I have asn.1 structure (encrypted session key):
SEQUENCE(2 elem)
SEQUENCE(2 elem)
OCTET STRING(32 byte) 5E70735F3698B4355B45037FA7CE0097115E45C6585994726642063F723AB49E
OCTET STRING(4 byte) 8C860884
[0](3 elem)
OBJECT IDENTIFIER1.2.643.2.2.31.1
[0](2 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER1.2.643.2.2.19
SEQUENCE(2 elem)
OBJECT IDENTIFIER1.2.643.2.2.36.0
OBJECT IDENTIFIER1.2.643.2.2.30.1
BIT STRING(1 elem)
OCTET STRING(64 byte) 2DC3FDF69C913DCCB653268E512F5EDDE41A5DB3583CDF6068F248A2B0B8DE7BC9AA20E3CF63DF5F395521E0A0DD853E0AAF44FA493CD54CA8048D1D9C4185FB
OCTET STRING(8 byte) 76EEB46B1B1036EB
How to decrypt this structure using the function CryptImportKey?
That structure uses the Russian GOST protocols. I'm pretty certain that those are not supported by CryptImportKey out of the box. You probably have to extract the information and then import it using a structure that is supported by CryptImportKey.
For instance OID 1.2.643.2.2.19 shows {iso(1) member-body(2) ru(643) 2 cryptopro(2) gostR3410-2001(19)}.
It seems you could use some kind of plugin, probably you could obtain this from CryptoPro. I'm not sure though, my Russian is not that good (and my friend Anya is not into crypto :) ).
Related
Can anyone help regarding this??
I generated a key in python using jwk using below command and stored in a variable key
key = jwk.JWK.generate(kty='RSA', size=512)
and when i used key.export() it returned the below dict
{'d': 'Z1apo6KRMoS0xyqqTu7lEwZ7f_AON_tve42nSUkwXypMF1rDNj_xgIn9J5I4TvAisUaRYq82uZfYf76eMgj8uQ',
'dp': '4k-hSfYmT8H2zdHVFVQpBD-_w5G9ASSADgKn3F08AAs',
'dq': 'E4fXlCY6oT3yPTnOb3LvLxMtKDPmwoI-FLYbNP2L0-k',
'e': 'AQAB',
'kty': 'RSA',
'n': 'wuALgiButVPQy8bCnSkvU-QlBqYB5pk6rfwlcTr-csc8DOvPzekHJYWPjbP_ptAxSW3r5Bnpac1MDgMQKFjOtw',
'p': '8ZI61ugJ3WblKvY-JfkyWXUcdoGAWQB8B9VcfWRvLuM',
'q': 'zoPN8ItkA_0rf_XobRkjhYIdtoXyOLXCqYSU0i8etR0',
'qi': 'JhXuF6EDTrrPysGzsVhco4hpVsSHCXgS7UGZUISc2Ug'}
can anyone explain what are the keys in this dict like d, dp, dq, e, n, p, q, qi
You generated a JWK (JSON Web Key), a special representation of a key. In your case it's an RSA Key which contains the parameters for the private and the public key.
Please refer to the RFC7517 for the general keys. e.g.
"kty" (Key Type) Parameter
and
RFC7518 for the algorithm specific part.
