Which parts of a RSA private key is secret? - encryption

This is a RSA private key :
<BitStrength>4944</BitStrength>
<RSAKeyValue>
<Modulus>vqZ07gIBoLEzJZHhNYj3WSt9F5iw/Klr/hb22Q8YT5NivYS8UpuzteNHpE7u0pk4Izcto4fqtqPHFpXxzhpswtCwOO7czabK/8B+im6T6aRHSSbZXB59NPxj883BS04F1/zziwPj84Ez+/t1ckrK8O/Gbo8DOr4UPQ3CDoDw4gAQpNe4H48zfGV42WIOQjm00DHOhgpFpZaYapXjDz3KfbdY+p4y1R0Yt4eNViRmvQ2jBPIeXVZACC3Ef3J0TCTWne+1Y4gCfMl0z+4hkE1XZpPiDxt2BR46GYU+NwsrI82pIJ6Bigj51jYpgPE4uQBmjYylY/HTJw4b6N45MuljWFuaxOrDHaHdskhSGUS+fAzp5KXh1xsRdzXysv6uliPU3BmgNsM0Av5Gm4EnVoeqjeC/0G3dLoIJi//IqBCNGOfV8sSo/Y6JNGZoAlE6KT101Q89ClrJyHVoZCbU3qVg9F6tPCorn9+UH9rEKQbABpMMjBM3H2MFuiUlvDWlatP+VH1WugKInlP3b20cINGs+Z5obUYcnAiZ8Dj5WN+OVOZH2nqG3X/Hl+V/87kAVhl1lb1gkDzl53aJ+CgmKJ8GRNdxhtV0xmfewrGxhVdWR3qszY05O1GH914tD0viDXgGDIq6ZyHm78XKQQ6eztdfxT/pNi4Dmtd49vyjSjseEa8uMn/KjvePIBJ02pweSo7tkROptAENE+MWSANdH89NU06tOC+bQ57TaVD2AKvlo8nZudshMrBMXRsUYTsy0kRnFvjPw4U2EUz3rfNLabela1OS1gR8QvPaFBf+mxxJgk002xPgSAdhVRiv</Modulus>
<Exponent>AQAB</Exponent>
<P>8RUZbaB91ve478Jam2QjOWooTrvtaOzoe6hygPA8E6GlEqwryGg2180lUUoM+RdFTgmKvxaLyV7Xg4RZHD0vWYmE4VT/ChulT52qn8IPgIV1O+F67EVh4ovVCx/vXEiDCLpzWRgyMr8VazsM71xmLi8N5+3esFNcdoFk7a+7odVC5xIAK8N/BiXu+PVYeai4begJTvXtK1bFFr7TQCmC6JUp84/dFCoNIyMHjVFYuz2Td8D3quxjPRaj+fnjYtce92JD0v5rkfmYTSFt2EbZKkdMJpS7MeDmFErOUDSYVOdu7CbmlVbXcD6QbSC2RbX/fbyTWwyAti3JSJ+WzUbrnp9olXEcldMt7Z8okT2Y9apxmKNYibq0XN+JPhdBlk1EffhRiCGHfFAsNME85dvRI0naJMxD</P>
<Q>ynJ6nUraqvWP178eFFbrY//r274r59ckV/4/TFd/vlxPjLR4XpRgM16o/rrIyjDqko5MCm4f0LYZoNfe/6/Xz1WsbfuFCcp+SdFrVFDjE4rzszys25/fum4TcsSbmsQflNY108QD0Mf+6xBsuVlWh8WWXKim0aplVF6tEiz3bMEWWjTM5Wuv65hEO9V6q+BNJ+j3VqZdVBPKKqnyxxK84zFXec8JqGqYo2qxFEahunagv0hm5sCLerv3GcBAy719q43eecwHfIEgNuAFoMLr4R/IFMLPy31CQHMalFRazfu4CZoIwDkDVZHfACHDoLR+91LbMG/UZhRnv0YZ9+fFajINxTPkgIvLwaf624yZ2DOF8h+Aor5evHZ00/iD6AP0kogjd0JlXTvVVL2R8VeGowfkHnEl</Q>
<DP>oTHmarKg8Zd5hHaDdtsh4kXk5aAqQboGSIh851G6GbY/VZjhPYLRCMIWbaABxJuWr3MZ3mMI3IAZwcpAeu0+N7QHsVLPpMaPZgiaCXAMRXb2yC8frdNGe9/bdzDHLwEc/D0O20eeaOfzPluhbnptp/u2ZJlcCLH0ZRhnj7Ws06xwq2gRzTFOQaIjgzspCU+S4YoAj1dIWW4PIgI95ezbpv/1qPFMdSsY1aGabxcxKSEm9S+Fajfcsv/sbDx1maUVA3wktXOAIX6uIwRzGeVlVyuM808HS3aA4JiUEnTYVgzY0fXAv6HtMxPiJdV1im8CgeQQ8xQNC8LZj0GF54PAD7Oujh2va05kqzl8OoDhQYHRqqmtjYnVBzQ/49BQ/lpzrXbXrRoeKTTCGhQKz/aGg/3hajFZ</DP>
