PGP Questions [From hex to pem]

[BlackHatCoiner]

Can someone explain me what am I doing wrong? I have my rsa-key-hex.txt file which has this private key inside:
B62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD47 9B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26D07A E537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02 F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D 3CADB62FF5544F5CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5 CD479B336FDBE26D07AE537B1A7EF0FA02F7A21C52681B20D3CADB62FF5544F5CD479B336FDBE26 D07AE537B1A7EF0FA02F7A21C52681B20D3CAD
^I don't know why it has these little spaces between the hashes on this post. They are not shown on my 512 byte text file.

Once I run

Code:

xxd -r -ps rsa-key-hex.txt rsa-key.der

nothing happens. No rsa-key.der file on my directory.

Then I run

Code:

openssl pkey -in rsa-key.der -inform der -out rsa-key.pem -outform pem

and this is the output:



rsa-key-hex.txt remains the only file on the directory.

[NotATether]

There really are spaces in your private key, try pressing backspace at the beginning of the each line to get rid of them.

Since your key a 512 chars, you should repeat it four times to get one that's 2048 characters long (this is so openssl works properly, there are still 512 bits of entropy)

xxd needs to be installed from apt.

Code:

apt-get install xxd

"Unable to load key" error message means openssl couldn't open the input file, but since xxd is installed now, it should surely work.

[BlackHatCoiner]

This is my rsa-key-hex.txt word-wrapped:



It is 2048 characters long as you told me, no spaces and I did install the xdd from apt. I run the same commands and get the same errors.

Code:

xxd -r -ps rsa-key-hex.txt rsa-key.der

^Does not create me the rsa-key.der (which must be the main problem)

Once I create the text file and edit it it doesn't let me to run anything due to permissions. I change them with sudo chmod 640 <filename>. I don't believe that this has something to do with the error, but I wanted to mention it.

P.S, thanks for helping a beginner to all this madness.

[NotATether]

Once I create the text file and edit it it doesn't let me to run anything due to permissions. I change them with sudo chmod 640 <filename>. I don't believe that this has something to do with the error, but I wanted to mention it.

Your permissions error is probably what's causing xxd not to write anything. xxd doesn't dump error messages when it can't read a file.

Try creating the file from inside Ubuntu using nano or some other editor, I think that Windows and WSL are not playing well with file ownership. Also try running chmod 0666 and create the file in /tmp if that doesn't help (/home permissions are locked down to the user it belongs to, which may not be the same one that created the file in Notepad)

P.S, thanks for helping a beginner to all this madness.

No problem, hexadecimal numbers to rsa keys are uncharted waters, I don't recall anyone attempting this before and as expected there are sea monsters resident 

[BlackHatCoiner]

What exactly does chmod 0666 do? Can't I simply create a txt file from the command line? Do I really have to install a whole editor?

I created the txt file opened it with windows' notepad, inserted the 2048-length, saved string and ran the commands:





So is it 99% notepad issue?

[NotATether]

Alright since it seems that you have rsa-key.der, you don't need chmod or an editor...

This rsa-key.der file is a binary file, it should not be directly opened in an editor. But the fact that Windows recognizes it as a security certificate, I have to look it up.

So it turns out that DER files are just a binary encoding of a certificate (https://wiki.openssl.org/index.php/DER). DER files are not supposed to have arbitrary bytes, such as the hex input we are trying to create a private key from.

That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was.

Certificates, DER, these have nothing to do with our problem. I tried finding the openssl command that uses our binary input as entropy for an RSA private key, but the best it can do is openssl genrsa -out <OUTFILE> -rand <INFILE> <N>, OUTFILE being the private key, INFILE being our binary numbers file, and N is 2048 or some other key size. This reads bytes from INFILE to seed it's random number generator, but it still collects entropy used in the private key from the operating system. I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes.

But this stack overflow answer looks promising:

https://stackoverflow.com/questions/19850283/how-to-generate-rsa-keys-using-specific-input-numbers-in-openssl

We basically have to use some of the bytes to create primes, exponents and coefficients which is the syntax of an RSA private key.

