RSA - Rivest–Shamir–Adleman
What is RSA?
RSA stands for Rivest–Shamir–Adleman, the surnames of its inventors. It is an asymmetric encryption algorithm that uses a pair of keys: a public key for encryption and a private key for decryption. RSA is widely used for secure data transmission, digital signatures, and key exchange.
Why is RSA useful?
Enables secure communication over untrusted networks
No need to share a secret key in advance
Supports digital signatures for authenticity and data integrity
Common in hybrid encryption—RSA secures symmetric keys (e.g., AES)
Critical for internet security protocols (SSL/TLS, HTTPS)
How it works
Key generation – Two large prime numbers are selected to generate public/private key pairs
Encryption – The sender encrypts data using the recipient’s public key
Transmission/Storage – The encrypted data (ciphertext) is securely transferred or stored
Decryption – The receiver uses their private key to decrypt the ciphertext into plaintext
Where is RSA used?
SSL/TLS (HTTPS) – Secures web traffic and certificate-based authentication
Email encryption – Used in PGP, S/MIME
Digital signatures – Validates authenticity of documents, messages, and software
VPNs and tunnels – For secure key exchange
Cryptocurrencies – Used in wallets and signing blockchain transactions
Which OSI layer does this protocol belong to?
RSA operates at the Presentation Layer (Layer 6)
Handles encryption, decryption, and digital signature functions
Ensures secure formatting and representation of data before it reaches the application layer
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
RSA Version |
RSA Number |
Year |
Core Idea / Contribution |
|---|---|---|---|
PKCS #1 v1.5 |
RFC 2313 |
1998 |
First formal specification of RSA encryption and signature schemes using PKCS #1. |
PKCS #1 v2.0 |
RFC 2437 |
1998 |
Introduced new padding schemes (OAEP for encryption, PSS for signatures). |
PKCS #1 v2.1 |
RFC 3447 |
2002 |
Updated recommendations for RSA encryption and signature schemes. |
PKCS #1 v2.2 |
RFC 8017 |
2016 |
Latest version; includes updated cryptographic primitives, ASN.1 syntax, and obsoletes RFC 3447 |
Setup
Setup
RSA Key Generation Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
RSA Key Generation Packet |
Used to generate a public-private key pair. |
~512 |
Prime Number p |
A large randomly chosen prime number. |
Variable (e.g., 128256) |
|
Prime Number q |
Another large prime number, distinct from p. |
Variable (e.g., 128256) |
|
Modulus (n = p q) |
Used in both public and private keys. |
Depends on key size (e.g., 256 for 2048-bit RSA) |
|
Public Exponent (e) |
Typically a small value like 65537. |
34 |
|
Private Exponent (d) |
Computed using modular inverse of e mod (n). |
Same as modulus (e.g., 256) |
RSA Encryption Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
RSA Encryption Packet |
Used to encrypt a message using the recipients public key. |
~256512 Bytes |
Plaintext Message |
The original data to be encrypted. |
Variable |
|
Public Key (n, e) |
Used to encrypt the message. |
~256 (2048-bit) |
|
Ciphertext |
Encrypted message output. |
Same as modulus (e.g., 256 bytes for 2048-bit key) |
RSA Decryption Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
3 |
RSA Decryption Packet |
Used to decrypt a message using the private key. |
~256512 Bytes |
Ciphertext |
The encrypted message received. |
Same as modulus |
|
Private Key (n, d) |
Used to decrypt the ciphertext. |
~256 (2048-bit) |
|
Plaintext Message |
The original message recovered after decryption. |
Variable |
S.no |
Use Case |
Description |
|---|---|---|
1 |
Secure Web Communication (HTTPS) |
RSA is used in SSL/TLS to securely exchange encryption keys between browsers and servers. |
2 |
Digital Signatures |
RSA is used to sign documents and messages, ensuring authenticity and integrity. |
3 |
Email Encryption |
Used in protocols like PGP and S/MIME to encrypt and sign emails. |
4 |
Software Distribution |
RSA verifies the authenticity of software updates and packages via digital signatures. |
5 |
Cryptocurrency Wallets |
RSA is used to sign transactions and protect private keys in some blockchain systems. |
6 |
VPNs and IPsec |
RSA is used for secure key exchange and authentication in VPN protocols. |
7 |
Authentication Systems |
RSA is used in smart cards, tokens, and secure login systems for identity verification. |
8 |
Secure Shell (SSH) |
RSA keys are used for secure remote login and command execution. |
9 |
Cloud Security |
RSA is used to protect data and manage keys in cloud-based services. |
10 |
IoT Device Security |
RSA helps in secure boot, firmware validation, and encrypted communication in IoT devices. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Asymmetric Key Algorithm |
Uses a pair of keys: a public key for encryption and a private key for decryption. |
2 |
Key Pair Generation |
Involves generating two large prime numbers and computing modulus and exponents. |