<DQ>TOlFD/DaNkzoguyGvu9uqiUWM/uBrqiblBpxbc1oKKflSO1fNX9lNN7nkS7hDX+b/mW1GdlQmPg1sFeSzsy9TnWb9oSxvFCDvgOjpPq96jTF9Pg+K4oHc0pSdS2geCG+Zcsj0/oKAQ2aGS+6PohkSVyVjUo9ZjY4HN+DHP6cWWLZ3RdmKFrLENReR+UIn7etWFY3cWHu3vxNt/us0liaDi42r34qiyNELgFgmPVkh/R9iW42OcA4vT4f2Fajx0OMNNrHBLqwtWpRFMfzG2oyNureFpUUYJiLzPRtyqBphwv0lSFB5dVDIQU0FVa+fZVVDx0ZTMOPi+CAsbguMXKKG5g8hwj57KQvmrj4ouQ9plecsamqMynjz/Go3MbzRfgKuIikALDm1Y7fszv58BhyfAmJbs9J</DQ>
<InverseQ>3awPjKSwbmVsn+Ip7nwwSRgJHJhHBqr/KmT7NBv9cOAFXEaz9v7VmhSLU3GZcfHi9J0gTa/2POCd5X3IT5bEtf42jDgfP39vGDqc8liWOZG2Ha7Y/TteIO9REAIy7tTPdWWG0TyBVQah4eC0A9KS9GDR1cLL0wdky38ppNwZT3V1kzgBoow1Agea44rM+tgUIZtrPxtHHBNFgX2Mkbn3CZKg1Qpe98GjIGEkZhwMM3RfYo0uW732t908gDNBaMY5S5+ixr3XZfph9wJZiq1JUwMhMPa8gGTLiRNm6rDlNimgaAv3iBnGCZhSdX11bbj5qQrM17wDqyOyk44ywt1T9SW9K6Tode57pUoxVB9XkOLHCnx6of371xx5bhZ4l9NIbdLldfj1CI4bSOMqN/r7UZ96upoJ</InverseQ>
<D>VieCz8u4UJXDN0clLrwmivVMIk2uLX+ifcCC7LQVmGBSTrKdJ/eUzq1Wwrmo0yLKa5+T0EKrnr2ESoCYNTtbyu3jtNa8kXK+abTjekteLEdAr54Ou8JLcpZb1OE2aIFpwqFcrYWkjXXluAl6mZuS+i5gzbVzECi1nKGLAGLkeDzvSI7zdc+QxLZWVmYpa2QIgc0ANzKNJrdXSVNSuKCD0Sv52ceD0SrE8KshA7yPcP+om6OOdT900D1efvmJ9J7xHY4lukTMWvfvAcfrAvrwdDp//bO7MbTnLIE6DEXPyO43b7Yxc996h4MSXmKj73Zu4aidVP0DHrMRibpivs8ZReSfnD06zzlGpjpoX2Lhcc2kJN+Rn1NsISMP+jN9Ufv/RTePXy/3YSLnZX6H+GJ2gIcAJ4B9mwfz8dD6nUFyrhZELvc3/Bp9iW5wYWwbAIKQwAM4MfBBo77ur3VXWymlSwAOj2IQEfCpb0qY7n/3reJ5PfUD17LbWyuboiPL1oRzPp7VgxBXoSYAIQUTimEHOaJUogh3SLeK5b4Vx4ukFZp/c54qfJQz8oHOS3cCXIgiqKhPwDczeCY6h2Ya0YHn32jUacPQu3RyC1KQq+zEQ8nzL8uH7RA2dEYX0Wlco+9d7OamNsQL78+2GhtbKAvPlymMUFLSZVT1pRPpGBdpzQylRQpAk6PG5XZSGNjXPa6nHhHRTuLkCtoEH6xzS5gRTtRUnK8mxXGnc1eTHaVnKMuCdo82YLWCoLobHclHSLiKy20lIR3i84mXH4vLxwdaSMyLDwbDZxkepKx7Ga3J2HXtQ/NDvNoIRxmB</D>
</RSAKeyValue>
It contains couple of elements (Modules, Exponent, P, E, DP, DQ, InverseQ, D)
I read somewhere that the main element of a RSA private key is D.
But I want to know which parts of these elements should be secret and which parts can be publicly shared ? (Means there's no security problem if it be shared)
Thanks

