#### Breaking RSA Public Key Encryption created with openssl

Source notebook: [breaking asymetric certs jupyter interactive notebook](https://github.com/flmath/flmath.github.io/blob/main/src/lib/jupyter_backup/asymetric_break_certs.ipynb)

A small demonstration how to retrieve private key from public key by integer factorization.

We need to use the OpenSSL unsafe, because for demonstration we do not want seriously big keys.

The factorization is done by sympy, because it is a good science research tool.

Lets start with RSA keys creation with openssl.

In [331]:
%%bash
openssl-unsafe genrsa  -out private_rsa_key.pem 128 2> /dev/null
openssl pkey -pubout -in private_rsa_key.pem -out public_rsa_key.pem 2> /dev/null
openssl rsa -in private_rsa_key.pem -check -noout
cat  public_rsa_key.pem | wc -l

RSA key ok
3


Create some text, and encrypt it with public key.

In [332]:
%%bash
echo "sens" > unencrypted.txt
openssl pkeyutl -encrypt -pubin -inkey public_rsa_key.pem -in unencrypted.txt -out  encrypted.txt 
cat unencrypted.txt
echo
cat encrypted.txt | xxd -p

sens

22d69be776537460003897d64f35d9d9


Decrypt it with private key.

In [333]:
%%bash
openssl pkeyutl -decrypt -inkey private_rsa_key.pem -in encrypted.txt -out  decrypted.txt
cat decrypted.txt

sens


Lets look at the private and public key.

In [334]:
%%bash
openssl pkey -in private_rsa_key.pem -text -noout

Private-Key: (128 bit, 2 primes)
modulus:
    00:9e:2b:4a:7b:39:15:70:04:2b:98:e9:47:51:a1:
    9f:8d
publicExponent: 65537 (0x10001)
privateExponent:
    00:93:24:62:dd:cf:75:0a:06:e0:81:33:4f:f5:90:
    55:01
prime1: 15044361412660468517 (0xd0c84eff12389b25)
prime2: 13974857223454276169 (0xc1f0aa9a4ecb3a49)
exponent1: 8514433208065511661 (0x762957e42e88d0ed)
exponent2: 8779571790916320745 (0x79d74e07159b7de9)
coefficient: 11022620640736158733 (0x98f8371288f7a40d)


In [335]:
%%bash
openssl pkey -pubin -in public_rsa_key.pem -text -noout

Public-Key: (128 bit)
Modulus:
    00:9e:2b:4a:7b:39:15:70:04:2b:98:e9:47:51:a1:
    9f:8d
Exponent: 65537 (0x10001)


In [336]:
%%bash
openssl pkey -pubin -in public_rsa_key.pem -noout -text | awk -F'[ ]' '/Exponent:/{print $2}' | tee pubExp

65537


In [337]:
%%bash
openssl rsa -pubin -in public_rsa_key.pem -modulus | awk -F'=' '{print $2}'  | xargs  -I '{}' echo "ibase=16; {}" | bc | tee modint

writing RSA key


210242802759974926968956374026647871373


In [338]:
from sympy.ntheory import factorint
with open('modint', 'rb') as f:
    mod = int(f.read())    
print(mod)

210242802759974926968956374026647871373


In [339]:
primes = factorint(mod)
primes_list = list(primes.keys())
primes_list.sort(reverse=True) # order matters for pinv

In [340]:
[p,q] = primes_list
phi = (p - 1) * (q - 1)
with open('pubExp', 'rb') as f:
    e = int(f.read())
d = pow(e, -1, phi)
dp = d % (p - 1)
dq = d % (q - 1)
pinv = pow(q, -1, p)

p,q, pinv,  dp , dq, d

(15044361412660468517,
 13974857223454276169,
 11022620640736158733,
 8514433208065511661,
 8779571790916320745,
 195585443317059849332042792466088219905)

In [341]:
with open('asn1_rsa', 'wb') as out_file:
    text = (
    "asn1=SEQUENCE:rsa_key\n\n[rsa_key]\n"
    "version=INTEGER:0\n"
    "modulus=INTEGER:"+str(mod)+"\n"
    "pubExp=INTEGER:"+str(e)+"\n"
    "privExp=INTEGER:"+str(d)+"\n"
    "p=INTEGER:"+str(p)+"\n"
    "q=INTEGER:"+str(q)+"\n"
    "e1=INTEGER:"+str(dp)+"\n"
    "e2=INTEGER:"+str(dq)+"\n"
    "coeff=INTEGER:"+str(pinv)+"\n"
    )
    out_file.write(text.encode())


In [342]:
%%bash
openssl asn1parse -genconf asn1_rsa -out recreated.bin
openssl pkey -inform DER -outform PEM -in recreated.bin -out recreated2.pem


    0:d=0  hl=2 l=  99 cons: SEQUENCE          
    2:d=1  hl=2 l=   1 prim: INTEGER           :00
    5:d=1  hl=2 l=  17 prim: INTEGER           :9E2B4A7B391570042B98E94751A19F8D
   24:d=1  hl=2 l=   3 prim: INTEGER           :010001
   29:d=1  hl=2 l=  17 prim: INTEGER           :932462DDCF750A06E081334FF5905501
   48:d=1  hl=2 l=   9 prim: INTEGER           :D0C84EFF12389B25
   59:d=1  hl=2 l=   9 prim: INTEGER           :C1F0AA9A4ECB3A49
   70:d=1  hl=2 l=   8 prim: INTEGER           :762957E42E88D0ED
   80:d=1  hl=2 l=   8 prim: INTEGER           :79D74E07159B7DE9
   90:d=1  hl=2 l=   9 prim: INTEGER           :98F8371288F7A40D


Parameters are the same.

In [343]:
%%bash
openssl pkey -in private_rsa_key.pem -text -noout > a
openssl pkey -in recreated2.pem -text -noout > b
diff -s a b


Files a and b are identical


The PEM files are different.

In [344]:
%%bash
cat private_rsa_key.pem
echo " "
cat recreated2.pem


-----BEGIN RSA PRIVATE KEY-----
MGMCAQACEQCeK0p7ORVwBCuY6UdRoZ+NAgMBAAECEQCTJGLdz3UKBuCBM0/1kFUB
AgkA0MhO/xI4myUCCQDB8KqaTss6SQIIdilX5C6I0O0CCHnXTgcVm33pAgkAmPg3
Eoj3pA0=
-----END RSA PRIVATE KEY-----
 
-----BEGIN PRIVATE KEY-----
MHkCAQAwDQYJKoZIhvcNAQEBBQAEZTBjAgEAAhEAnitKezkVcAQrmOlHUaGfjQID
AQABAhEAkyRi3c91CgbggTNP9ZBVAQIJANDITv8SOJslAgkAwfCqmk7LOkkCCHYp
V+QuiNDtAgh5104HFZt96QIJAJj4NxKI96QN
-----END PRIVATE KEY-----


But they function the same way.

In [345]:
%%bash
openssl pkeyutl -decrypt -inkey private_rsa_key.pem -in encrypted.txt -out  decrypted.txt
openssl pkeyutl -decrypt -inkey recreated2.pem -in encrypted.txt -out  redecrypted2.txt
cat decrypted.txt
cat redecrypted2.txt

sens
sens


#### Done!