|
Title: PGP Questions [From hex to pem] Post by: BlackHatCoiner on November 16, 2020, 07:38:33 PM OgNasty's thread (https://bitcointalk.org/index.php?topic=5289839.0) created me some interest about encryption. Since I'm a beginner to PGP and there are many forum experts that have a high knowledge on this topic, I couldn't find a better category to create it.
Both PGP and bitcoin's addresses use elliptic curve cryptography for proving the ownership of public keys without having to reveal their private keys, something really amazing. Although, I see that they don't work the same way. For example, in bitcoin I generate a private ECDSA Key and then with the x and y I get a public key. On gobittest (https://gobittest.appspot.com/Address) I can generate addresses with chosen private keys. On PGP's kleopatra I haven't figured it out if that's possible. The software uses randomness to choose you a private key for your OpenPGP key pair. You'll tell me, why? Can you generate a chosen private key on Bitcoin Core? No, but I can import it. On PGP I don't know a way of importing a private key other than kleopatra. I'm like 89.8% sure that I'm what asking is something dumb. [Title of the thread was changed from "About PGP" to "PGP Questions [From hex to pem]") Title: Re: About PGP Post by: NotATether on November 17, 2020, 10:23:08 AM gpg --import is your friend. You can use it to import public keys and also private keys, both don't necessarily have to be present at the same time.
Code: gpg --import secret.key Or Code: gpg --import publickey.pub I don't use Kleopatra for key management I directly use the gpg program. Regarding your question about generating public keys from private keys, GPG actually creates RSA keys by default - to make ECDSA keys you need to have version 2.1 or greater and pass the --expert --full-gen-key options, then you can select ECC curves. Theoretically it should be possible to derive the public key but no one seemed to have made a utility or library to do that, libgcrypt is too hard for people to understand. I studied it and couldn't find where x and y are generated. Title: Re: About PGP Post by: BlackHatCoiner on November 21, 2020, 07:11:52 PM pass the --expert --full-gen-key options, then you can select ECC curves. I successfully did that, and yes I got my secp256k1 public key, but what I want to achieve is to import a hexadecimal private key and convert it to an RSA secret key. Then from the secret key I can derive the public key block. Your --import command does not refer to hexadecimal numbers. I wonder if it's possible, if not my project is ruined.I know that RSA chooses a random number to generate me my secret key and I believe there is a way to do what I'm saying. Title: Re: About PGP Post by: NotATether on November 21, 2020, 09:06:06 PM pass the --expert --full-gen-key options, then you can select ECC curves. I successfully did that, and yes I got my secp256k1 public key, but what I want to achieve is to import a hexadecimal private key and convert it to an RSA secret key. Then from the secret key I can derive the public key block. Your --import command does not refer to hexadecimal numbers. I wonder if it's possible, if not my project is ruined.I know that RSA chooses a random number to generate me my secret key and I believe there is a way to do what I'm saying. GPG doesn't have a way to do this built-in but if you got a Linux terminal somewhere you can use xxd to convert the hex key into binary and then use openssl command line utility to make an RSA key out of it. Both should be installed by default. There's a great stack overflow question that answers basically what you're asking for. https://stackoverflow.com/q/54401343/12452330 Quote With your hex input file (rsa-key-hex.txt), you can do the following - Convert it to binary (which is actually DER format) - Code: xxd -r -ps rsa-key-hex.txt rsa-key.der Print the DER private key - Code: openssl pkey -in rsa-key.der -inform der -noout -text Convert it to PEM - Code: openssl pkey -in rsa-key.der -inform der -out rsa-key.pem -outform pem Sign some input using the private key - Code: echo "Some Input" | openssl dgst -sha256 -sign rsa-key.pem > signature.dat Extract the public key - Code: openssl pkey -in rsa-key.pem -pubout -out rsa-key-pub.pem Check signature using the public key - Code: echo "Some Input" | openssl dgst -sha256 -verify rsa-key-pub.pem -signature signature.dat Alternatively, check signature using the private key directly - Code: echo "Some Input" | openssl dgst -sha256 -prverify rsa-key.pem -signature signature.dat Title: Re: About PGP Post by: BlackHatCoiner on November 21, 2020, 10:01:17 PM It seems too complicated for me. I tried it on my ubuntu but got several errors. What makes me worrying is that if it is difficult to do it on the command line, imagine how much difficult it'll be to import a library on visual studio and start performing the functions there...