3 |
Public Key Distribution |
Public key can be shared openly, enabling secure communication without prior key exchange. |
4 |
Digital Signatures |
Supports signing data to ensure authenticity and integrity. |
5 |
Encryption & Decryption |
Encrypts data with the public key and decrypts with the private key (or vice versa for signatures). |
6 |
Key Sizes |
Common key sizes are 1024, 2048, and 4096 bits; larger keys offer stronger security. |
7 |
Slower than Symmetric Ciphers |
Computationally intensive, often used to encrypt symmetric keys rather than large data. |
8 |
Widely Used in Protocols |
Integral to SSL/TLS, SSH, PGP, and other secure communication protocols. |
9 |
Standardized |
Defined in standards like PKCS #1 and RFC 8017. |
Asymmetric Key Algorithm - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Generate key pair |
Create public/private keys |
Keys generated successfully |
2 |
Encrypt with public key |
Use public key |
Ciphertext generated |
3 |
Decrypt with private key |
Use matching private key |
Plaintext recovered |
4 |
Encrypt with private key |
For digital signature |
Signature generated |
5 |
Decrypt with public key |
Verify signature |
Signature verified |
6 |
Use mismatched key pair |
Wrong private key |
Decryption fails |
7 |
Use expired key |
Key past validity |
Operation fails or flagged |
8 |
Use revoked key |
Key is revoked |
Operation blocked |
9 |
Use corrupted key |
Key file altered |
Operation fails |
10 |
Use key with wrong format |
PEM vs DER |
Error or rejection |
11 |
Use RSA 2048-bit key |
Standard key size |
Secure encryption |
12 |
Use RSA 4096-bit key |
Stronger key |
Slower but secure |
13 |
Use ECC key |
Elliptic Curve key |
Efficient and secure |
14 |
Use ElGamal key |
Alternative algorithm |
Encryption succeeds |
15 |
Use OpenSSL to generate key |
CLI tool |
Key pair created |
16 |
Use GPG to generate key |
GnuPG tool |
Key pair created |
17 |
Use key for TLS |
Secure web connection |
Handshake succeeds |
18 |
Use key for SSH |
Secure shell login |
Authentication succeeds |
19 |
Use key for email encryption |
PGP or S/MIME |
Message encrypted |
20 |
Use key for file encryption |
Encrypt file with public key |
File secured |
21 |
Use key for digital signature |
Sign document |
Signature created |
22 |
Use key for signature verification |
Verify with public key |
Signature valid |
23 |
Use key in JWT |
Sign/verify token |
Token validated |
24 |
Use key in blockchain |
Sign transaction |
Transaction accepted |
25 |
Use key in smart contract |
Authenticate user |
Access granted |
26 |
Use key in secure messaging |
End-to-end encryption |
Message secured |
27 |
Use key in VPN |
Authenticate client |
Connection secured |
28 |
Use key in IoT device |
Secure communication |
Data encrypted |
29 |
Use key in mobile app |
Secure API calls |
Data protected |
30 |
Use key in cloud storage |
Encrypt/decrypt files |
Secure access |
31 |
Use key in password manager |
Encrypt vault |
Vault secured |
32 |
Use key in secure boot |
Verify firmware |
Boot verified |
33 |
Use key in code signing |
Sign software |
Integrity verified |
34 |
Use key in certificate |
Issue X.509 cert |
Certificate valid |
35 |
Use key with CA |
Certificate Authority |
Key trusted |
36 |
Use key with CSR |
Generate certificate request |
CSR created |
37 |
Use key with HSM |
Hardware Security Module |
Key protected |
38 |
Use key with TPM |
Trusted Platform Module |
Key secured |
39 |
Use key with secure enclave |
Isolated execution |
Key protected |
40 |
Use key with access control |
Role-based usage |
Unauthorized blocked |
41 |
Use key with audit logging |
Log key usage |
Logs generated |
42 |
Use key with SIEM |
Monitor key events |
Alerts visible |
43 |
Use key with compliance policy |
Enforce crypto standards |
Policy enforced |
44 |
Use key with key rotation |
Periodic replacement |
Security maintained |
45 |
Use key with key backup |
Recover from loss |
Key restored |
46 |
Use key with key escrow |
Third-party recovery |
Key accessible |
47 |
Use key with key derivation |
Derive from master |
Key generated |
48 |
Use key with hybrid encryption |
Combine with symmetric key |
Secure and efficient |
49 |
Use key with quantum resistance |
Post-quantum algorithm |
Future-proof |
50 |
Use key in penetration test |
Ethical hacking |
Key tested for strength |
Key Pair Generation - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create RSA key pair |
Generate public and private keys |
Keys created successfully |
2 |
Use strong key size |
Generate 2048-bit keys |
Secure keys generated |
3 |
Use very strong key size |
Generate 4096-bit keys |
Keys generated, slower |
4 |
Use weak key size |
Generate 512-bit keys |
Keys generated, not secure |
5 |
Generate keys with software tool |
Use OpenSSL or similar |
Keys generated |
6 |
Generate keys with hardware |
Use HSM or TPM |
Keys securely generated |
7 |
Save keys to file |
