Skill

implementing-rsa-key-pair-management

From asi

Generates, stores, rotates, and manages RSA key pairs per NIST SP 800-57 guidelines, with PEM/DER/PKCS#8 serialization, passphrase protection, key validation, and RSA-PSS signing/verification.

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating, and managing RSA key pairs following NIST SP 800-57 key management guidelines, including key serialization formats (PEM, DER, PKCS#8), passphrase protection, and key strength validation.

SKILL.md

Similar Skills

implementing-rsa-key-pair-management

5.9k

Generates, stores, rotates, and manages RSA key pairs in Python per NIST guidelines: PEM/DER/PKCS#8 serialization, passphrase protection, strength validation, RSA-PSS signing.

7 files

cybersecurity-skills

implementing-rsa-key-pair-management

Implements RSA key pair generation, storage, rotation, and management per NIST SP 800-57, including PEM/DER/PKCS#8 serialization, password protection, and strength validation. Useful for secure asymmetric crypto.

7 files

cybersecurity-skills-zh

cryptography

Provides cryptography guidance on encryption (AES-256-GCM, ChaCha20), password hashing (Argon2id, bcrypt), signatures (Ed25519), TLS config, key management. Use for implementing or reviewing crypto.

3 files4 tools

security

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Implementing RSA Key Pair Management

Overview

When to Use

When deploying or configuring implementing rsa key pair management capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

Familiarity with cryptography concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Objectives

Generate RSA key pairs with appropriate key sizes (2048, 3072, 4096 bits)
Serialize keys in PEM and DER formats with PKCS#8
Protect private keys with strong passphrase encryption
Implement key rotation with versioning
Extract public key components and fingerprints
Validate key strength and detect weak keys
Sign and verify data using RSA-PSS

Key Concepts

RSA Key Sizes and Security Strength

Key Size (bits)	Security Strength (bits)	Recommended Until
2048	112	2030
3072	128	Beyond 2030
4096	~140	Beyond 2030

RSA Padding Schemes

Scheme	Use Case	Standard
OAEP	Encryption	PKCS#1 v2.2 (RFC 8017)
PSS	Signatures	PKCS#1 v2.2 (RFC 8017)
PKCS#1 v1.5	Legacy only	Deprecated for new systems

Key Storage Formats

PEM: Base64-encoded with headers, human-readable
DER: Binary ASN.1 encoding, compact
PKCS#8: Standard for private key encapsulation
PKCS#12/PFX: Bundled key + certificate, password-protected

Security Considerations

Minimum 3072-bit keys for new deployments (NIST recommendation)
Always protect private keys with AES-256-CBC passphrase encryption
Use RSA-PSS for signatures (not PKCS#1 v1.5)
Use RSA-OAEP for encryption (not PKCS#1 v1.5)
Store private keys with restrictive file permissions (0600)
Implement key rotation at least annually

Validation Criteria

Key generation produces valid RSA key pair
Public key can be extracted from private key
Private key is protected with passphrase
RSA-PSS signature verification succeeds
Tampered signature verification fails
Key fingerprint is computed correctly
Key rotation maintains old key access for verification