Since I probably won't finish my project, I was thinking of creating mnemonic for pgp. I didn't find anything on the internet so it may not exist. I would use 2 libraries, one for mnemonic and one for gpg. You would generate a seed and then the private key of the 1st derivation path would be your PGP private key. The problem as you saw was that I needed to convert that 64bit private key to base64 secret key pem. Title: Re: About PGP Post by: NotATether on November 21, 2020, 10:26:09 PM It seems too complicated for me. I tried it on my ubuntu but got several errors. What makes me worrying is that if it is difficult to do it on the command line, imagine how much difficult it'll be to import a library on visual studio and start performing the functions there... You only need three commands from the answer I linked above. And to store your private key hex in rsa-key-hex.txt before you begin. Do not put a newline at the end of the file. On WIndows you can run this in a WSL distribution. Code: # This turns the hexadecimal string to a binary string Are you trying to make a Windows program that turns private key hex's to RSA? I found a C++ snippet that mimics the first command running xxd. I made a few modifications to it. Quote from: https://stackoverflow.com/a/18311086/12452330 Code: #include <iostream> As for OpenSSL, the library for it is here (https://www.openssl.org/source/) but as a beginner I wouldn't start with that as the library is harder to use than the program. Since I probably won't finish my project, I was thinking of creating mnemonic for pgp. I didn't find anything on the internet so it may not exist. I would use 2 libraries, one for mnemonic and one for gpg. You would generate a seed and then the private key of the 1st derivation path would be your PGP private key. The problem as you saw was that I needed to convert that 64bit private key to base64 secret key pem. You don't need to convert the private key to pem first. You can decode the mnemonic phrase into the BIP39 seed, then pass the BIP39 seed to the PBKDF2 key stretching function (same as the one bitcoin uses), but with a different key size, in this case the length of your RSA key. There are python modules for these but IDK if C++ libraries for all of these exist. Then you have a private key hex for which you can use the commands above to make an RSA key pair. Title: Re: About PGP Post by: BlackHatCoiner on November 22, 2020, 06:34:41 AM Thank you for your help. I don't use C++ since I don't know it. I only use C#, so if I'm not mistaken even if you found a python/c++ library, it won't help my c# program.
You don't need to convert the private key to pem first. You can decode the mnemonic phrase into the BIP39 seed, then pass the BIP39 seed to the PBKDF2 key stretching function (same as the one bitcoin uses), but with a different key size, in this case the length of your RSA key. There are python modules for these but IDK if C++ libraries for all of these exist. PBKDF2 key or the first key from derivation path, it doesn't have that much difference does it? Because both are random. The only thing that changes is the size. As for my RSA key. Isn't it much longer than a bitcoin master key?Title: Re: About PGP Post by: NotATether on November 22, 2020, 09:43:16 AM You don't need to convert the private key to pem first. You can decode the mnemonic phrase into the BIP39 seed, then pass the BIP39 seed to the PBKDF2 key stretching function (same as the one bitcoin uses), but with a different key size, in this case the length of your RSA key. There are python modules for these but IDK if C++ libraries for all of these exist. PBKDF2 key or the first key from derivation path, it doesn't have that much difference does it? Because both are random. The only thing that changes is the size. As for my RSA key. Isn't it much longer than a bitcoin master key?Well... there is a difference, you can stretch the PBKDF2 key to whatever size you want. Without going into too much detail the seed made by PBKDF2 has to be passed to SHA512-HMAC which expects a 512-bit key. Eventually the derivation process returns a 256-bit child key. You can't change the size without also changing the algorithm for deriving keys. You said it yourself, that RSA keys are much longer than master keys. That's why derived keys are unsuitable as entropy for an RSA key. Title: Re: About PGP Post by: BlackHatCoiner on November 22, 2020, 02:01:31 PM Even if I successfully find a way to convert hexadecimal numbers to secret keys, how exactly will I convert a secret key to public? On bitcoin there's an analytical guide (https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses) of how to turn a private key into an address. On PGP, it doesn't seem that simple. Email address, name etc are required to generate the public key. Am I right?