n and e are the modulus and exponent of the public key, all others are used for the private key. Section 6.3 of the RFC7518 lists all the specific entries of the RSA key:
"n" (Modulus) Parameter
"e" (Exponent) Parameter
"d" (Private Exponent) Parameter
"p" (First Prime Factor) Parameter
"q" (Second Prime Factor) Parameter
"dp" (First Factor CRT Exponent) Parameter
"dq" (Second Factor CRT Exponent) Parameter
"qi" (First CRT Coefficient) Parameter
Im trying to find out what kind of hash encryption this is in javascipt:
function L(j) {
var h = a.pbkey,
g = a.rndnb;
if (typeof f != "undefined") {
var e = f.PBK(h),
d = f.STBUNC(j),
i = f.STBA(g),
c = f.ENC(d, e, i),
b = f.BAT64(c);
return b
} else return ""
}
It hash a phonenumber.Ex: +79645531974
pbkey:'e=010001;m=d06889ab9ea3c9ce9d2e92559d6b2f043ef873f0cc9f858745bc6784d1d9a98f8d354e061d25fad9c3a741c57626d0d65de01eb03584a5af1f579b9f9834a60b628756ad636ec1d3129e87e0c7274670d9ca615f12fe3424e9da362f7f8cce8dfe61d79f5ec68dffe1f3ddcf5e20e1bf07349ee6c747a59b09d6420d131899f93dfaeacd76d6a684cda8ac99e7f87e17507235a2b59b84f56d8a3d4ecdd8259b3c7d892758d69a48930b591e66cc6d88d20a3de9360be30c8a94084a2753c92e0cfd1c94868c90109cd176855bba96cd3e73f34442ddfd256da7f1d1e48fbf265ad2f2caeebe4990ca5638b90b6c3fafa8c015a09947e3f03defc51e231a2f2d'
rndnb:'7fc1cdfea47d0057bbb33176ce73a376f9319d4e221d84807d74ff2f859b510b9fd132e577ed207d96b1d11e57500bff93efe97842248bcbe39527592797b7e3a821110ae61c3da67c2773bcb634c53357fb230ef95297d20c37d256aa8bd75bea315f2d
Result: 4LW/+zyiBBgDExOLPLafO9T/GG3guycSMK3uz16qFcXWgvo1KAF8VrbGrxAE91Mvk6qUDkX8c9ha7urDB41XDAhciBbj2VzE48WXjB/A6gI6n7qcTwkNTPT0Qly1EFRtTF44xTbPEld/OviYhD2OolumbtL42wtnyw1oh4/2v2SyAqARdGJizRhd1UFpWW+OUIcF3eyhKS1R+TDorsOoM/bJQzR6CTSyLysfPJL8ldjG0Ujevac7dT+WvaXFmP3qlsReMP/FSLjs7xixCAA/VrxIRUragoIOf2cptilop5zJNY26DO/iEhUUU7n8ANayrqthplS3v624XR24iM22bg==
The code suggests that it uses 2048 bit RSA encryption (with public exponent 65537) and a randomized padding scheme.
But with only this code it is impossible to solve the whole thing. We need to know what the PBK(), STBUNC(), STBA(), ENC(), BAT64() functions do, otherwise we cannot definitively say anything about what is done here.
However, the input parameters give some suggestions. The pbkey parameter suggests that the encryption is "public-key" based and uses an exponent e = 65537 (a commonly used RSA public exponent). Then it's an easy guess that m stands for "modulus". We could be dealing with either RSA or some logarithm-group crypto (e.g. ElGamal). To get more information we could check if this modulus m is a prime number, turns out it's not. So logarithm-group crypto is off the table and so we are probably dealing with RSA. Notice how the modulus and the output are each 2048 bits, so this checks out.
But we're not done. We also have the rndnb value, which probably means "random number". This suggests that the encryption is not textbook RSA (thank god), but uses some kind of randomization. Possible it uses some kind of standard padding scheme like OAEP.
To get more details we would really need to get the bodies of the functions that are use.
I am using openresty/1.7.7.2 with Lua 5.1.4. I am receiving int64 in request and i have it's string format saved in DB (can't change DB schema or request format). I am not able to match both of them.
local i = 913034578410143848 --request
local p = "913034578410143848" -- stored in DB
print(p==tostring(i)) -- return false
print(i%10) -- return 0 ..this also doesn't work
Is there a way to convert int64 to string and vice versa if possible?
update:
I am getting i from protobuf object. proto file describe i as int64. I am using pb4lua library for protobuf.
ngx.req.read_body()
local body = ngx.req.get_body_data()
local request, err = Request:load(body)
local i = request.id
Lua 5.1 can not represent integer values larger than 2^53.
Number literal not excaption. So you can not just write
local i = 913034578410143848.
But LuaJIT can represent int64 values like boxed values.
Also there exists Lua libraries to make deal with large numbers.
E.g. bn library.
I do not know how your pb4lua handle this problem.
E.g. lua-pb library uses LuaJIT boxed values.
Also it provide way to specify user defined callback to make int64 value.
First I suggest figure out what real type of your i value (use type function).
All other really depends on it.
If its number then I think pb4lua just loose some info.
May be it just returns string type so you can just compare it as string.
If it provide LuaJIT cdata then this is basic function to convert string
to int64 value.
local function to_jit_uint64(str)
local v = tonumber(string.sub(str, 1, 9))
v = ffi.new('uint64_t', v)
if #str > 9 then
str = string.sub(str, 10)
v = v * (10 ^ #str) + tonumber(str)
end
return v
end
Sorry, my English is bad, but I try formulate a question.
BouncyCastle project contains the implementation of the protocol DVCS (RFC-3029).
