We have noticed that Safari 11 is refusing to import some JWK RSA private keys that were generated by Safari 10 or Edge.
Experimenting a bit, it appear that Safari 11 is insisting
- that p > q,
- that q not be too small (compared to p), and
- that q not be too close to p
There are good cryptographic reasons for 2 and 3, but as we have lots of key pairs around, I would like to know what the precise requirements are and whether there is a standard (or some document) that defines these.
As this is leading to rejection of keys that were previously accepted, we do need to deal with this, and so any guidence would be helpful.
