Join Log in
Score:-1
avatar Crypto

How to decrypt a file using RSA and just a public.pem file?

in flag
pee2pee

I have an encoded file and a public.pem file. Is it possible to decode the file using the public.pem file or do I have to start looking at private keys?

I tried https://github.com/Ganapati/RsaCtfTool with no luck. The public key (pem) is as below

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHDiqVkO1umD2/Tm20Wt
LpyBXGoIk4Pczeqjwz7/kwYLnQI7VlAzgjC9jD1dX80Z+kLOr5wHIDdfNK55nC/q
ux/g7xVt0YKMl5yzObHUgX0YUi//8k2a5YfidxWoX77B7GfuBKx0efEsM7p+7cYT
z7OVKFdRIvKATMGsYlWOPT9b97OtTQjtZKyhAtL1PdbfqKCCxRzqvj1OthtHbB+b
4AJG4MI2IHJQ0LHyj83md3iIMQSMZxwe8JsWQs3jW7W1xRDWjDsKn1799kPTTgG3
GtVrO6J38HN5t5dk8ZNa7duh9phRyEBQbo2lH/tYqUBKeJ3v/dA0BhQVMdZe5m8R
uQIDAQAB
-----END PUBLIC KEY-----
288
0 + 0
rsa
kelalaka avatar
in flag
kelalaka
What is the origin of this Q?
0
Reply
Score:3
MostlyResults avatar Crypto
fr flag
MostlyResults

Adding on to the above, the modulus and public exponent can be extracted from the public.pem. The public exponent e is 10001.

It turns out that this is a constructed modulus which is very weak and was not generated using recommended security guidelines.

The 2048 bit, 617 decimal digit modulus N=pq can be factored immediately because it is a square. That's right p=q and N = p^2.

phi(N) = p(p-1)

The method to find d the private exponent when e, p and q are known has been shown many times on this forum. Then the file can be decrypted.

0 + 0
dave_thompson_085 avatar
cn flag
dave_thompson_085
Good catch on the square, but phi(p^2) is NOT (p-1)x(p-1). See https://en.wikipedia.org/wiki/Euler%27s_totient_function#Value_of_phi_for_a_prime_power_argument .
1
Reply
MostlyResults avatar
fr flag
MostlyResults
Corrected. Thanks. The error could have led someone down a time consuming path.
0
Reply
in flag
pee2pee
Any advice on a good question/answer that would highlight how to find the numbers @MostlyResults
0
Reply
MostlyResults avatar
fr flag
MostlyResults
If your ctf question insists that a file or text can be decrypted from the public.pem even though p and q are the same, look at the answer to the second question in this link: https://crypto.stackexchange.com/questions/52240/why-does-this-rsa-example-break-when-1-setting-p-or-q-as-non-prime-or-2-sett
0
Reply
Score:2
avatar Crypto
ar flag
Ilmari Karonen

Is it possible to decode the file using the public.pem file

No.

or do I have to start looking at private keys?

Yes.

RSA is an asymmetric encryption algorithm. That means that its keys come in pairs, containing a public key and a private key, and that data encrypted with the public key can only be decrypted with the private key.

0 + 0
fgrieu avatar
ng flag
fgrieu
[Dr. Spock](https://en.wikipedia.org/wiki/Spock) would qualify _"data encrypted with the public key can only be decrypted with the private key"_ as technically incorrect. Poorly thought RSA padding (as common in CTFs and introductions to RSA, including textbook RSA) may allow decryption without private key. So can access to a decryption device in Bleichenbacher's attack on RSAES-PKCS1-v1_5. And in all RSA encryption modes of PKCS#1, any of multiple private keys allow decryption.
2
Reply
in flag
pee2pee
Thanks - it as indeed for a CTF and was possible
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.