Export keys |
Files created |
8 |
Load keys from file |
Import keys |
Keys loaded successfully |
9 |
Use random values |
Generate unpredictable keys |
Keys are unique |
10 |
Use same values again |
Try to regenerate same keys |
Different keys generated |
11 |
Use secure random generator |
Use cryptographic randomness |
Keys are secure |
12 |
Use weak random generator |
Use predictable values |
Keys are insecure |
13 |
Use default settings |
Generate keys with defaults |
Keys generated |
14 |
Use custom settings |
Choose key size and format |
Keys generated as specified |
15 |
Use key for encryption |
Encrypt message |
Message encrypted |
16 |
Use key for decryption |
Decrypt message |
Message decrypted |
17 |
Use key for signing |
Sign a document |
Signature created |
18 |
Use key for verification |
Verify signature |
Signature valid |
19 |
Use key in browser |
Use WebCrypto API |
Keys generated in browser |
20 |
Use key in mobile app |
Generate keys on device |
Keys generated securely |
21 |
Use key in cloud |
Generate keys in cloud service |
Keys generated |
22 |
Use key in IoT device |
Generate keys on small device |
Keys generated |
23 |
Use key in secure email |
Encrypt email |
Email secured |
24 |
Use key in secure chat |
Encrypt messages |
Messages secured |
25 |
Use key in VPN |
Secure connection |
Keys used for handshake |
26 |
Use key in website |
Secure HTTPS |
Certificate created |
27 |
Use key in SSH |
Secure remote login |
Authentication works |
28 |
Use key in blockchain |
Sign transaction |
Transaction accepted |
29 |
Use key in digital ID |
Secure identity |
ID verified |
30 |
Use key in certificate |
Create digital certificate |
Certificate valid |
31 |
Use key in CSR |
Create certificate request |
CSR generated |
32 |
Use key with access control |
Restrict who can use it |
Access enforced |
33 |
Use key with audit logging |
Track key usage |
Logs created |
34 |
Use key with backup |
Save a copy securely |
Backup available |
35 |
Use key with rotation |
Replace old key |
New key generated |
36 |
Use key with expiration |
Set expiry date |
Key expires as expected |
37 |
Use key with revocation |
Revoke compromised key |
Key no longer valid |
38 |
Use key with fingerprint |
Identify key |
Fingerprint matches |
39 |
Use key with QR code |
Share public key |
QR scanned successfully |
40 |
Use key with NFC |
Share key via tap |
Key transferred securely |
41 |
Use key with USB token |
Store key on device |
Key protected |
42 |
Use key with smart card |
Store key securely |
Key accessed |
43 |
Use key with secure boot |
Verify firmware |
Boot verified |
44 |
Use key with code signing |
Sign software |
Software verified |
45 |
Use key with password manager |
Encrypt vault |
Vault secured |
46 |
Use key with document signing |
Sign PDF or Word file |
Signature valid |
47 |
Use key with secure storage |
Encrypt files |
Files protected |
48 |
Use key with hybrid encryption |
Encrypt a secret key |
Secure and efficient |
49 |
Use key with compliance policy |
Follow security rules |
Policy met |
50 |
Use key in test environment |
Simulate real use |
Keys work as expected |
Public Key Distribution - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Share public key via email |
Send key to recipient |
Key received and usable |
2 |
Share public key via website |
Publish key online |
Accessible to anyone |
3 |
Share public key via QR code |
Encode key in QR |
Scannable and usable |
4 |
Share public key via NFC |
Tap to share key |
Key transferred securely |
5 |
Share public key via USB |
Store on flash drive |
Key readable |
6 |
Share public key via Bluetooth |
Send to nearby device |
Key received |
7 |
Share public key via cloud |
Upload to secure storage |
Key accessible |
8 |
Share public key via GitHub |
Publish in repo |
Key publicly available |
9 |
Share public key via certificate |
Embed in X.509 cert |
Key trusted |
10 |
Share public key via smart card |
Store on chip |
Key accessible via reader |
11 |
Share public key via blockchain |
Publish in transaction |
Key publicly verifiable |
12 |
Share public key via DNS |
Use DNSSEC or DANE |
Key retrievable |
13 |
Share public key via LDAP |
Directory service |
Key accessible |
14 |
Share public key via messaging app |
Send in secure chat |
Key received |
15 |
Share public key via API |
Provide via endpoint |
Key fetched programmatically |
16 |
Share public key via mobile app |
Display or send key |
Key usable |
17 |
Share public key via business card |
Print fingerprint or QR |
Key retrievable |
18 |
Share public key via PDF |
Embed in document |
Key extractable |
19 |
Share public key via email signature |
Include in footer |
Key accessible |
20 |
Share public key via public key server |
Upload to keyserver |
Key searchable |
21 |
Share public key via PGP keyserver |
Use MIT or Ubuntu server |
Key available |
22 |
Share public key via secure website |
HTTPS download |
