Re: Locating private keys in RAM?

[Mike Lisanke]

Douglas,

Many applications using RSA make use of a private key in its ASN.1 BER form. In this format, the surrounding encoding of a private key becomes very easily recognizable.

The follow is an excerpt from RFC3447 (PKCS#1)

-- Representation of RSA private key with information for the CRT
-- algorithm.
--
RSAPrivateKey ::= SEQUENCE {
    version           Version,
    modulus           INTEGER,  -- n
    publicExponent    INTEGER,  -- e
    privateExponent   INTEGER,  -- d
    prime1            INTEGER,  -- p
    prime2            INTEGER,  -- q
    exponent1         INTEGER,  -- d mod (p-1)
    exponent2         INTEGER,  -- d mod (q-1)
    coefficient       INTEGER,  -- (inverse of q) mod p
    otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

Version ::= INTEGER { two-prime(0), multi(1) }
    (CONSTRAINED BY {
        -- version must be multi if otherPrimeInfos present --
    })

OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo

OtherPrimeInfo ::= SEQUENCE {
    prime             INTEGER,  -- ri
    exponent          INTEGER,  -- di
    coefficient       INTEGER   -- ti
}

In ASN.1 BER each integer, a sequence, a version, etc. all have well defined form of octet (bytes) which represent both the type of object, its size, as well as its value.

On 9/4/06, Douglas F. Calvert <[EMAIL PROTECTED]> wrote:
> Hello,
>  I remember seeing a paper about identifying private keys in RAM. I
> thought it was by Rivest but I can not locate it for the life of me.
> Does anyone remember reading something like this? The basic operation
> was to identify areas in RAM that had certain characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...
>
>
> --
> --dfc
> [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>

Best regards,
--
Mike