The Math Behind RSA Keypair Encryption

How Keypair Encryption Works and the Role of Prime Numbers

In the realm of digital security, keypair encryption is a cornerstone technique that ensures the confidentiality and integrity of our communications. At its heart, this encryption method relies on mathematical principles, with prime numbers playing a crucial role in its effectiveness. In this blog post, we will explore how keypair encryption works and how prime numbers are used to enhance its security.

What is Keypair Encryption?

Keypair encryption, also known as asymmetric encryption, involves the use of two cryptographic keys: a public key and a private key. These keys are mathematically linked in such a way that data encrypted with one key can only be decrypted using the other. This dual-key system allows for secure communication between parties without needing to exchange secret keys beforehand.

  1. Public Key: This key is shared openly and can be used by anyone to encrypt messages intended for the key owner.
  2. Private Key: This key is kept secret by the owner and is used to decrypt messages that were encrypted with the corresponding public key.

The security of this system relies on the mathematical difficulty of deriving the private key from the public key.

How Prime Numbers Play a Role

Prime numbers, integers greater than 1 that have no positive divisors other than 1 and themselves, are essential in many cryptographic algorithms. One of the most famous algorithms that utilizes prime numbers is RSA encryption.

In keypair encryption, two prime numbers play a crucial role in keeping your information safe. Here’s a simple explanation of how and why they’re used:

The Role of Prime Numbers

Prime numbers are special because they can only be divided by 1 and themselves. In keypair encryption, two large prime numbers are chosen to create a unique “lock” that is very hard to break. These primes are used to generate a pair of keys: a public key (which anyone can use to encrypt a message) and a private key (which only the owner can use to decrypt that message).

Why Prime Numbers?

Prime numbers are used because multiplying them together creates a number that is extremely difficult to factor back into the original primes. If someone wanted to break the encryption, they would need to figure out the original prime numbers, which is practically impossible when the primes are large enough.

Example

Let’s say you choose two prime numbers, 3 and 5. You multiply them together to get 15. In a real encryption system, these numbers would be much, much larger, but the idea is the same. The number 15 becomes part of your public key, which others use to lock (encrypt) their messages to you. To unlock (decrypt) the messages, you need to know the original prime numbers, 3 and 5, which are part of your private key.

The Security Advantage

The security comes from the fact that while it’s easy to multiply the two primes together to get 15, it’s very hard for someone to figure out that 15 was created by multiplying 3 and 5. This difficulty keeps your private key safe and ensures that only you can decrypt the messages meant for you.

You might think, “If 15 is the number, it’s easy to guess that 3 and 5 are the numbers that multiply to make 15.” But in real-world encryption, the numbers are much bigger—around 400 to 1000 digits long. Figuring out which two prime numbers were used to create such a huge number is nearly impossible. Even supercomputers would take many years to solve it without the private key.

In short, two prime numbers are used in keypair encryption because they create a strong, unique lock that’s extremely hard to break without the correct key.

Let’s illustrate why a prime number is challenging to factor with an example!

To begin, generate a new SSH key pair:

[vinoth@hellovinoth ~]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vinoth/.ssh/id_rsa):
Created directory '/home/vinoth/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vinoth/.ssh/id_rsa.
Your public key has been saved in /home/vinoth/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:DTzeLIYXCTH70lTR2EU91Mmx9d1mJkfU/Ct/C47JMik vinoth@hellovinoth
The key's randomart image is:
+---[RSA 4096]----+
|      +.  o= o=*O|
|       = o. o  =@|
|      . B     ..@|
|       * B     *.|
|      o S +     .|
|       + .   . . |
|          .  .o  |
|       E +. + ...|
|        . o+ . .o|
+----[SHA256]-----+

[vinoth@hellovinoth ~]$ ls -lrth .ssh/
total 8.0K
-rw-r--r--. 1 vinoth vinoth  744 Aug 29 11:19 id_rsa.pub
-rw-------. 1 vinoth vinoth 3.2K Aug 29 11:19 id_rsa

