RSA总结

最新推荐文章于 2023-06-26 20:50:38 发布

咸鱼壹号

最新推荐文章于 2023-06-26 20:50:38 发布

阅读量2.8k

点赞数 4

分类专栏：密码学

本文链接：https://blog.csdn.net/ao52426055/article/details/112102989

版权

常用工具

分解大素数

factordb http://www.factordb.com
yafu（p,qp,q相差过大或过小yafu可分解成功）
sage divisors(n)（小素数）

Openssl

解析加密密钥：

openssl rsa -pubin -text -modulus -in pub.key

生成解密密钥：

python rsatool.py -f PEM -o key.key -p 1 -q 1 -e 1

openssl rsautl -decrypt -inkey key.pem -in flag.enc -out flag

openssl rsautl -decrypt -oaep -inkey key.pem -in flag.enc -out flag （OAEP方式）

脚本生成解密密钥：

# coding=utf-8
import math
import sys
from Crypto.PublicKey import RSA
 
keypair = RSA.generate(1024)
keypair.p =
keypair.q =
keypair.e =
keypair.n = keypair.p * keypair.q
Qn = long((keypair.p - 1) * (keypair.q - 1))
 
i = 1
while (True):
    x = (Qn * i) + 1
    if (x % keypair.e == 0):
        keypair.d = x / keypair.e
        break
    i += 1
private = open('private.pem', 'w')
private.write(keypair.exportKey())
private.close()

RSA套路

给p,q,e,c

import gmpy2 as gp
import binascii
p =  
q =  
e =  
c =  
n = p*q
phi = (p-1)*(q-1)
d = gp.invert(e,phi)
m = pow(c,d,n)
print(m)
print(bytes.fromhex(hex(m)[2:]))

给n,e,dp,c

在这里插入图片描述

import gmpy2 as gp

e = 
n = 
dp = 
c = 

for x in range(1, e):
	if(e*dp%x==1):
		p=(e*dp-1)//x+1
		if(n%p!=0):
			continue
		q=n//p
		phin=(p-1)*(q-1)
		d=gp.invert(e, phin)
		m=gp.powmod(c, d, n)
		if(len(hex(m)[2:])%2==1):
			continue
		print('--------------')
		print(m)
		print(hex(m)[2:])
		print(bytes.fromhex(hex(m)[2:]))

变种给 p,e,dp,c,b其中 n=p**b*q

在这里插入图片描述

from Crypto.Util.number import *
import gmpy2
p = 
dp = 
c = 
b = 
e = 
mp1 = pow(c, dp, p)
mp = pow(c, dp - 1, p)
for i in range(1, b - 2):
	x = pow(c - pow(mp1, e), 1, p**(i + 1))
	y = pow(x * mp * (gmpy2.invert(e, p)), 1, p**(i + 1))
	mp1 = mp1 + y
print(long_to_bytes(mp1))

变种给n,e,dp0,c,k 其中dp0为dp高位即dp0 = dp>>k

在这里插入图片描述

#Sage
dp0 = 
e = 
n = 

F.<x> = PolynomialRing(Zmod(n))
d = inverse_mod(e, n)
for k in range(1, e):
	f = (secret << 200) + x + (k - 1) * d
	x0 = f.small_roots(X=2 ** (200 + 1), beta=0.44, epsilon=1/32)
	if len(x0) != 0:
		dp = x0[0] + (secret << 200)
		for i in range(2, e):
			p = (e * Integer(dp) - 1 + i) // i
			if n % p == 0:
				break
		if p < 0:
			continue
		else:
			print('k = ',k)
			print('p = ',p)
			print('dp = ',dp)
			break

给p,q,dp,dq,c

在这里插入图片描述

import gmpy2 as gp

p = 
q = 
dp = 
dq = 
c = 

n = p*q
phin = (p-1)*(q-1)
dd = gp.gcd(p-1, q-1)
d=(dp-dq)//dd * gp.invert((q-1)//dd, (p-1)//dd) * (q-1) +dq
print(d)

m = gp.powmod(c, d, n)
print('-------------------')
print(m)
print(hex(m)[2:])
print(bytes.fromhex(hex(m)[2:]))

低解密指数攻击/低私钥指数攻击（e长度较大，d小，Wiener Attack）

在这里插入图片描述
RSAWienerHacker工具：https://github.com/pablocelayes/rsa-wiener-attack

#脚本1（带工具）
#python2
import RSAwienerHacker
n =
e =
d =  RSAwienerHacker.hack_RSA(e,n)
if d:
	print(d)
import hashlib
flag = "flag{" + hashlib.md5(hex(d)).hexdigest() + "}"
print flag

#脚本2
#sage
def rational_to_contfrac(x,y):
    # Converts a rational x/y fraction into a list of partial quotients [a0, ..., an]
    a = x // y
    pquotients = [a]
    while a * y != x:
        x, y = y, x - a * y
        a = x // y
        pquotients.append(a)
    return pquotients

def convergents_from_contfrac(frac):
    # computes the list of convergents using the list of partial quotients
    convs = [];
    for i in range(len(frac)): convs.append(contfrac_to_rational(frac[0 : i]))
    return convs

def contfrac_to_rational (frac):
    # Converts a finite continued fraction [a0, ..., an] to an x/y rational.
    if len(frac) == 0: return (0,1)
    num = frac

最低0.47元/天解锁文章

咸鱼壹号

关注

4
点赞
踩
30

收藏

觉得还不错? 一键收藏
2
评论
RSA总结

常用工具分解大素数factordb http://www.factordb.comyafu（p,qp,q相差过大或过小yafu可分解成功）sage divisors(n)（小素数）Openssl解析加密密钥：openssl rsa -pubin -text -modulus -in pub.key生成解密密钥：python rsatool.py -f PEM -o key.key -p 1 -q 1 -e 1openssl rsautl -decrypt -inkey key.pem
复制链接

扫一扫