implementing-rsa-key-pair-management

star 2

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating,

oyi77 By oyi77 schedule Updated 6/8/2026
play_arrow Run Skill in Manus View GitHub

name: implementing-rsa-key-pair-management description: RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating, domain: cybersecurity subdomain: cryptography tags:

  • cryptography
  • rsa
  • key-management
  • pki
  • asymmetric-encryption version: '1.0' author: mahipal license: Apache-2.0 nist_csf:
  • PR.DS-01
  • PR.DS-02
  • PR.DS-10

Implementing RSA Key Pair Management

Overview

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating, and managing RSA key pairs following NIST SP 800-57 key management guidelines, including key serialization formats (PEM, DER, PKCS#8), passphrase protection, and key strength validation.

When to Use

  • When deploying or configuring implementing rsa key pair management capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with cryptography concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Generate RSA key pairs with appropriate key sizes (2048, 3072, 4096 bits)
  • Serialize keys in PEM and DER formats with PKCS#8
  • Protect private keys with strong passphrase encryption
  • Implement key rotation with versioning
  • Extract public key components and fingerprints
  • Validate key strength and detect weak keys
  • Sign and verify data using RSA-PSS

Key Concepts

This section covers key concepts for implementing rsa key pair management.

  • Ensure all prerequisites are met before proceeding
  • Follow the documented workflow steps in sequence
  • Record results and any anomalies encountered during this phase

RSA Key Sizes and Security Strength

Key Size (bits) Security Strength (bits) Recommended Until
2048 112 2030
3072 128 Beyond 2030
4096 ~140 Beyond 2030

RSA Padding Schemes

Scheme Use Case Standard
OAEP Encryption PKCS#1 v2.2 (RFC 8017)
PSS Signatures PKCS#1 v2.2 (RFC 8017)
PKCS#1 v1.5 Legacy only Deprecated for new systems

Key Storage Formats

  • PEM: Base64-encoded with headers, human-readable
  • DER: Binary ASN.1 encoding, compact
  • PKCS#8: Standard for private key encapsulation
  • PKCS#12/PFX: Bundled key + certificate, password-protected

Security Considerations

  • Minimum 3072-bit keys for new deployments (NIST recommendation)
  • Always protect private keys with AES-256-CBC passphrase encryption
  • Use RSA-PSS for signatures (not PKCS#1 v1.5)
  • Use RSA-OAEP for encryption (not PKCS#1 v1.5)
  • Store private keys with restrictive file permissions (0600)
  • Implement key rotation at least annually

Validation Criteria

  • Key generation produces valid RSA key pair
  • Public key can be extracted from private key
  • Private key is protected with passphrase
  • RSA-PSS signature verification succeeds
  • Tampered signature verification fails
  • Key fingerprint is computed correctly
  • Key rotation maintains old key access for verification

When NOT to Use

  • You need to test the implementation (use performing-* skills)
  • Task is about configuring existing tools (use configuring-* skills)
  • You need to analyze security events (use analyzing-* skills)
  • Task is about building detection rules (use building-* skills)
  • You don't have access to the target environment
  • Task requires vendor-specific expertise (consult vendor docs)

Red Flags

  • Performing actions without explicit written authorization from the asset owner
  • Testing against production systems without a defined scope and rules of engagement
  • Sharing sensitive findings or credentials in unencrypted communications
  • Failing to properly scope and contain the assessment before starting

Verification

  • All steps executed successfully against a test environment before production use
  • Output documented with screenshots or logs demonstrating expected behavior
  • Results validated against known-good baselines or reference implementations
  • Documentation complete enough for another analyst to reproduce findings

Process

  1. Analyze the task requirements
  2. Apply domain expertise
  3. Verify output quality
Install via CLI
npx skills add https://github.com/oyi77/1ai-skills --skill implementing-rsa-key-pair-management
Repository Details
star Stars 2
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
oyi77
oyi77 Explore all skills →