(Note that generating these things by hand is a completely insecure way to make private keys if the numbers happen to be easy to factor, but at this point we are doing this for demonstration purposes only.)

I will study it out later today.

[BlackHatCoiner]

That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was.

But it wasn't suppose to create a private key randomly. It was suppose to convert our hexadecimal private key to RSA secret key.

Certificates, DER, these have nothing to do with our problem. I tried finding the openssl command that uses our binary input as entropy for an RSA private key, but the best it can do is openssl genrsa -out <OUTFILE> -rand <INFILE> <N>, OUTFILE being the private key, INFILE being our binary numbers file, and N is 2048 or some other key size. This reads bytes from INFILE to seed it's random number generator, but it still collects entropy used in the private key from the operating system.

So OUTFILE is rsa-key-hex.txt, INFILE is rsa-key.der and N is 2048? If I run the following command will I get a secret key?

Code:

openssl genrsa -out rsa-key-hex.txt -rand rsa-key.der 2048

Edit: I ran it. This is the result:



Here's our RSA private key 

I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes.

To prevent any misunderstandings, private keys I'm referring are 256-bit hexadecimal strings. Like a SHA256 result. Why do I need to generate private keys from bytes? Do you mean generation of secret key from .der file?

[NotATether]

Ah that's good news, from this you can easily get its public key with the third command I posted.

That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was.

But it wasn't suppose to create a private key randomly. It was suppose to convert our hexadecimal private key to RSA secret key.

I meant random in the context of you choosing the (256-bit) hexadecimal string.

I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes.

To prevent any misunderstandings, private keys I'm referring are 256-bit hexadecimal strings. Like a SHA256 result. Why do I need to generate private keys from bytes? Do you mean generation of secret key from .der file?

Yes.

I was trying to say the input file rsa-key-hex.txt is the one where you choose a random hex string which is afterwards converted to bytes. When I said bytes I was referring to result after running xxd on rsa-key-hex.txt. Ultimately, hexadecimal values are a way of representing binary values.

May I ask what are your next plans for this now that you were able to generate an RSA key from hex strings?

[BlackHatCoiner]

May I ask what are your next plans for this now that you were able to generate an RSA key from hex strings?

Yes, first of all I'll have to study the openssl's encryption functions on c#. Running all these commands on a "safe" ubuntu terminal is quite nice, but I can't stay there. I have to do the same thing on c#. Then, once I find out how to convert the rsa private key to public key I'll combine it with mnemonic.

The steps I'm imagining are those:
1) You generate a seed.
2) The program takes the 1st derivation path of it.
3) It extends the 256-bit with itself for 7 times to succeed 2048 bits. (Which is considered safe)
4) Extended bitcoin private key is converted to secret key and then to public key.
5) User can sign messages through the program or export the secret key. (for moving it to gpg, kleopatra etc.)

Voila! Anyone can prove he is the owner of a public key by just writing down the words on a piece of paper. On gpg if you lost your secret key, you were done. Here, if you lose it, you can simply re-enter the seed to the program.

Thank you for your contribution to this thread. I like having high quality discussions. Bitcoin has created me a huge interest towards cryptography.

[Saint-loup]

That means the second command, the one with openssl, is not creating a private key from random bytes at all. It looks like it's extracting the private key from a DER certificate, and my input was apparently a certificate encoded in binary, not the random bytes I thought it was.

But it wasn't suppose to create a private key randomly. It was suppose to convert our hexadecimal private key to RSA secret key.

Certificates, DER, these have nothing to do with our problem. I tried finding the openssl command that uses our binary input as entropy for an RSA private key, but the best it can do is openssl genrsa -out <OUTFILE> -rand <INFILE> <N>, OUTFILE being the private key, INFILE being our binary numbers file, and N is 2048 or some other key size. This reads bytes from INFILE to seed it's random number generator, but it still collects entropy used in the private key from the operating system.