From Wikipedia:
The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d.
This means that that you are correct. D is the most important part, but because 'd' can be found from other information (p,DP,DQ, InverseQ) they too should also be kept secret. The modulus and exponent form the public key.
source: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

Related

RSA Decrypt with some letters of private key unknown

I have (e, n) = (1d35,c4b361851de35f080d3ca7352cbf372d) and ciphertext = a02d51d0e87efe1de
fc19f3ee899c31d, but my private key has 5 letters unknown like this 53a0a95b089cf23adb5
cc73f07XXXXX(X represents unknown).How can I test through all valid and possible private keys to find meaningful plaintext? Thanks for your help.
I have tried using 5 for-loop to generate all private keys, but having errors because it is not a valid private key. I'm not sure about the reason.

Can Anyone Explain what keys are in dict of jwk when generating key

Can anyone help regarding this??
I generated a key in python using jwk using below command and stored in a variable key
key = jwk.JWK.generate(kty='RSA', size=512)
and when i used key.export() it returned the below dict
{'d': 'Z1apo6KRMoS0xyqqTu7lEwZ7f_AON_tve42nSUkwXypMF1rDNj_xgIn9J5I4TvAisUaRYq82uZfYf76eMgj8uQ',
'dp': '4k-hSfYmT8H2zdHVFVQpBD-_w5G9ASSADgKn3F08AAs',
'dq': 'E4fXlCY6oT3yPTnOb3LvLxMtKDPmwoI-FLYbNP2L0-k',
'e': 'AQAB',
'kty': 'RSA',
'n': 'wuALgiButVPQy8bCnSkvU-QlBqYB5pk6rfwlcTr-csc8DOvPzekHJYWPjbP_ptAxSW3r5Bnpac1MDgMQKFjOtw',
'p': '8ZI61ugJ3WblKvY-JfkyWXUcdoGAWQB8B9VcfWRvLuM',
'q': 'zoPN8ItkA_0rf_XobRkjhYIdtoXyOLXCqYSU0i8etR0',
'qi': 'JhXuF6EDTrrPysGzsVhco4hpVsSHCXgS7UGZUISc2Ug'}
can anyone explain what are the keys in this dict like d, dp, dq, e, n, p, q, qi
You generated a JWK (JSON Web Key), a special representation of a key. In your case it's an RSA Key which contains the parameters for the private and the public key.
Please refer to the RFC7517 for the general keys. e.g.
"kty" (Key Type) Parameter
and
RFC7518 for the algorithm specific part.
n and e are the modulus and exponent of the public key, all others are used for the private key. Section 6.3 of the RFC7518 lists all the specific entries of the RSA key:
"n" (Modulus) Parameter
"e" (Exponent) Parameter
"d" (Private Exponent) Parameter
"p" (First Prime Factor) Parameter
"q" (Second Prime Factor) Parameter
"dp" (First Factor CRT Exponent) Parameter
"dq" (Second Factor CRT Exponent) Parameter
"qi" (First CRT Coefficient) Parameter

How does bcrypt "know" whether a given hash is associated with a given password?

Given a password P and hash H, the function bcrypt.compare(P, H) tells you whether or not H is a bcrypt hash of P.
Question: How does bcrypt.compare do the above? It's mysterious to me since P may be associated with many different hashes, and bcrypt itself doesn't seem to have any "memory" of the hashes it creates for P.
(Bonus question: Am I right to assume that the above implies that each bcrypt hash is associated with exactly one password? Or am I wrong -- may a hash be associated with many passwords?)
Hashing:
string BCryptHashPassword(password)
{
Byte[] salt = GenerateSomeSalt();
return DoTheHash(password, salt);
}
Verifying:
Boolean BCryptVerifyPassword(password, expectedHash)
{
Byte[] salt = ExtractSaltFromExpectedHash(expectedHash);
String actualHash = DoTheHash(password, salt);
return (actualHash == expectedHash);
}
It hashes the password again with the original salt, and compares them.
}
BCrypt does not only save the hash in H it also saves among other things the salt used to create the hash (here a full explanation).
Match takes the raw password and the expected hash to match a password, so it simply extracts the salt from the expected hash and reapplies it to the raw password.

What kind of hash encryption is this?

