Hello,
Recently on Polish conference about network security one person
from the audience has showed me something which I don't quite
understand. The following is commented record of my shell session
with a certificate generated with MS Outlook 97 certificate manager,
the same results were obtained with MS Exchange Key Manager.
I have received the certificate with email and saved it to file
kurs10.cer, which is PEM certificate. First I dump its contents:
bash-2.03$ /usr/bin/openssl x509 -in kurs10.cer -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 932714537 (0x37981829)
Signature Algorithm: md5WithRSA
Issuer: C=PL, O=oi-wbd
Validity
Not Before: Jun 13 09:54:03 2000
Not After : Dec 14 09:54:03 2001
Subject: CN=kurs10, CN=recipients, OU=oi-wbd, O=oi-wbd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (510 bit)
Modulus (510 bit):
20:55:5f:0b:f3:5c:7a:c1:96:bd:36:72:53:c0:ed:
a8:b5:24:af:34:d9:c0:66:1f:56:dd:ee:99:32:e1:
6a:63:cb:10:43:99:7b:20:1c:08:c3:9d:09:4f:82:
df:01:76:c4:ad:7b:90:22:de:1f:66:3e:78:5e:1c:
01:e4:eb:3d
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSA
85:30:cd:a1:30:19:95:42:f7:c7:1d:f8:1b:bf:0e:c6:2f:f5:
80:05:ed:04:07:3c:34:96:c8:04:60:3a:a3:33:90:65:c9:50:
27:c1:4f:73:16:63:c8:ab:e6:91:71:4a:7a:09:88:e0:ad:3a:
2a:84:f9:43:0f:bf:ef:2d:46:1c
Why are there only 510 bits of the key?
Another key I've tried, generated with MS Exchange KM was 511 bits long.
Anyway, I then extract the modulus:
bash-2.03$ /usr/bin/openssl x509 -inform PEM -in kurs10.cer -modulus -noout
Modulus=20555F0BF35C7AC196BD367253C0EDA8B524AF34D9C0661F56DDEE9932E16A63CB104399
7B201C08C39D094F82DF0176C4AD7B9022DE1F663E785E1C01E4EB3D
And try to factorize it with `factorize' program from GMP-3.0.1 library:
bash-2.03$ ./factorize
0x20555F0BF35C7AC196BD367253C0EDA8B524AF34D9C0661F56DDEE9932E16A63CB1043997B201C08C39D094F82DF0176C4AD7B9022DE1F663E785E1C01E4EB3D
3 5 57241 210729581 12383993^C
After finding a few first components (3 5 ...) the program is still
working and I've stopped it. Shouldn't the modulus consist only of
two primes?
Could anyone explain what's wrong either with my methodology or with
the certificate? Two additional details: that were only MS Exchange
and Outlook generated keys and that were only encryption keys that
I was able to factorize this way. The signing key from MS OE, and
keys generated with OpenSSL behaved as they IMHO should, i.e. I was
unable to easily factorize them.
The problem was reported to me by Mr. Jan Gierczak <[EMAIL PROTECTED]>
who actually performed the analysis and passed me the original keys
for verification. The result is presented above.
--
Paweł Krawczyk <http://ceti.pl/~kravietz/>