So OUTFILE is rsa-key-hex.txt, INFILE is rsa-key.der and N is 2048? If I run the following command will I get a secret key?

Code:

openssl genrsa -out rsa-key-hex.txt -rand rsa-key.der 2048

Edit: I ran it. This is the result:



Here's our RSA private key  

I don't think this is what you are looking for because you want a deterministic way to generate private keys from bytes.

To prevent any misunderstandings, private keys I'm referring are 256-bit hexadecimal strings. Like a SHA256 result. Why do I need to generate private keys from bytes? Do you mean generation of secret key from .der file?

Did you use xxd to convert your hex file in a binary/der one finally or did you use something else?
And btw did you try the openssl command several times with the same input file to check if you get the same RSA key each time? Do you think it will work(ie you will get the same RSA key at the end) on another linux environment?

[BlackHatCoiner]

Did you use xxd to convert your hex file in a binary/der one finally or did you use something else?

Yes, I used xxd to convert the txt hex file to der. Unfortunately, I haven't found a way to do this in c#. I've dug up all the internet. Converting the hex to der and then to pem in C# is the only thing that has left on my project.

And btw did you try the openssl command several times with the same input file to check if you get the same RSA key each time? Do you think it will work(ie you will get the same RSA key at the end) on another linux environment?

If you mean that the same public key is generated by the same private key, then yes, I tried it. Both on my linux terminal and this site: https://cryptotools.net/rsagen

[NotATether]

Did you use xxd to convert your hex file in a binary/der one finally or did you use something else?

Yes, I used xxd to convert the txt hex file to der. Unfortunately, I haven't found a way to do this in c#. I've dug up all the internet. Converting the hex to der and then to pem in C# is the only thing that has left on my project.

For this you can copy and paste C# code from one of the answers here: https://stackoverflow.com/a/49544738

They should be an quick and dirty way to do in C# what xxd is doing.

And btw did you try the openssl command several times with the same input file to check if you get the same RSA key each time? Do you think it will work(ie you will get the same RSA key at the end) on another linux environment?

If you mean that the same public key is generated by the same private key, then yes, I tried it. Both on my linux terminal and this site: https://cryptotools.net/rsagen

I think he meant if the DER --> private key step will produce the same private key if you run it twice with the same input. I currently can't verify this but it's easy to test, the entire DER format is somewhat a black magic to work with.

I'm especially concerned if it'll work when given any valid bitcoin private key as input. The 256 bit --> 2048 bit transformation you apply (like concatenating it 8 times) must be the same for all bitcoin private keys. We previously got "asn encoding routines" errors with some inputs.

[BlackHatCoiner]

For this you can copy and paste C# code from one of the answers here: https://stackoverflow.com/a/49544738

They should be an quick and dirty way to do in C# what xxd is doing.

So der is the actual bytes of the hex? Nothing more? Why does it exist in the first place?

I think he meant if the DER --> private key step will produce the same private key if you run it twice with the same input. I currently can't verify this but it's easy to test, the entire DER format is somewhat a black magic to work with.

I'm especially concerned if it'll work when given any valid bitcoin private key as input. The 256 bit --> 2048 bit transformation you apply (like concatenating it 8 times) must be the same for all bitcoin private keys. We previously got "asn encoding routines" errors with some inputs.

Holy sh!t, you are right! It doesn't produce the same private key. I'm running the same commands on the same hex but I get different secret keys. I guess OpenSSL uses a random number variable along with .der when creating the whole base64 secret key.

