RSA
CryptographyRivest–Shamir–Adleman -- a public-key cryptosystem based on the difficulty of factoring large integers, used in smart cards for digital signatures, key transport, and certificate-based authentication with key sizes of 2048 or 4096 bits.
What Is RSA?
RSARSACryptographyPublic-key algorithm for smart card signatures and key exchange.Click to view → (Rivest-Shamir-Adleman) is a public-key cryptosystem based on the computational difficulty of factoring large integers. In smart card systems, RSA provides digital signatures, key transport, and certificate-based authentication using key pairs of 2048 or 4096 bits stored in the card's secure element. RSA was the first widely deployed asymmetric algorithm on smart cards and remains prevalent in payment, identity, and government card applications.
RSA Operations on Smart Cards
Smart cards use RSA for three primary operations:
- Digital signatures -- the card signs a hash of data using its private key (RSA-PSS or PKCS#1 v1.5). The signature is verified off-card using the corresponding public key from the card's certificate.
- Key transport -- a session key is encrypted with the card's RSA public key and sent to the card, which decrypts it with its private key. Used in legacy SCP02 secure channels.
- Authentication -- the card proves its identity by signing a random challenge from the terminal. This is the basis of Active Authentication in ePassports and PKI login with PIV cards.
Hardware Acceleration
RSA operations are computationally intensive -- a 2048-bit modular exponentiation requires millions of multiply operations. Without a crypto coprocessor, an RSA-2048 signature on an 8-bit smart card CPU would take minutes. Dedicated RSA accelerators reduce this to 50-200 ms for RSA-2048 and 200-800 ms for RSA-4096.
| Key Size | Coprocessor Time | Security Level (NIST) |
|---|---|---|
| RSA-1024 | ~30 ms | Deprecated (< 80-bit) |
| RSA-2048 | 50-200 ms | 112-bit |
| RSA-3072 | 150-400 ms | 128-bit |
| RSA-4096 | 200-800 ms | ~140-bit |
RSA vs ECC on Smart Cards
ECC is increasingly replacing RSA in new smart card designs because it provides equivalent security with much shorter keys:
| Security Level | RSA Key | ECCECCCryptographyEfficient public-key cryptography using elliptic curves.Click to view → Key | Advantage |
|---|---|---|---|
| 112-bit | 2048-bit | 224-bit | 9x shorter key |
| 128-bit | 3072-bit | 256-bit | 12x shorter key |
| 192-bit | 7680-bit | 384-bit | 20x shorter key |
Shorter keys mean smaller certificates (important for constrained EEPROM storage), faster key generation, and lower power consumption -- all critical factors for contactless cards operating on RF-harvested energy.
Current Usage
Despite ECC's advantages, RSA remains required for backward compatibility in many deployments:
- PIV and CAC -- RSA-2048 is still the default key type for authentication and digital signature certificates.
- EMV -- RSA is used for offline data authentication (SDA, DDA, CDA) in payment cards.
- PKI smart cards -- enterprise PKI deployments widely use RSA-2048 for email encryption and VPN authentication.
Related Content
Smart Card Fundamentals
Getting Started…counters, data Crypto acceleration Crypto coprocessor RSA, ECC, AES offload I/O Contact pad / RF antenna Communicate…
PKI on Smart Cards
Standards & Protocols…05 AC 03 80 01 11 00 ^ ^ ^ key ref (9A) template ALG=11 (RSA-2048) Response: 7F 49 ... (public key in TLV) SW1 SW2: 90…
Smart Card Cryptography
Security…level for specific card families. Asymmetric Algorithms — RSA and ECC Asymmetric cryptography on smart cards serves key…
Side-Channel Attacks and Countermeasures
Security…to visually identify algorithm steps. In an unprotected RSA implementation, the conditional square-and-multiply steps…
HSM Integration for Smart Cards
Security…CA) CA private key NIST SP 800-57 3D-Secure signing HMAC/RSA signing key EMV 3DS PKCS#11 Interface to HSM Applications…
Post-Quantum Cryptography for Smart Cards
Security…Type Public Key Private Key Signature / Ciphertext RSA-2048 KEM/Sig 256 B 1,180 B 256 B P-256 (ECDSA) Signature…
PKCS#11 for Smart Cards
Programming…smart cards, HSMs , and secure elements . Defined by RSA Laboratories and now maintained by OASIS, PKCS#11 v2.40…
OpenSC and Open-Source Smart Card Tools
Programming…opensc-pkcs11.so --login --list-objects # Generate an RSA-2048 key pair on the card pkcs11-tool --module…
Pertanyaan yang Sering Diajukan
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.