Can I generate x509 certificate with negative RSA key modulus?

Question

So far I tried to generate x509 certificate in Go, using x509 library, but this doesn't succeed, since Go doesn't allow to generate negative modulus.

I tried to use openssl:

openssl req  -nodes -new -x509  -keyout server.key -out server.cert

But it generate positive modulus RSA key. For education purposes I still need negative RSA modulus, is it somehow possible using openssl?

Answer 1

An RSA key with a negative modulus is not an RSA key.

Per RFC 8017 (bolding mine):

3.1. RSA Public Key

For the purposes of this document, an RSA public key consists of two components:

     n        the RSA modulus, a positive integer
     e        the RSA public exponent, a positive integer

In a valid RSA public key, the RSA modulus n is a product of u distinct odd primes r_i, i = 1, 2, ..., u, where u >= 2, and the RSA public exponent e is an integer between 3 and n - 1 satisfying GCD(e,\lambda(n)) = 1, where \lambda(n) = LCM(r_1 - 1, ..., r_u - 1). By convention, the first two primes r_1 and r_2 may also be denoted p and q, respectively.

. . .

3.2. RSA Private Key

For the purposes of this document, an RSA private key may have either of two representations.

1. The first representation consists of the pair (n, d), where the components have the following meanings:

    n       the RSA modulus, a positive integer
    d       the RSA private exponent, a positive integer
   

2. The second representation consists of a quintuple (p, q, dP, dQ, qInv) and a (possibly empty) sequence of triplets (r_i, d_i, t_i), i = 3, ..., u, one for each prime not in the quintuple, where the components have the following meanings:

    p      the first factor, a positive integer
    q      the second factor, a positive integer
    dP     the first factor's CRT exponent, a positive integer
    dQ     the second factor's CRT exponent, a positive integer
    qInv   the (first) CRT coefficient, a positive integer
    r_i    the i-th factor, a positive integer
    d_i    the i-th factor's CRT exponent, a positive integer
    t_i    the i-th factor's CRT coefficient, a positive integer
   

All values by specification are positive integers, and the modulus is the product of two or more prime numbers.

And all prime numbers are defined as:

A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers.

Any product of prime numbers therefore must also be greater than zero, making a negative modulus for an RSA key mathematically impossible.