RSA keys are encoded in Base64, which efficiently represents data for computer processing. To view the content of the private key in a human-readable format, you need to decode it. Here’s how the private key looks when viewed directly:

[vinoth@hellovinoth ~]$ cat .ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEArBH2br3fLUylNeI1wDT7R5sMWH/q9hhvSCeBhVZIyK9vGI8h
qij6yfUfLGsHfVoVSiyZLn3NL1heohnoPtlZp/FxChWeGzbJWd4Zy84S0kZSCmYh
RFLzyaC3DSs257HLdVGbA8LVnCn1NEjR6tseKV8CY+hZ19XySMe/fS96xMtOQbKN
FcbnGTfz4WZtlv4/Uw9sEVqIuHXLA/SCSKJCbYe8Rx7b00axC8jnWeocPAyChUFi
FbcyAFpgXy8EN82IHuUAzp1gzG2qQlfPZxSKSk6YCR5t3VYQyNdxvuxeI8ZHaw/J
qH4J1e4l6k6El/DCafYx56A4KVBZ/orkRP249CSp96SQTKpCJl3ZGg9KFwTqIovL
R0ZW9Y9tIypX8rePSDXY7BsjsA9Iiy2DXSb3aSqlTPkg3jDhnVcNA6RLf2xaiQAm
xP/cGHMnMJEf2QbOVOetByAbBGesgHPmwqWFgc5jPMXeFwqaOBw8mnQtVB5MEjzG
loh3rO54sM71lmk/I5iKgXyC8oq/kTcsQ3hRZ7unIJJ5NOH1zFYn6jF3/VjZSbbs
OgggIndePt3U+m2Ba7XH43ls2P+2QWFoYlvuGPRNRABLRqvgCIHHNY+384B5zVY3
z14mp3c2aDTa+CkcQebtYw4cQ/6onDnqRCJRRnQUYh+X7sU+hzKUafox55ECAwEA
AQKCAgEAmCG9hsW6xxtHym845LozHGkaLjjSrUiHQv0ix5e0/DIXgFg0BHT83ogp
SqVKVurJfe4WdQNm4SA5cwqCyuZyHUkbjzXzts3mkd0LY6TMATuJF4aajQTmY/MD
RNJbVdhdMVm4O0gMgmiaUeK8LfATJ7LHsztgC7Mt5mkshWrwGYRCqVVK5eEYu7Q7
nKJp7CDYLgCppGIuFSCYIOQSOFO1dY+XyC2hX5fVuryix110HydUUqqvJNH2lFdT
c3RnP0spuV7xKrv8NGIVMVjfl5ySdAYu54kOy61nY5sQBySGSwzoYeDwg1cELS/E
N/e5xXho+zRfhRGj9esD1khIcDL/TPDoehfHVDoqQn1VsBQRhFGZnhmt2ourLjq4
FQXrGy44r45IMK8Ugq+9/0IuDYKITgERh2DHHx8hpsYnq9iB8jIT1kfFvvHHsgej
ZKgBdMHlqp+5VX8EIEMKOEPa7noeyy8nFaHaLwLYcsfbg2VEn9SLRgwgq2Z2sDY5
gZ9miNTAiBLKgVqIokQFhdAwcqCTMrBGt45oitEL2AmW9us6vl9S894Jc2NdW7Ts
LDoncHNh4y7mukjrY+45XD5KewUB4+VLZRzzLSmR9da6ob/948SbyttUgSFkyGvj
1roJ5Ymk4b5Bbno/J1Jza3/ClUq2nb3mjhYTJwKA6J/P2PFVexECggEBANJpW7tt
qV30g/LVXQD80trCbhIhG7jHd6xpdCrY01kbjmSlv4aKpbqaw/s5WC+8QLrd3rg8
Q1eiqzl0VfXhhC7OdVdv/hLKjp4el1cIY2mLLCxTk3jE9GE6/U2nvKdeQNxN+rGL