Im trying to find out what kind of hash encryption this is in javascipt:
function L(j) {
var h = a.pbkey,
g = a.rndnb;
if (typeof f != "undefined") {
var e = f.PBK(h),
d = f.STBUNC(j),
i = f.STBA(g),
c = f.ENC(d, e, i),
b = f.BAT64(c);
return b
} else return ""
}
It hash a phonenumber.Ex: +79645531974
pbkey:'e=010001;m=d06889ab9ea3c9ce9d2e92559d6b2f043ef873f0cc9f858745bc6784d1d9a98f8d354e061d25fad9c3a741c57626d0d65de01eb03584a5af1f579b9f9834a60b628756ad636ec1d3129e87e0c7274670d9ca615f12fe3424e9da362f7f8cce8dfe61d79f5ec68dffe1f3ddcf5e20e1bf07349ee6c747a59b09d6420d131899f93dfaeacd76d6a684cda8ac99e7f87e17507235a2b59b84f56d8a3d4ecdd8259b3c7d892758d69a48930b591e66cc6d88d20a3de9360be30c8a94084a2753c92e0cfd1c94868c90109cd176855bba96cd3e73f34442ddfd256da7f1d1e48fbf265ad2f2caeebe4990ca5638b90b6c3fafa8c015a09947e3f03defc51e231a2f2d'
rndnb:'7fc1cdfea47d0057bbb33176ce73a376f9319d4e221d84807d74ff2f859b510b9fd132e577ed207d96b1d11e57500bff93efe97842248bcbe39527592797b7e3a821110ae61c3da67c2773bcb634c53357fb230ef95297d20c37d256aa8bd75bea315f2d
Result: 4LW/+zyiBBgDExOLPLafO9T/GG3guycSMK3uz16qFcXWgvo1KAF8VrbGrxAE91Mvk6qUDkX8c9ha7urDB41XDAhciBbj2VzE48WXjB/A6gI6n7qcTwkNTPT0Qly1EFRtTF44xTbPEld/OviYhD2OolumbtL42wtnyw1oh4/2v2SyAqARdGJizRhd1UFpWW+OUIcF3eyhKS1R+TDorsOoM/bJQzR6CTSyLysfPJL8ldjG0Ujevac7dT+WvaXFmP3qlsReMP/FSLjs7xixCAA/VrxIRUragoIOf2cptilop5zJNY26DO/iEhUUU7n8ANayrqthplS3v624XR24iM22bg==
The code suggests that it uses 2048 bit RSA encryption (with public exponent 65537) and a randomized padding scheme.
But with only this code it is impossible to solve the whole thing. We need to know what the PBK(), STBUNC(), STBA(), ENC(), BAT64() functions do, otherwise we cannot definitively say anything about what is done here.
However, the input parameters give some suggestions. The pbkey parameter suggests that the encryption is "public-key" based and uses an exponent e = 65537 (a commonly used RSA public exponent). Then it's an easy guess that m stands for "modulus". We could be dealing with either RSA or some logarithm-group crypto (e.g. ElGamal). To get more information we could check if this modulus m is a prime number, turns out it's not. So logarithm-group crypto is off the table and so we are probably dealing with RSA. Notice how the modulus and the output are each 2048 bits, so this checks out.
But we're not done. We also have the rndnb value, which probably means "random number". This suggests that the encryption is not textbook RSA (thank god), but uses some kind of randomization. Possible it uses some kind of standard padding scheme like OAEP.
To get more details we would really need to get the bodies of the functions that are use.

Standard way to hash an RSA key?

What's the algorithm for creating hash (sha-1 or MD5) of an RSA public key? Is there a standard way to do this? Hash just the modulus, string addition of both and then take a hash? Is SHA-1 or MD5 usually used?
I want to use it to ensure that I got the right key (have the sender send a hash, and I calculate it myself), and log said hash so I always know which exact key I used when I encrypt the payload.
Based on the OpenSSH source code, the way that a fingerprint is generated for RSA keys is to convert n and e from the public key to big-endian binary data, concatenate the data and then hash that data with the given hash function.
Portions of the OpenSSH source code follows. The comments were added to clarify what is happening.
// from key_fingerprint_raw() in key.c
switch (k->type) {
case KEY_RSA1:
// figure out how long n and e will be in binary form
nlen = BN_num_bytes(k->rsa->n);
elen = BN_num_bytes(k->rsa->e);
len = nlen + elen;
// allocate space for n and e and copy the binary data into blob
blob = xmalloc(len);
BN_bn2bin(k->rsa->n, blob);
BN_bn2bin(k->rsa->e, blob + nlen);
...
// pick a digest to use
switch (dgst_type) {
case SSH_FP_MD5:
md = EVP_md5();
break;
case SSH_FP_SHA1:
md = EVP_sha1();
break;
...
// hash the data in blob (n and e)
EVP_DigestInit(&ctx, md);
EVP_DigestUpdate(&ctx, blob, len);
EVP_DigestFinal(&ctx, retval, dgst_raw_length);
From the BN_bn2bin manual page:
BN_bn2bin(a, to) converts the absolute value of a into big-endian form and stores it at to. to must point to BN_num_bytes(a) bytes of memory.

Resources