The response(answer) to the DVCS request has the following structure
DVCSResponse ::= CHOICE {
dvCertInfo DVCSCertInfo ,
dvErrorNote [0] DVCSErrorNotice
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
I am interested in the field dvStatus, here's the code from BouncyCastle in which the coding:
private static final int TAG_DV_STATUS = 0;
...
public DVCSCertInfo build()
{
ASN1EncodableVector v = new ASN1EncodableVector();
...
if (dvStatus != null)
{
// DERTaggedObject(bool explicitly, int tagNo, Org.BouncyCastle.Asn1.Asn1Encodable obj)
v.add(new DERTaggedObject(false, TAG_DV_STATUS, dvStatus)); //Why FALSE?
}
...
return DVCSCertInfo.getInstance(new DERSequence(v));
}
The field PkiStatusInfo in ASN1 as follows:
PkiStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PkiFreeText OPTIONAL,
failInfo PkiFailureInfo OPTIONAL
}
Dump of real dvcs responce:
SEQUENCE : dvCertInfo DVCSCertInfo
SEQUENCE : dvReqInfo DVCSRequestInformation
ENUMERATED : service ServiceType
INTEGER : nonce INTEGER
GENERALIZED TIME : requestTime DVCSTime
SEQUENCE : messageImprint DigestInfo
INTEGER : serialNumber Integer
GENERALIZED TIME : responseTime DVCSTime
CONTEXT SPECIFIC (0) : dvStatus [0] PKIStatusInfo
INTEGER : 0 status PKIStatus //Where SEQUENCE?
But I can not understand why it is encoded without Sequence.
If you look at RFC 3029 Appendix E, which contains the complete ASN.1 module, the third line includes "IMPLICIT TAGS". This indicates that BER or DER encodings of components with tags (such as [0]) should have the built-in UNIVERSAL tags replaced by the tag in the specification. This means that the context specific 0 is used instead of the UNIVERSAL 16 for the dvStatus component.
There are two excellent ASN.1 Books you can download free from http://www.oss.com/asn1/resources/books-whitepapers-pubs/asn1-books.html which will explain EXPLICIT vs. IMPLICIT tags clearly. You can also try your example in the free online ASN.1 compiler and encoder/decoder at http://asn1-playground.oss.com to see the effects of IMPLICIT vs. EXPLICIT tags on encodings.
Most new specifications created today use AUTOMATIC TAGS (implying implicit tagging). Many older specifications use IMPLICIT TAGS, while fewer, or more ancient specifications, tend to use EXPLICIT TAGS.
Words "IMPLICIT TAGS" not for imported types! X.208: "Note 5 – The value of “TagDefault” for the module definition affects only those types defined explicitly in the module. It does not affect the interpretation of imported types.". PKIStatusInfo - imported type from PKIXCMP (RFC 2510).
PKIXCMP {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmp(9)}
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
...
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL}
...
END
PKIStatusInfo is defined EXPLICITLY!
What's the algorithm for creating hash (sha-1 or MD5) of an RSA public key? Is there a standard way to do this? Hash just the modulus, string addition of both and then take a hash? Is SHA-1 or MD5 usually used?
I want to use it to ensure that I got the right key (have the sender send a hash, and I calculate it myself), and log said hash so I always know which exact key I used when I encrypt the payload.
Based on the OpenSSH source code, the way that a fingerprint is generated for RSA keys is to convert n and e from the public key to big-endian binary data, concatenate the data and then hash that data with the given hash function.
Portions of the OpenSSH source code follows. The comments were added to clarify what is happening.
// from key_fingerprint_raw() in key.c
switch (k->type) {
case KEY_RSA1:
// figure out how long n and e will be in binary form
nlen = BN_num_bytes(k->rsa->n);
elen = BN_num_bytes(k->rsa->e);
len = nlen + elen;
// allocate space for n and e and copy the binary data into blob
blob = xmalloc(len);
BN_bn2bin(k->rsa->n, blob);
BN_bn2bin(k->rsa->e, blob + nlen);
...
// pick a digest to use
switch (dgst_type) {
case SSH_FP_MD5:
md = EVP_md5();
break;
case SSH_FP_SHA1:
md = EVP_sha1();
break;
...
// hash the data in blob (n and e)
EVP_DigestInit(&ctx, md);
EVP_DigestUpdate(&ctx, blob, len);
EVP_DigestFinal(&ctx, retval, dgst_raw_length);
From the BN_bn2bin manual page:
BN_bn2bin(a, to) converts the absolute value of a into big-endian form and stores it at to. to must point to BN_num_bytes(a) bytes of memory.