Is there any simple guides for pgp too? As far as I've seen, no. As for the commands, I get this error: https://i.imgur.com/LYQu3DD.png This is my txt: https://i.imgur.com/ffzbotx.png (1 line) Title: Re: About PGP Post by: NotATether on November 22, 2020, 05:40:22 PM No no, don't run that last command in your terminal, you're only supposed to use these:
Code: # This turns the hexadecimal string to a binary string All that code in my other reply, I just copied and pasted it from the stack overflow answer I linked, it was probably a mistake for me to include it here, because it does other things (that will cause errors) you don't need it to do besides making secret keys. I can make it a bash script if you want and you can save it to a file, if it helps you: https://gist.githubusercontent.com/ZenulAbidin/54b9fe0a4618be855f95f843994086fe/raw/f957cff4da11e0c4d0306cffbeca9bc1ab95ddf2/to_key_pair.sh Even if I successfully find a way to convert hexadecimal numbers to secret keys, how exactly will I convert a secret key to public? On bitcoin there's an analytical guide (https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses) of how to turn a private key into an address. Third command of the script extracts the public key from the generated private key :) On PGP, it doesn't seem that simple. Email address, name etc are required to generate the public key. Am I right? You can use a fake email address and name because PGP doesn't validate this data. You can even make a key called Code: Foo Bar <foo@bar.com> and encrypt and sign messages from it perfectly without an actual email address like that. Is there any simple guides for pgp too? As far as I've seen, no. That is something we can do better at :P and Kleopatra also isn't the user-friendliest PGP software. Seriously it's unbelievable how badly complex GUIs for PGP are. It shouldn't have to be like this. But you asked for guides, so I'd say GPG4Win has an awesome tutorial for how to encrypt and sign messages with illustrations: https://www.gpg4win.org/doc/en/gpg4win-compendium.html. The documentation in GPG4Win make it simpler to use than Kleopatra by itself, but I agree that a little program that just encrypts/decrypts and signs/verifies a message would be the sweet spot (it unfortunately doesn't exist yet). Where did you get that string from? There are not enough characters in that string to make 2048 bits. Title: Re: About PGP Post by: Saint-loup on November 22, 2020, 06:53:54 PM You don't need to convert the private key to pem first. You can decode the mnemonic phrase into the BIP39 seed, then pass the BIP39 seed to the PBKDF2 key stretching function (same as the one bitcoin uses), but with a different key size, in this case the length of your RSA key. There are python modules for these but IDK if C++ libraries for all of these exist. PBKDF2 key or the first key from derivation path, it doesn't have that much difference does it? Because both are random. The only thing that changes is the size. As for my RSA key. Isn't it much longer than a bitcoin master key?Well... there is a difference, you can stretch the PBKDF2 key to whatever size you want. Without going into too much detail the seed made by PBKDF2 has to be passed to SHA512-HMAC which expects a 512-bit key. Eventually the derivation process returns a 256-bit child key. You can't change the size without also changing the algorithm for deriving keys. You said it yourself, that RSA keys are much longer than master keys. That's why derived keys are unsuitable as entropy for an RSA key. Why it wouldn't be ok to just take the 512bit seed he got? https://raw.githubusercontent.com/bitcoinbook/bitcoinbook/develop/images/mbc2_0507.png https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#fig_5_7 Quote To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes). https://github.com/bitcoin/bips/blob/master/bip-0039.mediawikiThis seed can be later used to generate deterministic wallets using BIP-0032 or similar methods. Title: Re: About PGP Post by: BlackHatCoiner on November 22, 2020, 07:02:34 PM You can use a fake email address and name because PGP doesn't validate this data. You can even make a key called This is obvious, what I don't get is how the name and email will be encrypted along with the public key. Since I'm trying to create such project, simply converting secret key to public key isn't enough. I'll have to convert the secret key with the user credentials (name, email) to public key. I'm picturing that gpg does a function like that to generate a public key:Code: Foo Bar <foo@bar.com> and encrypt and sign messages from it perfectly without an actual email address like that. Code: RSA_Algorithm(random_number, name, email) Seriously it's unbelievable how badly complex GUIs for PGP are. It shouldn't have to be like this. But you asked for guides, so I'd say GPG4Win has an awesome tutorial for how to encrypt and sign messages with illustrations: https://www.gpg4win.org/doc/en/gpg4win-compendium.html. The documentation in GPG4Win make it simpler to use than Kleopatra by itself, but I agree that a little program that just encrypts/decrypts and signs/verifies a message would be the sweet spot (it unfortunately doesn't exist yet). One day I sat down and tried to understand how pgp and openssl work. It was like being blind searching on a dark room for a black cat that wasn't there. :PWhere did you get that string from? There are not enough characters in that string to make 2048 bits. But, that "small" string is supposed to be the private key. In your previous posts you're telling me to put a 512 bit key (or 256), not 2048. Why should it be 2048? Isn't taking a random number between a huge range?And I should not forget that if these are hard, can't think of how hard it'll be to implement them on c#. Title: Re: About PGP Post by: NotATether on November 22, 2020, 07:53:13 PM But why he would derive keys? He doesn't need it. Why it wouldn't be ok to just take the 512bit seed he got? But, that "small" string is supposed to be the private