Factoring a 2048-Bit Certificate in the Wild
Unlike my previous blog, which dealt with factoring a 4096 bit malformed certificate, this blog is about the factoring of an active valid 2048 bit certificate. Obviously I won't simply divulge the factors, but instead I'll sign a message which can be verified with their public key. And yes, we will work with them to not use a broken certificate.
So RSA isn’t broken yet, but securing your data is not just about picking strong primes.
# Create the message.
> openssl enc -base64 -d -out crypt.bin << EOF
nEztslf5cbCjjh2/b+ctRt5VMb7Pbb0T45rbgPZHIDN9FkH3pjkMOnJfzUE+OP0X
IzSbcGO0828NexAhs84lgfyT/b/MRTAOiIbXaqhIWZzHPmWTL+VOL9FH7ODiJL4x
UrprGXnhd5v7EVF+HxwvahNW+udwPM1+h8CI3tjUR3VufiDd7HjE8hDRy+coaYLu
hdNLkDZKYIPPEzHQ9FtYMjQMu0s5CKADnbIoHuz0k7ZBf45XevmLh7iYkVnJSi/D
Tv7SNUWFP8zzBlOebYep8QntzcEsBrjZ/nr5gnvu9Kf10Lumwc2oqEdt2fIzLi82
P7IuhQLg8Pi19wiMB0gTCg==
EOF
# Get the certificate.
> openssl s_client -connect 61.156.25.66:443 < /dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > the_cert
# Encrypt the message to see what the holder of the private key wrote.
> openssl rsautl -encrypt -in crypt.bin -inkey the_cert -certin –raw
Additional Resources:
Application and Threat Intelligence (ATI) Subscription
Blog: How to Factor a 4096-bit Certificate