qdzv6bogdscUFm90EJLDYd39TsjM5OqqthjQARO3OYYkLnXhKWsNwL6DHIUAWCZP
SkCRZmSjfIgsDelv/vVVU+PmWGBE1bv6GHfT/WihcpNC+1ahBApUPXIJ5ZV1g2TK
/vtnIRxF0GK6+PQAsipACYwW8Nf6JS2zYOHG4goc5zWYLdbYA3UJLHszWLQyXTa9
014tQ1eoX/ZaaaUCggEBANFZ+BgMs6pB1cs8g53km5cX5NAQ5AnqIDWh09Pd7ky5
ANEXL3bc52ih7JvB6mtD8Fej8TbpA74sLGwvKP2cJ7ISKCJoLyE+bXCTmuLpmakK
CgYpcX79zyKiJnPBz97SuX6j8Ve4sHHBaiig8WYU1w2qUyVgfyn3odVXf8WqT7P0
lv0BPyprl7mXTh2xyRtJ0JqNdXnUHqkD1KaxFsumLEyTyOhCjg7WsvyPX8y5M1aN
a0IZzegjzyuzDab/4rtz6gh1R3gvh39GmyUxaD0597tvdHLOgDsgAPwu11qnlzE7
bM++qYWZGMAvJ2Yfh3zcvdUkQqVUHQw0Ve0zwoG2an0CggEAWKDCX+doIMg+0Alp
XGIiGr0tCfviJmn2kav1n5qnI3CFAQYD75L1De3kwSw9ZhYAmfWcu7O+lepR/yhu
kNxGBkU2jfcBaT7i5d1y19kTrsBNgfpOMt+bJF1pls0hnMoJvgImp6RxjzuLErhb
760ZaibUWE1uKsho6BHOFr6DZ14uJfTWiRcybrrB7HLljhnB6I/lkXVyjFHydE+c
w+ryjTJ8jTA83tEGxr4X3U8SAV9M7Uab8UWUgr/d6M/k9eUPTG4sQ0dyMckV3EfX
585j0Lt+UGea3eRH3GFkSaS2GUPhsGrORPftzwI8Ko8LqnVNVtGkC8vXfWLJa+Hj
UexxdQKCAQAlCF47mtuZTYYNKoo5vvvK8X4XVDWSj2jdM+AtxT9nMP60/f32b8M7
nhElyFq4WM9GIYkE5pkz5cqB5KHCowHenRmeZIGZxtpDJMksRJha75ywVFpwVWNz
w+07YthrmSkY/tUtaE1GAinOQBITtbIJB80nendkLBrji1Pd2m+47JZc8QCEd33i
ZaJ63D0v55HQFR/nyh8WVMgkKIVYxu9lKGtMsqFAfLgytwYCR+yN7fxAOCJVYyg9
mbHbjb5E3I9UqbJXz0iPuiStopzG398zt9aIjIDgdJvYAE02CxlSqylnYlnIeTmI
nY7BoOgtrTqjXoOvjT6KLyPYDuTkXyldAoIBAQDKcBUk+UgY30Y5OR8nsxpSsRf4
SCHejxDVF/2yQIVMhb5a1uFPcNH+U7AH8bAhH5s5zyQmhsbMbsDBb24rkZ8nkwJO
eFyfRdbFaVgBQWG6G2JW5ofMOHFoV4T57ddKmNdkaJtO1kchAKhzNLKncgUHSWhc
E79Z4wi52+MsKc9JHnvebOSB7vz54NNUh1YiJcA6yZq7E6hySbV+DxFr/+2escPk
As5jx/dzJN81ksdLYdpffdIpmz4/dJ7agBt86jARsnBHHwymnzjvr0ktDG91Q4bx
7unFDnefperjgGrDa5HNgEOVIj302NWOFu/aL3h7/01Q8NRqkgUsedc+At9o
-----END RSA PRIVATE KEY-----
[vinoth@hellovinoth ~]$

To view the RSA private key in a readable format, use tools that interpret the encoded data.
The following command will display the key details in a human-readable form, though the numbers will still be in hexadecimal format.