key. In your previous posts you're telling me to put a 512 bit key (or 256), not 2048. Why should it be 2048? Isn't taking a random number between a huge range? I don't think I was clear enough about the private key length, I was trying to say you should not derive a 512-bit/256-bit key, so I guess that's where the confusion came from. The reason is GPG can only make at least 1024-bit length RSA keys (RSA-1024), but those aren't secure so people make RSA-2048 and RSA-4096 keys instead. what I don't get is how the name and email will be encrypted along with the public key. Since I'm trying to create such project, simply converting secret key to public key isn't enough. I'll have to convert the secret key with the user credentials (name, email) to public key. I'm picturing that gpg does a function like that to generate a public key: Code: RSA_Algorithm(random_number, name, email) The name and email not encrypted in the message, they remain in the public key (nothing in the public key is encrypted). While the fingerprint that points to the public key is embedded in the encrypted file. Title: Re: About PGP Post by: BlackHatCoiner on November 22, 2020, 08:26:53 PM I don't think I was clear enough about the private key length, I was trying to say you should not derive a 512-bit/256-bit key, so I guess that's where the confusion came from. Why you shouldn't? Isn't 256-bit secure enough or just impossible for RSA? Title: Re: About PGP Post by: NotATether on November 22, 2020, 08:48:15 PM I don't think I was clear enough about the private key length, I was trying to say you should not derive a 512-bit/256-bit key, so I guess that's where the confusion came from. Why you shouldn't? Isn't 256-bit secure enough or just impossible for RSA? A company called Crown Sterling managed to break 256-bit RSA keys in about 50 seconds. https://arstechnica.com/information-technology/2019/09/medicine-show-crown-sterling-demos-256-bit-rsa-key-cracking-at-private-event/ (https://arstechnica.com/information-technology/2019/09/medicine-show-crown-sterling-demos-256-bit-rsa-key-cracking-at-private-event/). It was always considered too weak for encryption. And 512-bit RSA keys have also been cracked using $100 worth of AWS servers in 7 hours: https://arstechnica.com/information-technology/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/ Even 768-bit RSA has been cracked but with less feasible requirements: https://arstechnica.com/information-technology/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now/ AFAIK 1024-bit RSA has not been cracked yet, but because smaller sized RSA keys have been cracked, 2048 bits became the recommended key size. It's only a matter of time before someone cracks 1024-bit RSA too. Title: Re: About PGP Post by: BlackHatCoiner on November 22, 2020, 09:12:54 PM Okay, so if I understood correctly, I can't implement my idea, because converting a bitcoin (256-bit) private key to an RSA public key would be completely unsecure. Do you have any other idea of making a mnemonic for pgp?
Title: Re: About PGP Post by: NotATether on November 22, 2020, 10:46:47 PM Okay, so if I understood correctly, I can't implement my idea, because converting a bitcoin (256-bit) private key to an RSA public key would be completely unsecure. Do you have any other idea of making a mnemonic for pgp? Theoretically for a 12 word mnemonic you can use a wordlist with 2^88 words to encode 2048 bits of entropy, and the appropriate amount of BIP39 checksum bits. But this is not practical. A 24 word mneumonic needs a wordlist with 2^44 words to encode the same amount of entropy and checksum. Ditto 48 word mneumonics with a 2^22 wordlist (which is 4194304 words but now the mneumonic length is becoming impractical as well). I made a Jupyter notebook that shows you a table of how big a wordlist you need for varying mnemonic phrase lengths and RSA key sizes, it's probably easier for you to understand. https://colab.research.google.com/drive/1wZSRDxd7md6Qrdd4-iTGyuBFzxWeuPx1?usp=sharing I'll paste the results here: Code: 256 512 1024 2048 4096 The values in the table are the number of bits each word needs to store, so the corresponding wordlist needs to have 2**(number of bits) words in it. In short, it's not practical to make a mnemonic phrase for RSA keys because of its enormous key size, which happen to be required for its security. They cause the wordlists or phrase lengths to become too large. Title: Re: About PGP Post by: Saint-loup on November 22, 2020, 11:30:05 PM Okay, so if I understood correctly, I can't implement my idea, because converting a bitcoin (256-bit) private key to an RSA public key would be completely unsecure. Do you have any other idea of making a mnemonic for pgp? Theoretically for a 12 word mnemonic you can use a wordlist with 2^88 words to encode 2048 bits of entropy, and the appropriate amount of BIP39 checksum bits. But this is not practical. A 24 word mneumonic needs a wordlist with 2^44 words to encode the same amount of entropy and checksum. Ditto 48 word mneumonics with a 2^22 wordlist (which is 4194304 words but now the mneumonic length is becoming impractical as well). I made a Jupyter notebook that shows you a table of how big a wordlist you need for varying mnemonic phrase lengths and RSA key sizes, it's probably easier for you to understand. https://colab.research.google.com/drive/1wZSRDxd7md6Qrdd4-iTGyuBFzxWeuPx1?usp=sharing I'll paste the results here: Code: 256 512 1024 2048 4096 The values in the table are the number of bits each word needs to store, so the corresponding wordlist needs to have 2**(number of bits) words in it. In short, it's not practical to make a mnemonic phrase for RSA keys because of its enormous key size, which happen to be required for its security. They cause the wordlists or phrase lengths to become too large. Title: Re: About PGP Post by: NotATether on November 23, 2020, 01:40:50 PM I'm not sure about that, the keys above have been broken because of their length, but not because of their lack of entropy as I