-1

I have an encoded file and a public.pem file. Is it possible to decode the file using the public.pem file or do I have to start looking at private keys?

I tried https://github.com/Ganapati/RsaCtfTool with no luck. The public key (pem) is as below

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHDiqVkO1umD2/Tm20Wt
LpyBXGoIk4Pczeqjwz7/kwYLnQI7VlAzgjC9jD1dX80Z+kLOr5wHIDdfNK55nC/q
ux/g7xVt0YKMl5yzObHUgX0YUi//8k2a5YfidxWoX77B7GfuBKx0efEsM7p+7cYT
z7OVKFdRIvKATMGsYlWOPT9b97OtTQjtZKyhAtL1PdbfqKCCxRzqvj1OthtHbB+b
4AJG4MI2IHJQ0LHyj83md3iIMQSMZxwe8JsWQs3jW7W1xRDWjDsKn1799kPTTgG3
GtVrO6J38HN5t5dk8ZNa7duh9phRyEBQbo2lH/tYqUBKeJ3v/dA0BhQVMdZe5m8R
uQIDAQAB
-----END PUBLIC KEY-----
pee2pee
  • 117
  • 8

2 Answers2

3

Adding on to the above, the modulus and public exponent can be extracted from the public.pem. The public exponent e is 10001.

It turns out that this is a constructed modulus which is very weak and was not generated using recommended security guidelines.

The 2048 bit, 617 decimal digit modulus N=pq can be factored immediately because it is a square. That's right p=q and N = p^2.

phi(N) = p(p-1)

The method to find d the private exponent when e, p and q are known has been shown many times on this forum. Then the file can be decrypted.

MostlyResults
  • 82
  • 3
  • 1
    Good catch on the square, but phi(p^2) is NOT (p-1)x(p-1). See https://en.wikipedia.org/wiki/Euler%27s_totient_function#Value_of_phi_for_a_prime_power_argument . – dave_thompson_085 Nov 28 '21 at 05:02
  • Corrected. Thanks. The error could have led someone down a time consuming path. – MostlyResults Nov 28 '21 at 15:15
  • Any advice on a good question/answer that would highlight how to find the numbers @MostlyResults – pee2pee Dec 03 '21 at 21:23
  • If your ctf question insists that a file or text can be decrypted from the public.pem even though p and q are the same, look at the answer to the second question in this link: https://crypto.stackexchange.com/questions/52240/why-does-this-rsa-example-break-when-1-setting-p-or-q-as-non-prime-or-2-sett – MostlyResults Dec 05 '21 at 14:30
2

Is it possible to decode the file using the public.pem file

No.

or do I have to start looking at private keys?

Yes.

RSA is an asymmetric encryption algorithm. That means that its keys come in pairs, containing a public key and a private key, and that data encrypted with the public key can only be decrypted with the private key.

Ilmari Karonen
  • 46,120
  • 5
  • 105
  • 181
  • 2
    Dr. Spock would qualify "data encrypted with the public key can only be decrypted with the private key" as technically incorrect. Poorly thought RSA padding (as common in CTFs and introductions to RSA, including textbook RSA) may allow decryption without private key. So can access to a decryption device in Bleichenbacher's attack on RSAES-PKCS1-v1_5. And in all RSA encryption modes of PKCS#1, any of multiple private keys allow decryption. – fgrieu Nov 27 '21 at 10:46
  • Thanks - it as indeed for a CTF and was possible – pee2pee Nov 29 '21 at 11:07