|
题目名称:这是个假的私钥
题目内容:Download
解题思路:
下面这个脚本得到完整的P:
from sage.all import *
n = 26405201714915839490865227813246218372938736243516916108608439705738170543023112509150522274284238701776297205717958250714972924576706985074311737321016048409831557758205687745692399643151467933196930799657476449865271038382866908177517793954543176769652784274788769353482450910551831498252972857285424471782215525406445071432588374802623485148684255853068532820859835479998199886719945699488858505070686919320144576280217196858823521754407597888769668827432569034617434944912323704501156532854074083408527717809315663187405585840074689387865750105223058720511199252150772925124516509254841404742306560035497627834727
e = 65537
p = 'ee4e189845cc78efef4ac3e81d8aef997f735d5833b5c7e8494b9174ae211ba88231e2567ee6df9901328e0c6dbc5e24b343774785ae7e88ec409ca1d72901e32a582f291260eb9851fcbb0fff20805d'
#补足1024位,也就是256位十六进制数
pp = p + '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
print len(pp)
pp = int(pp, 16)
p_fake = pp+0x1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
pbits = 1024
kbits = pbits-len(p)*4
pbar = p_fake & (2^pbits-2^kbits)
print "upper %d bits (of %d bits) is given" % (pbits-kbits, pbits)
PR.<x> = PolynomialRing(Zmod(n))
f = x + pbar
try:
x0 = f.small_roots(X=2^kbits, beta=0.4)[0] # find root < 2^kbits with factor >= n^0.4
print x0 + pbar
except:
pass
然后计算q d,生成私钥,然后解密即可
from Crypto.PublicKey import RSA
import gmpy2
import base64
from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5
public = RSA.importKey(open('public.pem').read())
n = long(public.n)
e = long(public.e)
print n
print e
#26405201714915839490865227813246218372938736243516916108608439705738170543023112509150522274284238701776297205717958250714972924576706985074311737321016048409831557758205687745692399643151467933196930799657476449865271038382866908177517793954543176769652784274788769353482450910551831498252972857285424471782215525406445071432588374802623485148684255853068532820859835479998199886719945699488858505070686919320144576280217196858823521754407597888769668827432569034617434944912323704501156532854074083408527717809315663187405585840074689387865750105223058720511199252150772925124516509254841404742306560035497627834727
#65537
private = RSA.importKey(open('privatekey.pem').read())
print '%x' % private.q
#167343506005974003380506069679607737381940204686173214188860057004909006055220516074283090160430833007424970980655748310232878462615469792561310560310363430669700009093597847018287568821792168143170329382585883857083334915378884054389878477389765792275111293420203613159303898365894897865177093362621517279751
p = 167343506005974003380506069679607737381940204686173214188860057004909006055220516074283090160430833007424970980655748310232878462615469792561310560310363430669700009093597847018287568821792168143170329382585883857083334915378884054389878477389765792275111293420203613159303898365894897865177093362621517279751
q = n / p
d = gmpy2.invert(e, (p-1)*(q-1))
keypair = RSA.generate(1024)
keypair.p = p
keypair.q = q
keypair.e = e
keypair.n = n
phi_n = long((keypair.p-1) * (keypair.q-1))
i = 1
while (True):
x = (phi_n * i ) + 1
if (x % keypair.e == 0):
keypair.d = x / keypair.e
break
i += 1
private = open('private1.pem','w')
private.write(keypair.exportKey())
private.close()
cipher_text = "qzogS7X8M3ZOpkUhJJcbukaRduLyqHAPblmabaYSm9iatuulrHcEpBmil7V40N7gbsQXwYx5EBH5r5V2HRcEIOXjgfk5vpGLjPVxBLyXh2DajHPX6KvbFpQ8jNpCQbUNq8Hst00yDSO/6ri9dk6bk7+uyuN0b2K1bNG5St6sCQ4qYEA3xJbsHFvMqtvUdhMiqO7tNCUVTKZdN7iFvSJqK2IHosIf7FqO24zkHZpHi31sYU7pcgYEaGkVaKs8pjq6nbnffr4URfoexZHeQtq5UAkr95zD6WgvGcxaTDKafFntboX9GR9VUZnHePiio7nJ3msfue5rkIbISjmGCAlj+w=="
f = open('private1.pem','r')
key = RSA.importKey(f.read())
cipher = Cipher_pkcs1_v1_5.new(key)
plain_text = cipher.decrypt(base64.b64decode(cipher_text),'ERROR')
print plain_text
|
|