table of contents
RSA_SECURITY_BITS(3) | Library Functions Manual | RSA_SECURITY_BITS(3) |
NAME¶
RSA_security_bits
,
DSA_security_bits
,
DH_security_bits
,
BN_security_bits
— get
security strength
SYNOPSIS¶
#include
<openssl/rsa.h>
int
RSA_security_bits
(const
RSA *rsa);
#include
<openssl/dsa.h>
int
DSA_security_bits
(const
DSA *dsa);
#include
<openssl/dh.h>
int
DH_security_bits
(const
DH *dh);
#include
<openssl/bn.h>
int
BN_security_bits
(int pubbits,
int privbits);
DESCRIPTION¶
These functions return the security strength of some specific types of cryptographic keys, measured in bits. It is approximately the binary logarithm of the number of operations an attacker has to perform in order to break the key.
RSA_security_bits
()
uses only the number of significant bits in the public modulus of
rsa as returned by RSA_bits(3). It
returns
256 | for | 15360 | or more significant bits |
192 | 7680 | ||
128 | 3072 | ||
112 | 2048 | ||
80 | 1024 |
or 0 otherwise.
DSA_security_bits
()
uses the number of significant bits in the public domain parameter
p contained in the dsa object,
which is equal to the size of the public key, in the same way as
RSA_security_bits
(). In addition, the public domain
parameter q contained in the dsa
object, which is equal to the size of the private key, is inspected. The
return value is either the security strength according to the above table or
half the size of the private key, whichever is smaller. If the return value
would be smaller than 80, 0 is returned instead.
DH_security_bits
()
uses the number of significant bits in the shared secret contained in the
dh object as returned by DH_bits(3)
in the same way as RSA_security_bits
(). If
dh contains the domain parameter
q, its number of significant bits is used in the same
way as for DSA_security_bits
() to limit the return
value. Otherwise, if dh contains the length of the
secret exponent in bits, that number is used. If neither is available, only
the above table is used without calculating a minimum.
BN_security_bits
()
is a combined function. If -1 is passed for the
privbits argument, it behaves like
RSA_security_bits
(). Otherwise, it behaves like
DSA_security_bits
().
RETURN VALUES¶
All these functions return numbers in the range from 0 to 256 inclusive.
DSA_security_bits
() fails and returns -1
unless both of the p and q
domain parameters are present.
SEE ALSO¶
BN_num_bits(3), DH_bits(3), DH_get0_pqg(3), DSA_get0_pqg(3), RSA_bits(3), SSL_CTX_set_security_level(3)
Elaine Barker, Recommendation for Key Management, U.S. National Institute of Standards and Technology, NIST Special Publication 800-57 Part 1 Revision 5, https://doi.org/10.6028/NIST.SP.800-57pt1r5, Gaithersburg, MD, May 2020.
HISTORY¶
These functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.2.
July 13, 2022 | Linux 6.4.0-150600.23.30-default |