Files
Anthropic-Cybersecurity-Skills/skills/implementing-rsa-key-pair-management/SKILL.md
T
mukul975 cb8d79e068 Map all 754 skills to MITRE ATT&CK v19.1
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
  techniques), verified against MITRE ATT&CK v19.1 via the official
  mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
  threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
  Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
  Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
  family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
  stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution
2026-06-01 12:13:29 +02:00

3.4 KiB

name, description, domain, subdomain, tags, version, author, license, nist_csf, mitre_attack
name description domain subdomain tags version author license nist_csf mitre_attack
implementing-rsa-key-pair-management RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating, cybersecurity cryptography
cryptography
rsa
key-management
pki
asymmetric-encryption
1.0 mahipal Apache-2.0
PR.DS-01
PR.DS-02
PR.DS-10
T1600
T1573
T1553
T1486

Implementing RSA Key Pair Management

Overview

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating, and managing RSA key pairs following NIST SP 800-57 key management guidelines, including key serialization formats (PEM, DER, PKCS#8), passphrase protection, and key strength validation.

When to Use

  • When deploying or configuring implementing rsa key pair management capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with cryptography concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Generate RSA key pairs with appropriate key sizes (2048, 3072, 4096 bits)
  • Serialize keys in PEM and DER formats with PKCS#8
  • Protect private keys with strong passphrase encryption
  • Implement key rotation with versioning
  • Extract public key components and fingerprints
  • Validate key strength and detect weak keys
  • Sign and verify data using RSA-PSS

Key Concepts

RSA Key Sizes and Security Strength

Key Size (bits) Security Strength (bits) Recommended Until
2048 112 2030
3072 128 Beyond 2030
4096 ~140 Beyond 2030

RSA Padding Schemes

Scheme Use Case Standard
OAEP Encryption PKCS#1 v2.2 (RFC 8017)
PSS Signatures PKCS#1 v2.2 (RFC 8017)
PKCS#1 v1.5 Legacy only Deprecated for new systems

Key Storage Formats

  • PEM: Base64-encoded with headers, human-readable
  • DER: Binary ASN.1 encoding, compact
  • PKCS#8: Standard for private key encapsulation
  • PKCS#12/PFX: Bundled key + certificate, password-protected

Security Considerations

  • Minimum 3072-bit keys for new deployments (NIST recommendation)
  • Always protect private keys with AES-256-CBC passphrase encryption
  • Use RSA-PSS for signatures (not PKCS#1 v1.5)
  • Use RSA-OAEP for encryption (not PKCS#1 v1.5)
  • Store private keys with restrictive file permissions (0600)
  • Implement key rotation at least annually

Validation Criteria

  • Key generation produces valid RSA key pair
  • Public key can be extracted from private key
  • Private key is protected with passphrase
  • RSA-PSS signature verification succeeds
  • Tampered signature verification fails
  • Key fingerprint is computed correctly
  • Key rotation maintains old key access for verification