Key securely accessed |
23 |
Share public key via social media |
Post fingerprint or link |
Key publicly visible |
24 |
Share public key via SMS |
Send base64 or link |
Key received |
25 |
Share public key via printed document |
Include fingerprint |
Key manually entered |
26 |
Share public key via encrypted channel |
Send securely |
Key protected in transit |
27 |
Share public key via broadcast |
Send to multiple recipients |
All receive key |
28 |
Share public key via certificate authority |
Issue signed cert |
Key trusted by browsers |
29 |
Share public key via secure enclave |
Read from device |
Key securely stored |
30 |
Share public key via IoT device |
Broadcast key |
Key received by network |
31 |
Share public key via VPN |
Use during handshake |
Key exchanged securely |
32 |
Share public key via TLS |
Use in server cert |
Key verified by client |
33 |
Share public key via SSH |
Add to authorized_keys |
Login permitted |
34 |
Share public key via email encryption |
Use in S/MIME or PGP |
Message encrypted |
35 |
Share public key via document signing |
Verify signature |
Key used for validation |
36 |
Share public key via JWT |
Include in token header |
Signature verifiable |
37 |
Share public key via mobile wallet |
Store for identity |
Key usable for auth |
38 |
Share public key via secure boot |
Verify firmware |
Key used for validation |
39 |
Share public key via certificate pinning |
Hardcode in app |
Key verified |
40 |
Share public key via public registry |
Publish for lookup |
Key accessible |
41 |
Share public key via email verification |
Send signed message |
Key used to verify sender |
42 |
Share public key via chat bot |
Respond with key |
Key distributed automatically |
43 |
Share public key via forum post |
Publish fingerprint |
Key manually imported |
44 |
Share public key via QR on packaging |
Include with product |
Key scanned by user |
45 |
Share public key via NFC tag |
Tap to retrieve |
Key read from tag |
46 |
Share public key via voice assistant |
Respond with key info |
Key shared verbally or via link |
47 |
Share public key via secure kiosk |
Display or print key |
Key retrieved |
48 |
Share public key via encrypted USB |
Store securely |
Key accessed with password |
49 |
Share public key via certificate chain |
Include in chain |
Key verified by root CA |
50 |
Share public key via compliance portal |
Upload for audit |
Key verified and logged |
Digital Signatures - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Share public key via email |
Send key to recipient |
Key received and usable |
2 |
Share public key via website |
Publish key online |
Accessible to anyone |
3 |
Share public key via QR code |
Encode key in QR |
Scannable and usable |
4 |
Share public key via NFC |
Tap to share key |
Key transferred securely |
5 |
Share public key via USB |
Store on flash drive |
Key readable |
6 |
Share public key via Bluetooth |
Send to nearby device |
Key received |
7 |
Share public key via cloud |
Upload to secure storage |
Key accessible |
8 |
Share public key via GitHub |
Publish in repo |
Key publicly available |
9 |
Share public key via certificate |
Embed in X.509 cert |
Key trusted |
10 |
Share public key via smart card |
Store on chip |
Key accessible via reader |
11 |
Share public key via blockchain |
Publish in transaction |
Key publicly verifiable |
12 |
Share public key via DNS |
Use DNSSEC or DANE |
Key retrievable |
13 |
Share public key via LDAP |
Directory service |
Key accessible |
14 |
Share public key via messaging app |
Send in secure chat |
Key received |
15 |
Share public key via API |
Provide via endpoint |
Key fetched programmatically |
16 |
Share public key via mobile app |
Display or send key |
Key usable |
17 |
Share public key via business card |
Print fingerprint or QR |
Key retrievable |
18 |
Share public key via PDF |
Embed in document |
Key extractable |
19 |
Share public key via email signature |
Include in footer |
Key accessible |
20 |
Share public key via public key server |
Upload to keyserver |
Key searchable |
21 |
Share public key via PGP keyserver |
Use MIT or Ubuntu server |
Key available |
22 |
Share public key via secure website |
HTTPS download |
Key securely accessed |
23 |
Share public key via social media |
Post fingerprint or link |
Key publicly visible |
24 |
Share public key via SMS |
Send base64 or link |
Key received |
25 |
Share public key via printed document |
Include fingerprint |
Key manually entered |
26 |
Share public key via encrypted channel |
Send securely |
Key protected in transit |
27 |
Share public key via broadcast |
Send to multiple recipients |
All receive key |
28 |
Share public key via certificate authority |
Issue signed cert |
Key trusted by browsers |
29 |
Share public key via secure enclave |
Read from device |
Key securely stored |
30 |
Share public key via IoT device |
Broadcast key |
Key received by network |
31 |
Share public key via VPN |
