Agent-Skills.md

Agent Skills: Implementing RSA Key Pair Management

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating,

UncategorizedID: plurigrid/asi/implementing-rsa-key-pair-management

Repository

plurigrid/asi
plurigridLicense: MIT
165

Install this agent skill to your local

pnpm dlx add-skill https://github.com/plurigrid/asi/tree/HEAD/plugins/asi/skills/implementing-rsa-key-pair-management

Skill Files

Browse the full folder contents for implementing-rsa-key-pair-management.

Download Skill

Loading file tree…

plugins/asi/skills/implementing-rsa-key-pair-management/SKILL.md

Skill Metadata

Name
implementing-rsa-key-pair-management
Description
RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating,

Implementing RSA Key Pair Management

Overview

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating, and managing RSA key pairs following NIST SP 800-57 key management guidelines, including key serialization formats (PEM, DER, PKCS#8), passphrase protection, and key strength validation.

When to Use

  • When deploying or configuring implementing rsa key pair management capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

  • Familiarity with cryptography concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Generate RSA key pairs with appropriate key sizes (2048, 3072, 4096 bits)
  • Serialize keys in PEM and DER formats with PKCS#8
  • Protect private keys with strong passphrase encryption
  • Implement key rotation with versioning
  • Extract public key components and fingerprints
  • Validate key strength and detect weak keys
  • Sign and verify data using RSA-PSS

Key Concepts

RSA Key Sizes and Security Strength

| Key Size (bits) | Security Strength (bits) | Recommended Until | |-----------------|-------------------------|-------------------| | 2048 | 112 | 2030 | | 3072 | 128 | Beyond 2030 | | 4096 | ~140 | Beyond 2030 |

RSA Padding Schemes

| Scheme | Use Case | Standard | |--------|----------|----------| | OAEP | Encryption | PKCS#1 v2.2 (RFC 8017) | | PSS | Signatures | PKCS#1 v2.2 (RFC 8017) | | PKCS#1 v1.5 | Legacy only | Deprecated for new systems |

Key Storage Formats

  • PEM: Base64-encoded with headers, human-readable
  • DER: Binary ASN.1 encoding, compact
  • PKCS#8: Standard for private key encapsulation
  • PKCS#12/PFX: Bundled key + certificate, password-protected

Security Considerations

  • Minimum 3072-bit keys for new deployments (NIST recommendation)
  • Always protect private keys with AES-256-CBC passphrase encryption
  • Use RSA-PSS for signatures (not PKCS#1 v1.5)
  • Use RSA-OAEP for encryption (not PKCS#1 v1.5)
  • Store private keys with restrictive file permissions (0600)
  • Implement key rotation at least annually

Validation Criteria

  • [ ] Key generation produces valid RSA key pair
  • [ ] Public key can be extracted from private key
  • [ ] Private key is protected with passphrase
  • [ ] RSA-PSS signature verification succeeds
  • [ ] Tampered signature verification fails
  • [ ] Key fingerprint is computed correctly
  • [ ] Key rotation maintains old key access for verification