understand, so such large amounts of entropy are maybe not necessary... This caused me to search on the web for how many bits entropy is needed to make RSA keys, and according to https://crypto.stackexchange.com/questions/48256/how-much-entropy-do-you-need-for-a-secure-certificate-generation , we only need 128 bits regardless of key size. @BlackHatCoiner I must have confused entropy with key size, apparently we don't need such large amounts of entropy (and this huge wordlists) to make a decently sized RSA key, because a brute force attack can only be done on the RSA key itself, not guessing the bits of entropy user because that is unknown, and discarded after the key is made. So maybe mnemonic phrases and bitcoin derived keys are still on the table. We just need to stretch their size big enough for the RSA key generation. So from 128 bits of entropy we expand it to a 2048 bit number from it, the RSA key will now be 2048 bits but an attacker now has to brute force the 2^128 different entropy values instead of the RSA key. And here's my simple question. Let's take a 256-bit hex number that could be a bitcoin private key: Code: b62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cad Right now it can't be converted to secret key, but what if I just add itself another 7 times? (to succeed the 2048 bits) Code: b62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cad It still can't be brute forced and we can convert it to secret key. Right? Correct. Title: Re: About PGP Post by: BlackHatCoiner on November 23, 2020, 02:00:45 PM And here's my simple question. Let's take a 256-bit hex number that could be a bitcoin private key:
b62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cad Right now it can't be converted to secret key, but what if I just add itself another 7 times? (to succeed the 2048 bits) b62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd47 9b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07a e537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02 f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d 3cadb62ff5544f5cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5 cd479b336fdbe26d07ae537b1a7ef0fa02f7a21c52681b20d3cadb62ff5544f5cd479b336fdbe26 d07ae537b1a7ef0fa02f7a21c52681b20d3cad It still can't be brute forced and we can convert it to secret key. Right? Title: Re: About PGP Post by: BlackHatCoiner on November 24, 2020, 07:32:49 AM Can someone explain me what am I doing wrong? I have my rsa-key-hex.txt file which has this private key inside:
B62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD47 9B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26D07A E537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02 F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D 3CADB62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5 CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26 D07AE537B1A7EF0FA02F7A21C52681B20D3CAD ^I don't know why it has these little spaces between the hashes on this post. They are not shown on my 512 byte text file. Once I run Code: xxd -r -ps rsa-key-hex.txt rsa-key.der Then I run Code: openssl pkey -in rsa-key.der -inform der -out rsa-key.pem -outform pem https://i.imgur.com/07r8yH7.png rsa-key-hex.txt remains the only file on the directory. Title: Re: About PGP Post by: NotATether on November 24, 2020, 08:24:52 AM There really are spaces in your private key, try pressing backspace at the beginning of the each line to get rid of them.
Since your key a 512 chars, you should repeat it four times to get one that's 2048 characters long (this is so openssl works properly, there are still 512 bits of entropy) xxd needs to be installed from apt. Code: apt-get install xxd "Unable to load key" error message means openssl couldn't open the input file, but since xxd is installed now, it should surely work. Title: Re: About PGP Post by: BlackHatCoiner on November 24, 2020, 08:48:28 AM This is my rsa-key-hex.txt word-wrapped:
https://i.imgur.com/WEWIgXE.png It is 2048 characters long as you told me, no spaces and I did install the xdd from apt. I run the same commands and get the same errors. Code: xxd -r -ps rsa-key-hex.txt rsa-key.der Once I create the text file and edit it it doesn't let me to run anything due to permissions. I change them with sudo chmod 640 <filename>. I don't believe that this has something to do with the error, but I wanted to mention it. P.S, thanks for helping a beginner to all this madness. Title: Re: About PGP Post by: NotATether on November 24, 2020, 09:22:30 AM Once I create the text file and edit it it doesn't let me to run anything due to permissions. I change them with sudo chmod 640 <filename>. I don't believe that this has something to do with the error, but I wanted to mention it. Your permissions error is probably what's causing xxd not to write anything. xxd doesn't dump error messages when it can't read a file. Try creating the file from inside Ubuntu using nano or some other editor, I think that Windows and WSL are not playing well with file ownership. Also try running chmod 0666 and create the file in /tmp if that doesn't help (/home permissions are locked down to the user it belongs to, which may not be the same one that created the file in Notepad) P.S, thanks for helping a beginner to all this madness. No problem, hexadecimal numbers to rsa keys are uncharted waters, I don't recall anyone attempting this before and as expected there are sea monsters resident :D Title: Re: About PGP Post by: BlackHatCoiner on November 24, 2020, 09:45:49 AM What exactly does chmod 0666 do? Can't I simply create a txt file from the command line? Do I really have to install a whole editor?
I created the txt file opened it with windows' notepad, inserted the 2048-length, saved string and ran the commands: https://i.imgur.com/KfYWS0D.png https://i.imgur.com/0J6Krk3.png So is it 99% notepad issue? Title: Re: About PGP Post by: NotATether on November 24, 2020, 01:30:15 PM Alright since it seems that you have rsa-key.der, you don't need chmod or an editor...