Use during handshake |
Key exchanged securely |
32 |
Share public key via TLS |
Use in server cert |
Key verified by client |
33 |
Share public key via SSH |
Add to authorized_keys |
Login permitted |
34 |
Share public key via email encryption |
Use in S/MIME or PGP |
Message encrypted |
35 |
Share public key via document signing |
Verify signature |
Key used for validation |
36 |
Share public key via JWT |
Include in token header |
Signature verifiable |
37 |
Share public key via mobile wallet |
Store for identity |
Key usable for auth |
38 |
Share public key via secure boot |
Verify firmware |
Key used for validation |
39 |
Share public key via certificate pinning |
Hardcode in app |
Key verified |
40 |
Share public key via public registry |
Publish for lookup |
Key accessible |
41 |
Share public key via email verification |
Send signed message |
Key used to verify sender |
42 |
Share public key via chat bot |
Respond with key |
Key distributed automatically |
43 |
Share public key via forum post |
Publish fingerprint |
Key manually imported |
44 |
Share public key via QR on packaging |
Include with product |
Key scanned by user |
45 |
Share public key via NFC tag |
Tap to retrieve |
Key read from tag |
46 |
Share public key via voice assistant |
Respond with key info |
Key shared verbally or via link |
47 |
Share public key via secure kiosk |
Display or print key |
Key retrieved |
48 |
Share public key via encrypted USB |
Store securely |
Key accessed with password |
49 |
Share public key via certificate chain |
Include in chain |
Key verified by root CA |
50 |
Share public key via compliance portal |
Upload for audit |
Key verified and logged |
Encryption & Decryption - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Encrypt with public key |
Encrypt message |
Ciphertext generated |
2 |
Decrypt with private key |
Decrypt ciphertext |
Original message recovered |
3 |
Encrypt with private key |
For digital signature |
Signature generated |
4 |
Decrypt with public key |
Verify signature |
Signature verified |
5 |
Encrypt short message |
Encrypt “Hello” |
Ciphertext generated |
6 |
Encrypt long message |
Encrypt large text |
Error or chunked encryption |
7 |
Encrypt binary data |
Encrypt file bytes |
Ciphertext generated |
8 |
Decrypt binary data |
Decrypt file bytes |
Original data recovered |
9 |
Encrypt with RSA-2048 |
Use strong key |
Secure encryption |
10 |
Encrypt with RSA-4096 |
Use very strong key |
Secure but slower |
11 |
Encrypt with RSA-1024 |
Use weak key |
Works but insecure |
12 |
Encrypt with padding |
Use OAEP or PKCS#1 |
Secure encryption |
13 |
Encrypt without padding |
Raw RSA |
Vulnerable to attacks |
14 |
Encrypt with wrong key |
Use incorrect public key |
Decryption fails |
15 |
Decrypt with wrong key |
Use incorrect private key |
Decryption fails |
16 |
Encrypt with OpenSSL |
Use CLI tool |
Ciphertext generated |
17 |
Decrypt with OpenSSL |
Use CLI tool |
Plaintext recovered |
18 |
Encrypt with Python |
Use cryptography library |
Ciphertext generated |
19 |
Decrypt with Python |
Use cryptography library |
Plaintext recovered |
20 |
Encrypt with Java |
Use Cipher class |
Ciphertext generated |
21 |
Decrypt with Java |
Use Cipher class |
Plaintext recovered |
22 |
Encrypt with GPG |
Use PGP tool |
Message encrypted |
23 |
Decrypt with GPG |
Use PGP tool |
Message decrypted |
24 |
Encrypt with browser |
Use WebCrypto API |
Ciphertext generated |
25 |
Decrypt with browser |
Use WebCrypto API |
Plaintext recovered |
26 |
Encrypt with mobile app |
Use secure SDK |
Message encrypted |
27 |
Decrypt with mobile app |
Use secure SDK |
Message decrypted |
28 |
Encrypt with hybrid method |
Encrypt AES key |
Efficient encryption |
29 |
Decrypt hybrid method |
Decrypt AES key |
Symmetric key recovered |
30 |
Encrypt with timestamp |
Add time to message |
Timestamp included |
31 |
Encrypt with metadata |
Include sender info |
Metadata encrypted |
32 |
Encrypt with compression |
Compress before encrypting |
Smaller ciphertext |
33 |
Encrypt with chunking |
Split large data |
All chunks encrypted |
34 |
Decrypt with chunking |
Reassemble chunks |
Original data recovered |
35 |
Encrypt with audit logging |
Log encryption event |
Entry recorded |
36 |
Decrypt with audit logging |
Log decryption event |
Entry recorded |
37 |
Encrypt with access control |
Restrict key usage |
Unauthorized blocked |
38 |
Decrypt with access control |
Restrict key usage |
Unauthorized blocked |
39 |
Encrypt with revoked key |
Use invalid key |
Operation fails |
40 |
Decrypt with expired key |
Use outdated key |
Operation fails |
41 |
Encrypt with secure enclave |
Use hardware key |
Secure encryption |
42 |
Decrypt with secure enclave |
Use hardware key |
Secure decryption |
43 |
Encrypt with HSM |
Use hardware module |
Secure encryption |
44 |
Decrypt with HSM |
Use hardware module |
Secure decryption |
45 |
Encrypt with TPM |
Use trusted platform module |