To convert a hexadecimal value to a decimal value (in a more human-readable format), you can use various online tools. I used [this converter] for the conversion.
Please note that the website won’t accept the hexadecimal format with spaces and colons as is, so you’ll need to remove these characters before pasting the value for conversion.

From the private key content, I’ve focused only on the prime numbers for simplicity and omitted other sections.
After converting the hexadecimal values, you can see the decimal values for prime 1 and prime 2. Comparing these large decimal numbers to a simple multiplication like 3 × 5 = 15 helps illustrate their vast magnitude.

Here is the hexadecimal value for Prime01 (with spaces and colons removed):

00d2695bbb6da95df483f2d55d00fcd2dac26e12211bb8c777ac69742ad8d3591b8e64a5bf868aa5ba9ac3fb39582fbc40badddeb83c4357a2ab397455f5e1842ece75576ffe12ca8e9e1e97570863698b2c2c539378c4f4613afd4da7bca75e40dc4dfab18ba9dcefe9ba2076c714166f741092c361ddfd4ec8cce4eaaab618d00113b73986242e75e1296b0dc0be831c850058264f4a40916664a37c882c0de96ffef55553e3e6586044d5bbfa1877d3fd68a1729342fb56a1040a543d7209e595758364cafefb67211c45d062baf8f400b22a40098c16f0d7fa252db360e1c6e20a1ce735982dd6d80375092c7b3358b4325d36bdd35e2d4357a85ff65a69a5

When converted to decimal, that results in 800+ digit prime number.
This indicates that the below number is divisible only by 1 and itself.

26 561 998 171 101 243 489 295 459 250 760 823 262 435 878 121 464 574 790 218 449 641 399 917 204 046 422 940 873 116 960 693 185 120 190 097 018 827 850 368 936 832 777 754 251 798 196 416 782 881 394 908 285 529 149 896 045 583 755 863 562 565 367 258 550 097 790 812 660 140 034 088 486 476 205 255 522 254 684 417 188 999 694 171 492 487 610 450 312 559 720 420 266 165 122 902 222 994 823 317 689 332 597 809 124 547 439 190 910 082 009 375 289 835 887 053 176 526 339 980 309 914 063 929 392 736 816 177 967 689 421 549 986 317 472 688 653 704 755 645 879 039 553 081 793 916 176 157 969 898 561 233 003 669 553 064 802 500 149 496 318 633 853 456 359 611 123 015 764 765 128 557 348 754 299 233 419 205 803 682 059 508 080 228 349 002 366 052 284 696 367 574 350 638 527 467 866 134 213 294 307 226 877 593 020 837

The same procedure was followed for Prime2.

00d159f8180cb3aa41d5cb3c839de49b9717e4d010e409ea2035a1d3d3ddee4cb900d1172f76dce768a1ec9bc1ea6b43f057a3f136e903be2c2c6c2f28fd9c27b2122822682f213e6d70939ae2e999a90a0a0629717efdcf22a22673c1cfded2b97ea3f157b8b071c16a28a0f16614d70daa5325607f29f7a1d5577fc5aa4fb3f496fd013f2a6b97b9974e1db1c91b49d09a8d7579d41ea903d4a6b116cba62c4c93c8e8428e0ed6b2fc8f5fccb933568d6b4219cde823cf2bb30da6ffe2bb73ea087547782f877f469b2531683d39f7bb6f7472ce803b2000fc2ed75aa797313b6ccfbea9859918c02f27661f877cdcbdd52442a5541d0c3455ed33c281b66a7d

When converted to decimal, it also results in a prime number with 800 digits, meaning it is divisible only by 1 and itself.