This rsa-key.der file is a binary file, it should not be directly opened in an editor. But the fact that Windows recognizes it as a security certificate, I have to look it up. So it turns out that DER files are just a binary encoding of a certificate (https://wiki.openssl.org/index.php/DER). DER files are not supposed to have arbitrary bytes, such as the hex input we are trying to create a private key from. That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was. Certificates, DER, these have nothing to do with our problem. I tried finding the openssl command that uses our binary input as entropy for an RSA private key, but the best it can do is openssl genrsa -out <OUTFILE> -rand <INFILE> <N>, OUTFILE being the private key, INFILE being our binary numbers file, and N is 2048 or some other key size. This reads bytes from INFILE to seed it's random number generator, but it still collects entropy used in the private key from the operating system. I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes. But this stack overflow answer looks promising: https://stackoverflow.com/questions/19850283/how-to-generate-rsa-keys-using-specific-input-numbers-in-openssl We basically have to use some of the bytes to create primes, exponents and coefficients which is the syntax of an RSA private key. (Note that generating these things by hand is a completely insecure way to make private keys if the numbers happen to be easy to factor, but at this point we are doing this for demonstration purposes only.) I will study it out later today. Title: Re: About PGP Post by: BlackHatCoiner on November 24, 2020, 03:36:54 PM That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was. But it wasn't suppose to create a private key randomly. It was suppose to convert our hexadecimal private key to RSA secret key. Certificates, DER, these have nothing to do with our problem. I tried finding the openssl command that uses our binary input as entropy for an RSA private key, but the best it can do is openssl genrsa -out <OUTFILE> -rand <INFILE> <N>, OUTFILE being the private key, INFILE being our binary numbers file, and N is 2048 or some other key size. This reads bytes from INFILE to seed it's random number generator, but it still collects entropy used in the private key from the operating system. So OUTFILE is rsa-key-hex.txt, INFILE is rsa-key.der and N is 2048? If I run the following command will I get a secret key?Code: openssl genrsa -out rsa-key-hex.txt -rand rsa-key.der 2048 Edit: I ran it. This is the result: https://i.imgur.com/KYxi3kZ.png Here's our RSA private key :D https://i.imgur.com/pMxPOOj.png I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes. To prevent any misunderstandings, private keys I'm referring are 256-bit hexadecimal strings. Like a SHA256 result. Why do I need to generate private keys from bytes? Do you mean generation of secret key from .der file?Title: Re: About PGP Post by: NotATether on November 24, 2020, 07:24:12 PM Ah that's good news, from this you can easily get its public key with the third command I posted.
That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was. But it wasn't suppose to create a private key randomly. It was suppose to convert our hexadecimal private key to RSA secret key. I meant random in the context of you choosing the (256-bit) hexadecimal string. I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes. To prevent any misunderstandings, private keys I'm referring are 256-bit hexadecimal strings. Like a SHA256 result. Why do I need to generate private keys from bytes? Do you mean generation of secret key from .der file?Yes. I was trying to say the input file rsa-key-hex.txt is the one where you choose a random hex string which is afterwards converted to bytes. When I said bytes I was referring to result after running xxd on rsa-key-hex.txt. Ultimately, hexadecimal values are a way of representing binary values. May I ask what are your next plans for this now that you were able to generate an RSA key from hex strings? Title: Re: About PGP Post by: BlackHatCoiner on November 24, 2020, 08:50:15 PM May I ask what are your next plans for this now that you were able to generate an RSA key from hex strings? Yes, first of all I'll have to study the openssl's encryption functions on c#. Running all these commands on a "safe" ubuntu terminal is quite nice, but I can't stay there. I have to do the same thing on c#. Then, once I find out how to convert the rsa private key to public key I'll combine it with mnemonic. The steps I'm imagining are those: 1) You generate a seed. 2) The program takes the 1st derivation path of it. 3) It extends the 256-bit with itself for 7 times to succeed 2048 bits. (Which is considered safe) 4) Extended bitcoin private key is converted to secret key and then to public key. 5) User can sign messages through the program or export the secret key. (for moving it to gpg, kleopatra etc.) Voila! Anyone can prove he is the owner of a public key by just writing down the words on a piece of paper. On gpg if you lost your secret key, you were done. Here, if you lose it, you can simply re-enter the seed to the program. Thank you for your contribution to this thread. I like having high quality discussions. Bitcoin has created me a huge interest towards cryptography. Title: Re: About PGP Post by: Saint-loup on November 25, 2020, 03:21:51 PM That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was. But it wasn't suppose to create a private key randomly. It was suppose to convert our hexadecimal private key to RSA secret key. Certificates, DER, these have nothing to do with our problem. I tried finding the openssl command that uses our binary input as entropy for an RSA private key, but the best it can do is openssl genrsa -out <OUTFILE> -rand <INFILE> <N>, OUTFILE being the private key, INFILE being our binary numbers file, and N is 2048 or some other key size. This reads bytes from INFILE to seed it's random number generator, but it still collects entropy used in the private key from the operating system. So OUTFILE is rsa-key-hex.txt, INFILE is rsa-key.der and N is 2048? If I run the following command will I get a secret key?Code: openssl genrsa -out rsa-key-hex.txt -rand rsa-key.der 2048 Edit: I ran it. This is the result: https://i.imgur.com/KYxi3kZ.png Here's our RSA private key :D https://i.imgur.com/pMxPOOj.png I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes. To