In RFC 2313 (PKCS1/RSA) said you could recreate the Private key from ‘n’ and ‘d’, which later versions removed. Why?
RFC 2313 has this specific callout:
1. An RSA private key logically consists of only the
modulus n and the private exponent d. The presence of the
values p, q, d mod (p-1), d mod (p-1), and q-1 mod p is
intended for efficiency, as Quisquater and Couvreur have
shown [QC82]. A private-key syntax that does not include
all the extra values can be converted readily to the syntax
defined here, provided the public key is known, according
to a result by Miller [Mil76].
Mil76 is G.L. Miller. Riemann's hypothesis and tests for primality. Journal of Computer and Systems Sciences, 13(3):300-307, 1976.
2313 was obsoleted by RFC 2437. 2437 was obsoleted by 3447. 3447 might have been obsoleted by 8017 but does anyone use it?
2437 makes no mention of this caveat, that the other components can be "converted to this format" if the 'n', 'd' and public key (mod and public exp) are known.
Anyone know why? First option is that the Miller reference was wrong, second option is that the RFC editors were misquoting, misreading or misrepresenting Miller's stuff.
I know that conventional (ie, there are StackOverflow questions on this) wisdom is that the modulus and the private exponent are all that is needed to use an RSA private key, assuming the public key components are known.
Is that (when you get really down to it) correct conventional wisdom?
Or is 'n' and 'd' insufficient?
Any reason (other than performance) that the other components (p, q, et al) are necessary for confidence in the key?
tyia.
