On the Uniqueness of RSA Keys in EJBCA PKI Systems

Authors

  • Nguyen Le Minh
  • Dinh Quoc Tien

DOI:

https://doi.org/10.54654/isj.v1i27.1242

Tóm tắt

RSA deployments in EJBCA-based public key infrastructures (PKIs) rely on X.509 Subject Key Identifiers (SKIs) to prevent reuse of identical public keys. However, SKI-level checks fail to detect shared-prime collisions, where distinct RSA moduli reuse a prime factor and become factorable via batch GCD analysis. This paper examines why existing SKI mechanisms cannot guarantee RSA key uniqueness and how such weaknesses propagate through enrollment and renewal processes in EJBCA.

We propose two complementary controls that extend uniqueness from the public key to RSA’s secret parameters. The first is a secrecy-preserving duplication check, where one-way commitments to the primes (p, q) are embedded in the certificate request and verified against a commitment registry to block reuse without exposing secret values. The second is an identity-scoped RSA generation algorithm that deterministically maps subject identifiers to disjoint prime-search intervals, ensuring well-spaced and non-overlapping primes across users.

Downloads

Download data is not yet available.

Downloads

Abstract views: 16 / PDF downloads: 8

Published

2026-06-24

How to Cite

Le Minh, N., & Tien, D. Q. (2026). On the Uniqueness of RSA Keys in EJBCA PKI Systems . Journal of Science and Technology on Information Security, 1(27), 61-69. https://doi.org/10.54654/isj.v1i27.1242

Issue

No 1. CS (27) 2026

Section

Papers

License

Open Access Policy

The Journal of Science and Technology on Information Security provides open access to its published articles to broaden opportunities for high-quality research findings to be available and widely disseminated free of charge, contributing to the greater exchange of knowledge.

Open access statement: CTUJoS permits everyone to read, download, copy, distribute, print, search, or link to the full texts of the published articles without registration, price barriers, or asking for permission from the Journal or the author.

Proposed Policy for Journals That Offer Delayed Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).