使用BigInteger probablePrime函数进行RSA加密是否安全？

Question

I have written a code that is able to generate 2048 bit prime p & q's and use that to encrypt messages in RSA. The way I generate these numbers is by using the java.math.BigInteger package's probablePrime() function. My question is how strong of an encryption these function generated prime numbers are in terms of encryption.

Here is my code for generating these numbers, isPrime is just a boolean function I wrote to check if the number is prime.

BigInteger definitePrime(int bits, Random rnd) {
  BigInteger prime = new BigInteger("4");
  while (!isPrime (prime)) {
    prime = BigInteger.probablePrime(bits, rnd);
  }
  return prime;
}

Answer 1

As Stephen C points out in his answer , the primes are probably ok for RSA encryption.

Cryptographic randomness

I would add, that you shouldn't actually use any Random instance, but only your systems best SecureRandom implementation.

new Random() is not a cryptographic randomness source, whereas new SecureRandom() should be. If the random numbers that are used for prime generation are not cryptographically secure, then an attacker may have a chance to simply recreate those based on other information (such as time or previous outputs of the weak randomness source).

No Textbook RSA

You're doing "everything" yourself and it seems that you actually want to use this for serious encryption. If you are, you're missing something crucial and that is the padding scheme.

It is easy to use the BigInteger methods to implement RSA so that it works, but it's not enough to make it secure. You need to use a padding scheme like PKCS#1 v1.5 (not recommended anymore) or PKCS#1 v2 OAEP (recommended).

Use existing implementations

Instead of implementing those padding schemes for your "handmade" RSA, use Java's Cipher instance which provides RSA with those padding schemes:

• RSA/ECB/PKCS1Padding
• RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Answer 2

The javadoc for BigInteger.probablePrime() says:

Returns a positive BigInteger that is probably prime, with the specified bitLength. The probability that a BigInteger returned by this method is composite does not exceed 2 ^-100 .

2 ^-100 means one chance in 1,267,650,600,228,229,401,496,703,205,376; ie 1 chance in ~1.267 * 10 ³⁰

Since you are trying to generating 2 primes, that means that you have 2 chances in roughly 10 ³⁰ of generating a weak RSA key pair.

I'd have thought that that was good enough, but if you don't think so then you could use BigInteger.isProbablePrime(certainty) to test your prime candidates to an even higher level of certainty.

---

My question is how strong of an encryption these function generated prime numbers are in terms of encryption.

I don't know if there is a mathematically rigorous way to quantify the strength of an encryption algorithm. But the above analysis tells you the probability that a given generated key-pair will be weak / easy to crack.

Answer 3

The generated primes are not secure if you use something like java.util.Random instead of an instance of SecureRandom. Your code snippet does not tell us what you are using, hence it is not possible to validate your code. Of course, you probably should just use JCE to generate new RSA keys.