Login/Register
How to generate RSA key using sha512 for JWT?
Asked Answered
Solved jsonrsajwtsha512
R

1

6

I understand that RSA keys can be generated using different sha algorithms. Using openssl, I don't seem to have the option of specifying what algorithm the key generator should use. I suspect it's using sha256.

How can I generate RSA keys using different sha algorithms (such as sha512) in either a bash shell or in Ruby? Does the openssl library support generating RSA keys using different algorithms? If not, does anyone know of another library I can use? (In ruby, OpenSSL::PKey::RSA doesn't seem to allow for choosing an algorithm, but the documentation is hard for me to follow soo...?)

Apologies if this question has already been answered, but I haven't been able to find an answer.

Maybe I should also note (in case I am wrong): it is my understanding that choosing a size for the generated RSA key (i.e. RSA 2048) is separate from choosing the hashing algorithm (i.e. sha512).

UPDATE - Some background

I want to sign Java Web Tokens with an RSA key. The JWT library I'm using gives me the impression that RSA keys can be generated using different hashing algorithms (RS256, RS384, RS512). Generating a key using openssl doesn't seem to let me choose what hashing algorithm is used though.

Thanks!!

Riggs answered 3/6, 2017 at 20:25 Comment(7)
I'm not sure what you mean by "generating RSA keys with a sha algorithm". RSA keys are generated using carefully designed cryptographic random number generators. Under the hood these may make use of cryptographic hash functions like sha512 as one piece of the algorithm, but you would typically treat these as a black box for the purpose of key generation.Candide
@JamesKPolk - I'm guessing (and its just a guess) that its either: (1) the underlying PRNG (like Java using SHA1 for SecureRandom); or (2) the signing algorithm associated with a digital signature (like used in a certificate). In either case I think we need more information or clarification.Alli
@Riggs - RSA keys are generated with random bits by choosing p, q, selecting e and then solving for d. There are some other constraints, like ensuring p and q are prime, and e is relatively prime or coprime to ϕ(n). Hashes are not used at this stage in the process.Alli
@jww, do you have any idea why the JWT library github.com/jwt/ruby-jwt would ask me to specify what hash algorithm was used to generate the RSA key? It sounds like you're saying every RSA key generation library (such as openssl) only allows you to select the number of bits in the key, not the algorithm used. Thanks!Riggs
(Navigating to github.com/jwt/ruby-jwt and scrolling down to the "RSA" section should show you what I'm referring to)Riggs
@Riggs - When the sections states "RS256 - RSA using SHA-256 hash algorithm", the RSA key is already generated. SHA and other hashes are used in the signing process; not the RSA key generation process.Alli
@Alli Ohhhh!!!! Thanks!! That distinction was lost on me. If you add that as an answer I'll mark it as correct. Thanks so much for your time jww & JamesKPolkRiggs
E
9

RSA keys, and "the RSA algorithm" don't have any notion of a hash algorithm.

An RSA key is just two prime numbers and one other number (from the (p, q, e) triplet all the other values can be derived). e is usually chosen as 0x010001 (though other reasonable values exist) and p and q are generated randomly (while almost any CSPRNG is going to have a backing hash algorithm the CSPRNG itself is usually considered a black box that just emits randomness).

Where a hash algorithm comes into play is in RSA Signatures.

For an RSA Signature the original data is hashed under an algorithm and then the hash value, algorithm identifier, and private key are used to produce a signature (for PKCS v1.5 signatures... for PSS there's also a second (effectively fixed) identifier and some more random bytes).

RS256 is the JWA (JSON Web Algorithms) identifier for "RSASSA-PKCS1-v1_5 using SHA(-2)-256".

JWA section 3.3 says

This section defines the use of the RSASSA-PKCS1-v1_5 digital signature algorithm as defined in Section 8.2 of RFC 3447 [RFC3447] (commonly known as PKCS #1), using SHA-2 [SHS] hash functions.

A key of size 2048 bits or larger MUST be used with these algorithms.

The RSASSA-PKCS1-v1_5 SHA-256 digital signature is generated as follows: generate a digital signature of the JWS Signing Input using RSASSA-PKCS1-v1_5-SIGN and the SHA-256 hash function with the desired private key. This is the JWS Signature value.

(emphasis mine)

So no requirement is made on the RSA key, other than that the spec was written in 2015 so they mandated a 2015-compatible minimum keysize.

Elayneelazaro answered 5/6, 2017 at 14:42 Comment(1)
Thanks for the detailed response!! @Alli ended up answering my question in a comment (above) yesterday, but this is a much more detailed answer. The distinction between RSA generation and RSA signing was (previously) being lost on me.Riggs

© 2022 - 2024 — McMap. All rights reserved.