[BlackHatCoiner]

I'm taking a 2048-bit hex value and I'm converting it to binary on C#:

Code:

ByteArrayToFile(@"C:\Users\bymet\Documents\seedtopgp\test.der", StringToByteArray(<hex here, its just too big for a post>));
rsaPrivate.Text = System.Convert.ToBase64String(File.ReadAllBytes(@"C:\Users\bymet\Documents\seedtopgp\test.der"));

Der file seems to be fine, but once I perform base64 encoding to it, things mess up. Here's my supposedly RSA private key based on the der encode:



It doesn't start with MII. Am I doing anything wrong? I believe that there are more procedures except of those 2. (hex to bytes and then bytes to base64)

[NotATether]

Base64 encode is not how you create an RSA key. Apparently from the random bytes we have, we have to use some of each to construct the following numbers:

Code:

modulus=INTEGER:<PRIME>
pubExp=INTEGER:<PRIME>
privExp=INTEGER:<PRIME>
p=INTEGER:<PRIME>
q=INTEGER:<PRIME>

The rest of the values in the private key can be calculated from the values we already have.

Code:

e1 = privExp mod (p-1)
e2 = privExp mod (q-1)
coeff = q^-1 mod p

The last equation is not a floating-point inverse, we are trying to find a value for coeff such that the product of coeff*q, where q is already known, is a number that modulo's p to 1. i.e. product % p is 1.

There is an algorithm for finding this value q^-1, and it depends on knowing the value of q^-1 for smaller values of q than the one we are trying to find. I found one such algorithm online in C++, but it should cleanly translate to C# since it's just arithmetic expressions.

Code:

inv[1] = 1;
for(int i = 2; i < m; ++i)
    inv[i] = m - (m/i) * inv[m%i] % m;
// you would replace M with a while loop that breaks after the modulus of inv[element] and p becomes 1.

so you gotta compute 1^-1, 2^-1, ... until you reach a value of q^-1 that results in 1 when you do q^-1 mod p.

For example if you fill the input file with these values:

Code:

asn1=SEQUENCE:rsa_key

[rsa_key]
version=INTEGER:0
modulus=INTEGER:187
pubExp=INTEGER:7
privExp=INTEGER:23
p=INTEGER:17
q=INTEGER:11
e1=INTEGER:7
e2=INTEGER:3
coeff=INTEGER:14

You have to pass it to this command to make the corresponding DER file (so perhaps DER files are relevant to this problem after all.):

Code:

openssl asn1parse -genconf <path to above file> -out rsa-key.der

The main problem now is that you need to assign some bytes from the 256-bit key to each of the 5 input parameters. You have a lot of numbers to choose from, but to have any reasonable sense of security, they must all be extremely large primes.

[BlackHatCoiner]

So to sum up, in order to get the RSA private key, I'll need to convert a 2048-bit hex to bytes. Then from bytes I'll have to perform a function to it called asn1parse with some values. After all, will I have a der file? Is it done by simply performing base64 encoding?

[Saint-loup]

The title of your thread is too vague IMO, you should change it if you want to attract people able to suggest you some solutions.

[BlackHatCoiner]

The title of your thread is too vague IMO, you should change it if you want to attract people able to suggest you some solutions.

I think it's better now.

[NotATether]

So to sum up, in order to get the RSA private key, I'll need to convert a 2048-bit hex to bytes. Then from bytes I'll have to perform a function to it called asn1parse with some values. After all, will I have a der file? Is it done by simply performing base64 encoding?

asn1parse is a command line utility not a function. openssl asnparse <arguments>. And yes you need to prepare for it a file with values, and it will give you a der file.

No you can't simply base64 encode the bytes to get a key, you have to split the bytes into the 5 parameters I mentioned above (modulus, pubExp, privExp, p, q) and then pass those to asnparse.

Then use the DER file to get the private key and from that extract the public key.

[BlackHatCoiner]

Unfortunately, I don't think I'll move this on. The whole asn1parse seems too difficult to understand. Especially the primes, I still don't get why we need them just to achieve the creation of an rsa private key. I thought it would be easier, but for a beginner like me, these problems:

• Openssl commands can only be found as linux terminal's commands and not as C#.
• Too confusing documentation.
• Weird maths.
• Private keys differ even if they are from the same hex.

make me wanna to give up... As for the idea, do you think it would be useful?