Factoring a 2048-Bit Certificate in the Wild
Unlike my previous blog, which dealt with factoring a 4096 bit malformed certificate, this blog is about the factoring of an active valid 2048 bit certificate. Obviously I won't simply divulge the factors, but instead I'll sign a message which can be verified with their public key. And yes, we will work with them to not use a broken certificate.
So RSA isn’t broken yet, but securing your data is not just about picking strong primes.
# Create the message.
> openssl enc -base64 -d -out crypt.bin << EOF
# Get the certificate.
> openssl s_client -connect 22.214.171.124:443 < /dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > the_cert
# Encrypt the message to see what the holder of the private key wrote.
> openssl rsautl -encrypt -in crypt.bin -inkey the_cert -certin –raw