prevent any misunderstandings, private keys I'm referring are 256-bit hexadecimal strings. Like a SHA256 result. Why do I need to generate private keys from bytes? Do you mean generation of secret key from .der file?And btw did you try the openssl command several times with the same input file to check if you get the same RSA key each time? Do you think it will work(ie you will get the same RSA key at the end) on another linux environment? Title: Re: About PGP Post by: BlackHatCoiner on November 25, 2020, 04:42:42 PM Did you use xxd to convert your hex file in a binary/der one finally or did you use something else? Yes, I used xxd to convert the txt hex file to der. Unfortunately, I haven't found a way to do this in c#. I've dug up all the internet. Converting the hex to der and then to pem in C# is the only thing that has left on my project.And btw did you try the openssl command several times with the same input file to check if you get the same RSA key each time? Do you think it will work(ie you will get the same RSA key at the end) on another linux environment? If you mean that the same public key is generated by the same private key, then yes, I tried it. Both on my linux terminal and this site: https://cryptotools.net/rsagenTitle: Re: About PGP Post by: NotATether on November 25, 2020, 05:19:20 PM Did you use xxd to convert your hex file in a binary/der one finally or did you use something else? Yes, I used xxd to convert the txt hex file to der. Unfortunately, I haven't found a way to do this in c#. I've dug up all the internet. Converting the hex to der and then to pem in C# is the only thing that has left on my project.For this you can copy and paste C# code from one of the answers here: https://stackoverflow.com/a/49544738 They should be an quick and dirty way to do in C# what xxd is doing. And btw did you try the openssl command several times with the same input file to check if you get the same RSA key each time? Do you think it will work(ie you will get the same RSA key at the end) on another linux environment? If you mean that the same public key is generated by the same private key, then yes, I tried it. Both on my linux terminal and this site: https://cryptotools.net/rsagenI think he meant if the DER --> private key step will produce the same private key if you run it twice with the same input. I currently can't verify this but it's easy to test, the entire DER format is somewhat a black magic to work with. I'm especially concerned if it'll work when given any valid bitcoin private key as input. The 256 bit --> 2048 bit transformation you apply (like concatenating it 8 times) must be the same for all bitcoin private keys. We previously got "asn encoding routines" errors with some inputs. Title: Re: About PGP Post by: BlackHatCoiner on November 25, 2020, 08:31:43 PM For this you can copy and paste C# code from one of the answers here: https://stackoverflow.com/a/49544738 So der is the actual bytes of the hex? Nothing more? Why does it exist in the first place?They should be an quick and dirty way to do in C# what xxd is doing. I think he meant if the DER --> private key step will produce the same private key if you run it twice with the same input. I currently can't verify this but it's easy to test, the entire DER format is somewhat a black magic to work with. Holy sh!t, you are right! It doesn't produce the same private key. I'm running the same commands on the same hex but I get different secret keys. I guess OpenSSL uses a random number variable along with .der when creating the whole base64 secret key.I'm especially concerned if it'll work when given any valid bitcoin private key as input. The 256 bit --> 2048 bit transformation you apply (like concatenating it 8 times) must be the same for all bitcoin private keys. We previously got "asn encoding routines" errors with some inputs. https://i.imgur.com/DvG9pLg.png Title: Re: About PGP Post by: BlackHatCoiner on November 26, 2020, 06:50:36 PM I'm taking a 2048-bit hex value and I'm converting it to binary on C#:
Code: ByteArrayToFile(@"C:\Users\bymet\Documents\seedtopgp\test.der", StringToByteArray(<hex here, its just too big for a post>)); Der file seems to be fine, but once I perform base64 encoding to it, things mess up. Here's my supposedly RSA private key based on the der encode: https://i.imgur.com/nENlmIm.png It doesn't start with MII. Am I doing anything wrong? I believe that there are more procedures except of those 2. (hex to bytes and then bytes to base64) Title: Re: About PGP Post by: NotATether on November 26, 2020, 11:40:23 PM Base64 encode is not how you create an RSA key. Apparently from the random bytes we have, we have to use some of each to construct the following numbers:
Code: modulus=INTEGER:<PRIME> The rest of the values in the private key can be calculated from the values we already have. Code: e1 = privExp mod (p-1) The last equation is not a floating-point inverse, we are trying to find a value for coeff such that the product of coeff*q, where q is already known, is a number that modulo's p to 1. i.e. product % p is 1. There is an algorithm for finding this value q^-1, and it depends on knowing the value of q^-1 for smaller values of q than the one we are trying to find. I found one such algorithm online in C++, but it should cleanly translate to C# since it's just arithmetic expressions. Code: inv[1] = 1; so you gotta compute 1^-1, 2^-1, ... until you reach a value of q^-1 that results in 1 when you do q^-1 mod p. For example if you fill the input file with these values: Code: asn1=SEQUENCE:rsa_key You have to pass it to this command to make the corresponding DER file (so perhaps DER files are relevant to this problem after all.): Code: openssl asn1parse -genconf <path to above file> -out rsa-key.der The main problem now is that you need to assign some bytes from the 256-bit key to each of the 5 input parameters. You have a lot of numbers to choose from, but to have any reasonable sense of security, they must all be extremely large primes. Title: Re: About PGP Post by: BlackHatCoiner on November 27, 2020, 08:05:41 AM So to sum up, in order to get the RSA private key, I'll need to convert a 2048-bit hex to bytes. Then from bytes I'll have to perform a function to it called asn1parse with some values. After all, will I have a der file? Is it done by simply performing base64 encoding?