Secure encryption |
46 |
Decrypt with TPM |
Use trusted platform module |
Secure decryption |
47 |
Encrypt with certificate |
Use X.509 public key |
Ciphertext generated |
48 |
Decrypt with certificate |
Use private key from cert |
Plaintext recovered |
49 |
Encrypt with compliance policy |
Follow security rules |
Policy met |
50 |
Decrypt with compliance policy |
Follow security rules |
Policy met |
Key Sizes - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Generate 1024-bit key |
Basic security |
Key pair created |
2 |
Generate 2048-bit key |
Recommended minimum |
Key pair created |
3 |
Generate 4096-bit key |
High security |
Key pair created |
4 |
Generate 512-bit key |
Very weak |
Key pair created, insecure |
5 |
Generate 8192-bit key |
Very strong |
Key pair created, slow |
6 |
Encrypt with 1024-bit key |
Use for small data |
Encryption succeeds |
7 |
Encrypt with 2048-bit key |
Use for secure data |
Encryption succeeds |
8 |
Encrypt with 4096-bit key |
Use for sensitive data |
Encryption succeeds |
9 |
Decrypt with 1024-bit key |
Use matching private key |
Decryption succeeds |
10 |
Decrypt with 2048-bit key |
Use matching private key |
Decryption succeeds |
11 |
Decrypt with 4096-bit key |
Use matching private key |
Decryption succeeds |
12 |
Sign with 1024-bit key |
Create digital signature |
Signature valid |
13 |
Sign with 2048-bit key |
Create digital signature |
Signature valid |
14 |
Sign with 4096-bit key |
Create digital signature |
Signature valid |
15 |
Verify with 1024-bit key |
Check signature |
Verification succeeds |
16 |
Verify with 2048-bit key |
Check signature |
Verification succeeds |
17 |
Verify with 4096-bit key |
Check signature |
Verification succeeds |
18 |
Use 1024-bit key in TLS |
Legacy support |
Works, not recommended |
19 |
Use 2048-bit key in TLS |
Modern standard |
Secure |
20 |
Use 4096-bit key in TLS |
High assurance |
Secure |
21 |
Use 1024-bit key in SSH |
Legacy systems |
Works, insecure |
22 |
Use 2048-bit key in SSH |
Secure login |
Works securely |
23 |
Use 4096-bit key in SSH |
High security login |
Works securely |
24 |
Use 1024-bit key in GPG |
Encrypt email |
Works, not recommended |
25 |
Use 2048-bit key in GPG |
Encrypt email |
Secure |
26 |
Use 4096-bit key in GPG |
Encrypt email |
Secure |
27 |
Use 1024-bit key in certificate |
Issue X.509 cert |
Not trusted by browsers |
28 |
Use 2048-bit key in certificate |
Issue X.509 cert |
Trusted |
29 |
Use 4096-bit key in certificate |
Issue X.509 cert |
Trusted |
30 |
Use 1024-bit key in JWT |
Sign token |
Works, insecure |
31 |
Use 2048-bit key in JWT |
Sign token |
Secure |
32 |
Use 4096-bit key in JWT |
Sign token |
Secure |
33 |
Use 1024-bit key in blockchain |
Sign transaction |
Works, insecure |
34 |
Use 2048-bit key in blockchain |
Sign transaction |
Secure |
35 |
Use 4096-bit key in blockchain |
Sign transaction |
Secure |
36 |
Use 1024-bit key in mobile app |
Lightweight |
Works, insecure |
37 |
Use 2048-bit key in mobile app |
Balanced security |
Secure |
38 |
Use 4096-bit key in mobile app |
High security |
May be slower |
39 |
Use 1024-bit key in IoT |
Low power device |
Works, insecure |
40 |
Use 2048-bit key in IoT |
Secure communication |
Recommended |
41 |
Use 4096-bit key in IoT |
High security |
May be too heavy |
42 |
Use 1024-bit key in VPN |
Legacy encryption |
Not secure |
43 |
Use 2048-bit key in VPN |
Secure tunnel |
Recommended |
44 |
Use 4096-bit key in VPN |
High security tunnel |
Secure |
45 |
Use 1024-bit key in file encryption |
Encrypt small file |
Works, insecure |
46 |
Use 2048-bit key in file encryption |
Encrypt file |
Secure |
47 |
Use 4096-bit key in file encryption |
Encrypt file |
Secure |
48 |
Use 1024-bit key in compliance audit |
Security review |
Fails audit |
49 |
Use 2048-bit key in compliance audit |
Security review |
Passes audit |
50 |
Use 4096-bit key in compliance audit |
Security review |
Passes audit |
Slower than Symmetric Ciphers - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Encrypt large file with RSA |
Try encrypting 1MB file |
Very slow or fails |
2 |
Encrypt small file with RSA |
Encrypt 128 bytes |
Works, but slower than AES |
3 |
Encrypt AES key with RSA |
Encrypt 256-bit key |
Fast and efficient |
4 |
Decrypt AES key with RSA |
Decrypt 256-bit key |
Fast and efficient |
5 |
Encrypt message with RSA |
Encrypt short text |
Works, slower than symmetric |
6 |
Encrypt message with AES |
Encrypt same text |
Much faster |
7 |
Compare RSA vs AES speed |
Encrypt same data |
RSA is slower |
8 |
Use RSA in hybrid encryption |
Encrypt only key |
Efficient overall |
9 |
Use RSA for full file encryption |
Encrypt 10MB file |
Not practical |
10 |
Use AES for full file encryption |
Encrypt 10MB file |
Fast and efficient |
11 |
Use RSA in TLS handshake |
Encrypt session key |
Acceptable speed |
12 |
Use AES in TLS session |
Encrypt data stream |
High performance |
13 |
Use RSA in mobile app |
Encrypt message |