26 428 171 163 005 222 798 021 853 775 275 329 113 817 041 271 517 250 013 170 468 660 691 182 393 496 024 192 339 077 220 533 609 600 572 317 520 256 385 131 544 574 178 952 543 119 217 904 376 775 394 513 065 088 044 603 910 386 505 291 247 035 622 438 787 988 290 987 163 858 297 539 228 671 351 285 269 534 779 750 071 565 726 741 208 971 452 077 682 572 049 592 643 576 688 971 527 861 317 343 561 477 736 550 197 558 917 629 620 026 754 899 940 085 609 639 672 273 206 565 013 418 872 117 585 829 032 022 986 733 294 085 305 985 591 593 270 939 865 052 241 133 260 035 037 481 509 454 036 700 270 389 505 014 579 907 435 438 041 252 302 661 720 918 303 019 901 095 401 660 722 274 377 527 760 225 406 568 226 323 499 218 817 175 789 870 535 285 740 172 107 955 336 238 527 740 782 294 878 134 432 497 901 426 338 429

The following result is obtained by multiplying the two large prime numbers mentioned above. This product is stored in the public key.

701,985,034,097,295,351,088,744,266,528,987,129,995,525,864,670,334,059,131,131,215,491,522,169,758,949,198,122,532,430,676,494,857,380,026,564,919,850,977,434,669,067,585,112,349,970,103,670,857,029,055,764,916,390,774,597,589,078,472,893,150,913,398,700,989,659,497,012,336,415,768,851,546,767,489,682,438,895,311,738,811,626,981,266,080,118,531,377,846,260,360,155,903,375,079,634,424,696,490,286,652,219,447,481,581,913,568,314,009,143,238,984,529,060,710,780,613,590,425,085,321,919,070,146,340,427,268,546,365,470,013,305,982,935,116,432,783,690,400,609,344,655,036,060,453,540,245,673,485,591,346,927,628,266,041,639,808,657,290,291,396,819,219,826,400,425,562,175,111,368,040,660,688,006,708,085,194,486,077,621,383,287,359,276,675,292,320,247,906,996,447,841,428,883,669,285,969,057,348,910,842,651,431,384,770,495,051,171,418,744,548,347,034,418,542,900,393,761,009,964,870,009,528,452,907,287,852,903,939,677,061,403,617,789,945,549,908,953,274,069,363,518,000,069,797,554,655,915,931,933,029,596,251,167,843,171,706,667,731,795,987,422,261,814,306,873,569,116,833,758,538,640,684,566,958,428,248,176,583,176,515,988,164,308,509,161,448,975,085,576,894,786,655,857,065,723,951,130,531,476,858,756,000,367,905,646,030,060,285,562,331,559,190,762,662,085,544,603,106,142,088,905,270,059,310,773,206,951,961,477,528,479,955,196,308,912,670,258,253,920,183,185,641,575,287,778,496,792,952,113,120,433,628,699,337,062,331,829,531,990,434,715,623,507,759,993,128,844,222,589,183,960,541,658,736,131,791,923,945,144,322,721,732,245,134,463,999,214,661,792,453,293,503,567,302,025,763,801,942,109,764,602,573,301,352,591,346,942,010,845,073

I hope this shows how complicated the math can be.
Decrypting a public key without the private key isn’t as easy as just multiplying small numbers like 3 × 5 = 15 to find a prime number. Factoring huge numbers into their prime factors is much harder, especially with the large primes used in encryption.

1 Comment

  • Manikandan G says:

    The reasoning behind the term “prime number” as stated above makes sense: a prime number is the sole choice for greater keyword encryption and description, which implies that composite numbers cannot provide the same level of security as a prime number.
    Great work Vinoth

Leave a Comment