated, you can have the corresponding public key generated as a separate file.

The following options^[3] are available in the GUI:

Sub tab Encryption

Here you can encrypt and decrypt texts or files using the GUI and OpenSSL. Files can be selected from the internal memory (note, this is not the same memory that is used for the keys in the "RSA didactic" tab). The OpenSSL command pkeyutl is used for this purpose.

The following options^[3] are available in the GUI for this command:

Sub tab Create config files

Unfortunately, terminal commands that query user inputs do not currently work with WebAssembly as they do on the normal bash shell. Therefore the creation of X.509 certificates is done with config files. You can upload these config files or create them yourself in this tab.

Sub tab Files

An internal file store is used for the spanned use of files in the "RSA real use" tab. This contains all the files that were created or uploaded using OpenSSL (i.e. config files for key generation, pem files with the keys for use in encryption, or the data files that are to be encrypted). For each file it is checked whether it is an RSA key or an X.509v3 certificate. OpenSSL is executed in the background. If it is an RSA key, a third button with an "i" is displayed in the corresponding line: If you click on it, information about the RSA key is displayed in the terminal window.

Used technologies

For RSA visual

The JSXGraph^[4] library was used for the visualizations. JSXGraph is a free, cross-browser JavaScript library for interactive geometry, function plotting, diagrams, and data visualization in the web browser.

For RSA didactic

To deal with VERY large numbers, this sub tab uses the long-number arithmetic library BigInteger.js ^[5].

For RSA real-use

The basis of this sub tab is the open source software OpenSSL^[2]. This widely used toolkit is primarily used to ensure secure data transmission on the web by implementing the SSL/TLS encryption protocols (it is estimated that 50% of all web servers worldwide use OpenSSL). In addition, OpenSSL includes a command line program that can be used as a cryptographic tool for:

• Encryption and decryption
• Calculation of hash values
• Generation of random numbers
• Generation of cryptographic keys
• Digital certificate creation and management
• SSL/TLS client and server testing

OpenSSL was integrated here using WebAssembly. This makes it possible to execute OpenSSL commands purely locally in the browser. The current stable release of OpenSSL (version 3.0) is used in this plugin. The plugins in CrypTool-Online released at the end of September 2021 were the first WebAssembly ports of OpenSSL 3.0 at all.

In the CrypTool-Online plugin OpenSSL more features of OpenSSL 3.0 are offered in the GUI.

Referenzen