Noticeable delay |
14 |
Use AES in mobile app |
Encrypt message |
Fast response |
15 |
Use RSA in IoT device |
Encrypt data |
High CPU usage |
16 |
Use AES in IoT device |
Encrypt data |
Low CPU usage |
17 |
Use RSA in browser |
Encrypt form data |
Slower than AES |
18 |
Use AES in browser |
Encrypt form data |
Fast and smooth |
19 |
Use RSA in email encryption |
Encrypt message |
Slower than symmetric |
20 |
Use AES in email encryption |
Encrypt message |
Fast and secure |
21 |
Use RSA in blockchain |
Sign transaction |
Acceptable speed |
22 |
Use AES in blockchain |
Encrypt payload |
Fast and efficient |
23 |
Use RSA in VPN |
Encrypt session key |
Works well |
24 |
Use AES in VPN |
Encrypt traffic |
High throughput |
25 |
Use RSA in SSH |
Authenticate session |
Acceptable speed |
26 |
Use AES in SSH |
Encrypt session |
Fast and secure |
27 |
Use RSA in secure boot |
Verify signature |
Acceptable speed |
28 |
Use AES in secure boot |
Encrypt firmware |
Fast |
29 |
Use RSA in file transfer |
Encrypt file directly |
Slow |
30 |
Use AES in file transfer |
Encrypt file |
Fast |
31 |
Use RSA in password manager |
Encrypt vault key |
Efficient |
32 |
Use AES in password manager |
Encrypt vault data |
Fast |
33 |
Use RSA in cloud storage |
Encrypt key |
Efficient |
34 |
Use AES in cloud storage |
Encrypt files |
Fast |
35 |
Use RSA in secure messaging |
Encrypt key |
Acceptable |
36 |
Use AES in secure messaging |
Encrypt messages |
Fast |
37 |
Use RSA in digital signature |
Sign document |
Acceptable speed |
38 |
Use AES for MAC |
Authenticate data |
Faster |
39 |
Use RSA in certificate |
Encrypt symmetric key |
Efficient |
40 |
Use AES in certificate |
Encrypt data |
Fast |
41 |
Use RSA in hybrid system |
Encrypt key only |
Efficient |
42 |
Use AES in hybrid system |
Encrypt data |
Fast |
43 |
Use RSA with 2048-bit key |
Encrypt small data |
Slower than AES |
44 |
Use AES with 256-bit key |
Encrypt same data |
Much faster |
45 |
Use RSA with 4096-bit key |
Encrypt small data |
Even slower |
46 |
Use AES with hardware support |
AES-NI |
Very fast |
47 |
Use RSA with hardware support |
RSA accelerator |
Still slower than AES |
48 |
Use RSA in real-time system |
Encrypt on-the-fly |
Not suitable |
49 |
Use AES in real-time system |
Encrypt on-the-fly |
Suitable |
50 |
Use RSA for key exchange only |
Encrypt symmetric key |
Best practice |
Widely Used in Protocols - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Use RSA in SSL handshake |
Secure website connection |
Session key exchanged |
2 |
Use RSA in TLS 1.2 |
Encrypt session key |
Secure connection established |
3 |
Use RSA in TLS 1.3 |
Use for certificate verification |
Signature verified |
4 |
Use RSA in HTTPS |
Secure browser communication |
Encrypted session |
5 |
Use RSA in SSH login |
Authenticate user |
Login successful |
6 |
Use RSA in SSH key pair |
Generate and use keys |
Secure shell access |
7 |
Use RSA in PGP |
Encrypt email |
Message secured |
8 |
Use RSA in GPG |
Sign and encrypt files |
Secure communication |
9 |
Use RSA in S/MIME |
Secure email with certificate |
Message encrypted |
10 |
Use RSA in VPN |
Secure key exchange |
Tunnel established |
11 |
Use RSA in IPsec |
Authenticate peers |
Secure connection |
12 |
Use RSA in digital certificates |
X.509 certs |
Identity verified |
13 |
Use RSA in certificate authority |
Sign certificates |
Trusted certs issued |
14 |
Use RSA in JWT |
Sign JSON Web Tokens |
Token verified |
15 |
Use RSA in OAuth 2.0 |
Secure token exchange |
Access granted |
16 |
Use RSA in OpenID Connect |
Verify identity tokens |
Authentication successful |
17 |
Use RSA in blockchain |
Sign transactions |
Transaction accepted |
18 |
Use RSA in smart contracts |
Verify signatures |
Contract executed |
19 |
Use RSA in DNSSEC |
Sign DNS records |
DNS integrity ensured |
20 |
Use RSA in secure boot |
Verify firmware |
Boot verified |
21 |
Use RSA in code signing |
Sign software |
Integrity verified |
22 |
Use RSA in PDF signing |
Digitally sign document |
Signature valid |
23 |
Use RSA in Word document signing |
Sign Office file |
Signature valid |
24 |
Use RSA in mobile apps |
Secure API communication |
Data encrypted |
25 |
Use RSA in cloud storage |
Encrypt keys |
Files protected |
26 |
Use RSA in password managers |
Encrypt vault keys |
Vault secured |
27 |
Use RSA in secure messaging |
Encrypt session key |
Chat secured |
28 |
Use RSA in IoT devices |
Secure firmware updates |
Verified and safe |
29 |
Use RSA in smart cards |
Authenticate user |
Access granted |
30 |
Use RSA in TPM |
Secure key storage |
Keys protected |
31 |
Use RSA in HSM |
Hardware key management |
Secure operations |
32 |
Use RSA in secure enclave |
Mobile hardware security |
Keys isolated |
33 |
Use RSA in e-passports |
Authenticate identity |
Verified |
34 |
Use RSA in biometric systems |
Sign biometric data |
Data integrity ensured |
35 |
Use RSA in e-voting |
Secure ballot transmission |
