/ 
Crypt-Perl-0.30
/ Crypt::Perl::RSA::Generate
Security Advisories (2)
CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::RSA::Generate - RSA key generation

SYNOPSIS

use Crypt::Perl::RSA::Generate ();

#$prkey is a Crypt::Perl::RSA::PrivateKey instance.
my $prkey = Crypt::Perl::RSA::Generate::create(2048);

DISCUSSION

Unfortunately, this is quite slow in Perl—too slow, in fact, if you don’t have either Math::BigInt::GMP or Math::BigInt::Pari. The logic here will still run under pure Perl, but it’ll take too long to be practical.

The current Math::ProvablePrime backend is slated to be replaced with Math::Prime::Util; once that happens, pure-Perl operation should be much more feasible.

ALTERNATIVES

Crypt::OpenSSL::RSA - probably the fastest way to generate RSA keys in perl. (It relies on XS, so this project can’t use it.)
Use the openssl binary OpenSSL directly, e.g., my $rsa_pem = qx/openssl genrsa/. Most *NIX systems can do this.

NOTE: As of December 2016, Crypt::PK::RSA is NOT suitable for key generation because it can only generate keys with up to a 512-bit modulus.