* Apply limits on %$\gcd(p - 1, q - 1)$% to reduce the space of
equivalent decryption exponents.
* Force %$e = F_4 = 2^{16} + 1$% to avoid small-encryption-exponent
attacks.
* Ensure that %$p > q$% and that %$p - q$% is large to deter
square-root-based factoring methods.
* Use %$e d \equiv 1 \pmod{\lambda(n)}$%, where %$\lambda(n)$% is
%$\lcm(p - 1, q - 1)$%, as recommended in PKCS#1, rather than the
more usual %$\varphi(n) = (p - 1)(q - 1)$%.
* Handle aborts from pgen_jump.