Vote integrity preserved |
36 |
Use RSA in banking apps |
Secure transactions |
Data encrypted |
37 |
Use RSA in ATMs |
Authenticate card |
Secure session |
38 |
Use RSA in payment gateways |
Secure card data |
PCI DSS compliant |
39 |
Use RSA in DRM |
Protect digital content |
Access controlled |
40 |
Use RSA in secure file transfer |
Encrypt file keys |
Files transmitted securely |
41 |
Use RSA in compliance audits |
Verify digital signatures |
Audit passed |
42 |
Use RSA in legal tech |
Sign contracts |
Legally binding |
43 |
Use RSA in healthcare |
Encrypt patient data |
HIPAA compliant |
44 |
Use RSA in education systems |
Secure student records |
FERPA compliant |
45 |
Use RSA in government portals |
Authenticate users |
Secure access |
46 |
Use RSA in military systems |
Secure communication |
Confidentiality ensured |
47 |
Use RSA in SCADA systems |
Secure industrial control |
Data protected |
48 |
Use RSA in satellite communication |
Encrypt commands |
Secure transmission |
49 |
Use RSA in automotive systems |
Secure vehicle updates |
Firmware verified |
50 |
Use RSA in AI/ML pipelines |
Sign model files |
Model integrity verified |
Standardized - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Use PKCS #1 format |
Generate RSA key pair |
Keys conform to standard |
2 |
Use RFC 8017 for encryption |
Follow spec |
Encryption succeeds |
3 |
Use RFC 8017 for decryption |
Follow spec |
Decryption succeeds |
4 |
Use PKCS #1 v1.5 padding |
Encrypt message |
Padding applied correctly |
5 |
Use OAEP padding |
Encrypt message |
Secure padding used |
6 |
Use PSS padding |
Sign message |
Signature generated securely |
7 |
Use DER encoding |
Export key |
Format matches standard |
8 |
Use PEM encoding |
Export key |
Format matches standard |
9 |
Validate ASN.1 structure |
Parse key file |
Structure conforms to spec |
10 |
Use standard key size |
2048-bit key |
Compliant with guidelines |
11 |
Use standard exponent |
e = 65537 |
Matches best practices |
12 |
Use standard modulus format |
n = p q |
Format valid |
13 |
Use standard signature format |
PKCS #1 signature |
Verifiable |
14 |
Use standard hash function |
SHA-256 |
Compliant with RFC 8017 |
15 |
Use standard key generation |
Follow PKCS #1 steps |
Keys valid |
16 |
Use standard key validation |
Check modulus and exponents |
Keys valid |
17 |
Use standard test vectors |
Encrypt/decrypt |
Results match |
18 |
Use standard certificate format |
X.509 with RSA |
Certificate valid |
19 |
Use standard CSR format |
Generate request |
Matches PKCS #10 |
20 |
Use standard signature verification |
Follow RFC 8017 |
Signature valid |
21 |
Use standard padding check |
Validate OAEP |
Padding verified |
22 |
Use standard error handling |
Invalid padding |
Error returned |
23 |
Use standard key import |
Load from PEM |
Key parsed correctly |
24 |
Use standard key export |
Save to PEM |
Key formatted correctly |
25 |
Use standard library |
OpenSSL or BouncyCastle |
Standards-compliant |
26 |
Use standard API |
Java Cipher or Python cryptography |
Follows spec |
27 |
Use standard compliance test |
Run test suite |
All tests pass |
28 |
Use standard documentation |
Refer to RFC 8017 |
Implementation matches |
29 |
Use standard signature scheme |
RSASSA-PSS |
Secure and compliant |
30 |
Use standard encryption scheme |
RSAES-OAEP |
Secure and compliant |
31 |
Use standard key derivation |
Follow PKCS #1 |
Keys derived correctly |
32 |
Use standard modulus length |
2048 bits or more |
Meets security standards |
33 |
Use standard key usage flags |
In certificate |
Usage correctly defined |
34 |
Use standard key lifecycle |
Generate, use, revoke |
Matches policy |
35 |
Use standard key revocation |
CRL or OCSP |
Key status verified |
36 |
Use standard audit logging |
Log key usage |
Logs compliant |
37 |
Use standard compliance policy |
FIPS/NIST |
RSA implementation accepted |
38 |
Use standard secure storage |
Store key securely |
Matches guidelines |
39 |
Use standard secure transmission |
Send key over TLS |
Secure and compliant |
40 |
Use standard hybrid encryption |
RSA + AES |
Matches protocol spec |
41 |
Use standard certificate chain |
Root Intermediate Leaf |
Chain valid |
42 |
Use standard timestamping |
Sign with time |
RFC 3161 compliant |
43 |
Use standard digital signature |
Sign PDF or code |
Signature valid |
44 |
Use standard key fingerprint |
SHA-256 hash |
Matches expected |
45 |
Use standard key rotation |
Replace keys periodically |
Policy compliant |
46 |
Use standard key backup |
Export securely |
Matches security policy |
47 |
Use standard key escrow |
Store with trusted authority |
Policy compliant |
48 |
Use standard key destruction |
Securely delete |
Matches guidelines |
49 |
Use standard interoperability test |
Exchange keys across systems |
Works correctly |
50 |
Use standard protocol integration |
Use RSA in TLS, SSH, etc. |
Protocols function securely |
Reference links