Title: Re: About PGP Post by: Saint-loup on November 27, 2020, 08:21:49 AM The title of your thread is too vague IMO, you should change it if you want to attract people able to suggest you some solutions.
Title: Re: About PGP Post by: BlackHatCoiner on November 27, 2020, 08:42:03 AM The title of your thread is too vague IMO, you should change it if you want to attract people able to suggest you some solutions. I think it's better now.Title: Re: About PGP Post by: NotATether on November 27, 2020, 10:14:14 AM So to sum up, in order to get the RSA private key, I'll need to convert a 2048-bit hex to bytes. Then from bytes I'll have to perform a function to it called asn1parse with some values. After all, will I have a der file? Is it done by simply performing base64 encoding? asn1parse is a command line utility not a function. openssl asnparse <arguments>. And yes you need to prepare for it a file with values, and it will give you a der file. No you can't simply base64 encode the bytes to get a key, you have to split the bytes into the 5 parameters I mentioned above (modulus, pubExp, privExp, p, q) and then pass those to asnparse. Then use the DER file to get the private key and from that extract the public key. Title: Re: PGP Questions [From hex to pem] Post by: BlackHatCoiner on November 28, 2020, 03:10:05 PM Unfortunately, I don't think I'll move this on. The whole asn1parse seems too difficult to understand. Especially the primes, I still don't get why we need them just to achieve the creation of an rsa private key. I thought it would be easier, but for a beginner like me, these problems:
make me wanna to give up... As for the idea, do you think it would be useful? Title: Re: PGP Questions [From hex to pem] Post by: NotATether on November 28, 2020, 09:04:31 PM As for the idea, do you think it would be useful? For practical use? No because the normal way of generating private keys by hardware-provided entropy is much more secure than choosing the numbers yourself. For demonstration purposes? Yes, as people here will finally get an idea of what's inside an RSA private key and how all the pieces fit together. Title: Re: PGP Questions [From hex to pem] Post by: BlackHatCoiner on November 28, 2020, 09:09:00 PM For practical use? No because the normal way of generating private keys by hardware-provided entropy is much more secure than choosing the numbers yourself. When you say numbers you mean the prime numbers or the hex? Because both of them can be chosen randomly and not from the user.Title: Re: PGP Questions [From hex to pem] Post by: NotATether on November 28, 2020, 09:12:14 PM For practical use? No because the normal way of generating private keys by hardware-provided entropy is much more secure than choosing the numbers yourself. When you say numbers you mean the prime numbers or the hex? Because both of them can be chosen randomly and not from the user.I was referring to these primes: Code: modulus=INTEGER:<PRIME> As for the hex, as long as you generate it properly, I don't see how that can be insecure. Title: Re: PGP Questions [From hex to pem] Post by: BlackHatCoiner on January 01, 2021, 02:06:06 PM As I said, I never succeeded on what I firstly wanted on OP. What I did want, was to keep my PGP keys safe with a mnemonic. Although, I then sat down and questioned "Why should we carry that large base64 encoded string anyway? Why shouldn't we just encrypt and decrypt with mnemonics?".
So this is when I started this: [Open Source] Booknemonic - Convenience on digital signatures and encryption (https://bitcointalk.org/index.php?topic=5298089.0). Why am I waking up this topic? I want to know from the people that helped me here, if it's the same thing. By that, I mean, is this way better than PGP? Am I missing something? Because it seems too simple to me, but by far better than the monstrous public key, PGP generates, such as this one: Code: -----BEGIN PGP PUBLIC KEY BLOCK----- I wanted to make encryption easier to be achieved from an ordinary human. I hope I did it. Title: Re: PGP Questions [From hex to pem] Post by: NotATether on January 01, 2021, 02:46:10 PM I wanted to make encryption easier to be achieved from an ordinary human. I hope I did it. I haven't read the source code of your utility but from your description in the OP you did a good job at achieving what you set out to do. I can see this could have a good use case in reducing impersonation-of-people's-PGP-keys kind of scams where you give anybody a random signed message and they trust the fact that there is a signed message existing proves it's them while it could be from a different public key. Words that people can memorize would make these scam attempts more obvious. Also you can use Mono (https://www.mono-project.com/) to port your .NET program to macOS and Linux without changing the programming language. |
