It is essentially the same as the patch I implemented, I have attached an attempt to prove (the best I can do quickly) that this check is sufficient to guarantee that GCD(e, (p-1)(q-1))=1. It did not seem immediately intuitive to me so I tried to prove it.<div>
<br></div><div>Thanks!</div><div>Anthony Honstain<br><br><div class="gmail_quote">On Sun, Nov 1, 2009 at 5:04 PM, Dwayne C. Litzenberger <span dir="ltr"><<a href="mailto:dlitz@dlitz.net">dlitz@dlitz.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Mon, Aug 03, 2009 at 09:41:50PM -0400, Dwayne C. Litzenberger wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Wed, May 27, 2009 at 09:50:07PM -0700, Anthony Honstain wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In the generate_py function of lib/Crypto/PublicKey/_RSA.py , it would<br>
appear to be possible that the the primes p and q can be generated such that<br>
the GCD( 65537, (p-1)(q-1)) != 1 which would result in a unusable key. If<br>
anyone can clarify this it would be greatly appreciated.<br>
</blockquote>
<br>
I haven't looked into this claim yet, but I've filed a bug report:<br>
<br>
<a href="https://bugs.launchpad.net/pycrypto/+bug/408660" target="_blank">https://bugs.launchpad.net/pycrypto/+bug/408660</a><br>
</blockquote>
<br></div>
Lorenz Quack has posted a patch that he says will solve this problem. It checks that e does not divide p-1 or q-1.<br>
<br>
That should fix this bug, right?<div class="im"><br>
<br>
-- <br>
Dwayne C. Litzenberger <<a href="mailto:dlitz@dlitz.net" target="_blank">dlitz@dlitz.net</a>><br>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7<br></div><div><div></div><div class="h5">
Annual key (2009) - C805 1746 397B 0202 2758 2821 58E0 894B 81D2 582E<br>
</div></div></blockquote></div><br></div>