Score:-1

How to decrypt a file using RSA and just a public.pem file?

in flag

I have an encoded file and a public.pem file. Is it possible to decode the file using the public.pem file or do I have to start looking at private keys?

I tried https://github.com/Ganapati/RsaCtfTool with no luck. The public key (pem) is as below

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHDiqVkO1umD2/Tm20Wt
LpyBXGoIk4Pczeqjwz7/kwYLnQI7VlAzgjC9jD1dX80Z+kLOr5wHIDdfNK55nC/q
ux/g7xVt0YKMl5yzObHUgX0YUi//8k2a5YfidxWoX77B7GfuBKx0efEsM7p+7cYT
z7OVKFdRIvKATMGsYlWOPT9b97OtTQjtZKyhAtL1PdbfqKCCxRzqvj1OthtHbB+b
4AJG4MI2IHJQ0LHyj83md3iIMQSMZxwe8JsWQs3jW7W1xRDWjDsKn1799kPTTgG3
GtVrO6J38HN5t5dk8ZNa7duh9phRyEBQbo2lH/tYqUBKeJ3v/dA0BhQVMdZe5m8R
uQIDAQAB
-----END PUBLIC KEY-----
kelalaka avatar
in flag
What is the origin of this Q?
Score:3
fr flag

Adding on to the above, the modulus and public exponent can be extracted from the public.pem. The public exponent e is 10001.

It turns out that this is a constructed modulus which is very weak and was not generated using recommended security guidelines.

The 2048 bit, 617 decimal digit modulus N=pq can be factored immediately because it is a square. That's right p=q and N = p^2.

phi(N) = p(p-1)

The method to find d the private exponent when e, p and q are known has been shown many times on this forum. Then the file can be decrypted.

dave_thompson_085 avatar
cn flag
Good catch on the square, but phi(p^2) is NOT (p-1)x(p-1). See https://en.wikipedia.org/wiki/Euler%27s_totient_function#Value_of_phi_for_a_prime_power_argument .
MostlyResults avatar
fr flag
Corrected. Thanks. The error could have led someone down a time consuming path.
in flag
Any advice on a good question/answer that would highlight how to find the numbers @MostlyResults
MostlyResults avatar
fr flag
If your ctf question insists that a file or text can be decrypted from the public.pem even though p and q are the same, look at the answer to the second question in this link: https://crypto.stackexchange.com/questions/52240/why-does-this-rsa-example-break-when-1-setting-p-or-q-as-non-prime-or-2-sett
Score:2
ar flag

Is it possible to decode the file using the public.pem file

No.

or do I have to start looking at private keys?

Yes.

RSA is an asymmetric encryption algorithm. That means that its keys come in pairs, containing a public key and a private key, and that data encrypted with the public key can only be decrypted with the private key.

fgrieu avatar
ng flag
[Dr. Spock](https://en.wikipedia.org/wiki/Spock) would qualify _"data encrypted with the public key can only be decrypted with the private key"_ as technically incorrect. Poorly thought RSA padding (as common in CTFs and introductions to RSA, including textbook RSA) may allow decryption without private key. So can access to a decryption device in Bleichenbacher's attack on RSAES-PKCS1-v1_5. And in all RSA encryption modes of PKCS#1, any of multiple private keys allow decryption.
in flag
Thanks - it as indeed for a CTF and was possible
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.