Authenticity is the assurance that a message, transaction, or other exchange of information is from the source it claims to be from. Authenticity involves proof of identity.
For ensuring message authenticity, RSA algorithm is used. The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world. It can be used to encrypt a message without the need to exchange a secret key separately. Its security is based on the difficulty of factoring large integers.
The RSA algorithm can be used for both public key encryption and digital signatures:
- Public-key encryption: Party A can send an encrypted message to party B without any prior exchange of secret keys. A just uses B's public key to encrypt the message and B decrypts it using the private key, which is only known by the receiver.
- Digital signatures: RSA can also be used to sign a message, so A can sign a message using their private key and B can verify it using A's public key.
- 1.Choose two different prime numbers p and q. For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length.
- 2.Compute n = p·q. The resulting n is used as the modulus for both public and private keys. Its length, usually expressed in bits, is the key length.
- 3.Compute φ(n) = (p-1)(q-1).
- 4.Choose a public exponent 'e' such that 1 < e < φ(n), which is coprime to φ(n). The number e is released as the public key exponent.
- 5.Compute a private exponent 'd' that satisfies the congruence ed ≡ 1 (mod φ(n)). The number d is kept as the private key exponent.
- 6.The public key consists of the modulus n and the public exponent e. The private key consists of the modulus n and the private exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d.
The best size for a modulus depends on one's security needs. The larger the modulus, the greater the security, but also the slower the RSA algorithm operations. One should choose a modulus length upon consideration, first, of the value of the protected data and how long it needs to be protected, and, second, of how powerful one's potential threats might be. Typical bit lengths are 1024, 2048, 3072, 4096, etc.
This is the process of transforming a plaintext message into ciphertext, or vice-versa. The RSA function, for message 'm' and key 'k' is evaluated as follows:
FORMULA - CAPTURA?
There are obviously two cases:
- RSA Encryption scheme: Encrypting with the public key, and then decrypting with the private key
- Encryption rule:
- Decryption rule:
- Where 'm' is the message, 'e' is the public exponent, 'd' is the private exponent and 'c' is the ciphertext.
- RSA Signature scheme: Encrypting with the private key, and then decrypting with the public key.
- Encryption rule:
- Decryption rule:
- Where 'm' is the message, 'e' is the public exponent, 'd' is the private exponent and 's' is the signature.
RSA is slower than certain other symmetric cryptosystems. RSA is, in fact, commonly used to securely transmit the keys for another less secure, but faster algorithm.
WaspRSA.h is the header file of the class, and WaspRSA.cpp is the class where the functions and variables are implemented.
It is mandatory to include the RSA library when using it. The following line must be introduced at the beginning of the code:
To start using Waspmote RSA library, an object from class ‘WaspRSA’ must be created. This object, called ‘RSA’, is created inside the Waspmote RSA library and it is public to all libraries. It is used through the guide to show how the Waspmote RSA library works.
When creating this constructor, no variables are initialized by default.
There are some constants defined in ‘WaspRSA .h’ related with the different encryption and padding modes that can be used to encrypt messages.
RSA.encrypt()encrypts an original message to an encrypted message using the public exponent 'e' and the modulus 'n'. Receiver can decrypt the message using the private key.
Note: The maximum input size message must be smaller than the modulus.
Example of use: