Lots of changes:

Lots of changes:

  * Apply limits on %$\gcd(p - 1, q - 1)$% to reduce the space of
    equivalent decryption exponents.

  * Force %$e = F_4 = 2^{16} + 1$% to avoid small-encryption-exponent
    attacks.

  * Ensure that %$p > q$% and that %$p - q$% is large to deter
    square-root-based factoring methods.

  * Use %$e d \equiv 1 \pmod{\lambda(n)}$%, where %$\lambda(n)$% is
    %$\lcm(p - 1, q - 1)$%, as recommended in PKCS#1, rather than the
    more usual %$\varphi(n) = (p - 1)(q - 1)$%.

  * Handle aborts from pgen_jump.