CVE-2 0 1 6-1 4 9 4 (python – rsa)vulnerability details-vulnerability warning-the black bar safety net

ID MYHACK58:62201673537
Type myhack58
Reporter uncleheart
Modified 2016-04-12T00:00:00


0×0 1 Overview CVE-2 0 1 6-1 4 9 4 vulnerability is about the Python-rsa signature forgery. In certain cases, can be forged a python rsa library to generate the signature information. But the premise needs an RSA public key exponent value e is small, the following are to e=3 discussion. A digital signature using a digital certificate's private key data of the digest encrypted to ensure data integrity, authenticity and non-repudiation of. Digital signatures are commonly used to make sure that whether the file is modified, the information needs to be passed has been tampered with. For example, to the word document signature so that the original file content can not be modified, or shop online to order pay ensure that to the server the order price information price has not been modified. 0×0 2 brief description of the RSA principles and how to perform encryption and decryption Simple to say, RSA common to the These values: p, q, n, e, d, A public key n, e and private key n, d, and where n=p*q, m is a ciphertext, c is the plaintext, e is generally 6 5 5 3 7, in python-rsa is the default for 6 5 5 3 7 in. RSA is an asymmetric encryption algorithm, the public key is published, private key is to be properly preserved. Encryption when using public key, decrypt using private key. For example: n=5 0 4 2 9, e=6 5 5 3 7, d=4 6 7 9 3, p=2 3 9, q=2 1 1 Bob has public key 5 0 4 2 9, 6 5 5 3 7 want to the owner of the private key 5 0 4 2 9 and 4 6 7 9 3 Alice sent the message. If the message sent is c=3 7, the public key encrypted ciphertext m = c^e mod n =2 5 8 0 4 Alice receives m after use private key to decrypt c = m ^ d mod n = 3 7 So get to know the decrypted content 3 7 In fact, you can also use private key to encrypt information sent out, and then use the public key to decrypt, but the application scenarios digital signature is different If you need the encrypted content is a string, which are generally converted to the byte then converted to int involved in the operation; encryption after the completion of the ciphertext are basically a non-printable character, typically using base64-coding to facilitate the ciphertext of the stored and transmitted. The following is the use of the rsa module to generate a pair of public and private key and perform encryption and decryption examples (pubkey, privkey) = rsa. newkeys(1 0 2 4) #1 0 2 4 mean n of binary length pub = pubkey. save_pkcs1() pubfile = open('public. pem','w+') #the public key is saved to file after the base64 encoding pubfile. write(pub) pubfile. close() pri = privkey. save_pkcs1() prifile = open('private. pem','w+') #the private key is saved to file after the base64 encoding prifile. write(pri) prifile. close()

From a file to load the public key and the key

message = 'hello' with open('public. pem') as publicfile: p = publickfile. read() pubkey = rsa. PublicKey. load_pkcs1(p) with open('private. pem') as privatefile: p = privatefile. read() privkey = rsa. PrivateKey. load_pkcs1(p)

Encrypted with the public key, then decrypted with the private key

crypto = rsa. encrypt(message, pubkey) message = rsa. decrypt(crypto, privkey) print( message)

sign with the private key signature carefully, and then use the public key to verify the signature

signature = rsa. sign(message, privkey, 'SHA-2 5 6') rsa. verify(message , signature, pubkey) 0×0 3 brief description of RSA signature principle RSA signature scheme used is PKCS#1 1.5, the basic principle is: 1) first calculate the required signature information of the HASH value(using MD5, SHA-1, SHA-2 5 6, SHA-3 8 4, SHA-5 1 2), then the coding of the following form: 0 0 0 1 FF FF ... FF FF 0 0 ASN. 1 HASH Wherein: a) The ASN. 1 contains the segment hash value of the type of information, as described in the source code show in HASH_ASN1, specific definitions please refer to the PKCS#1 RSA standard algorithm b) FF FF ... FF FF is the filling of the information, so that with n The number of bits of the same 2) will the segment encoded using private key encryption, i.e. it is converted to int type and do the operation on. 3) is converted to the type byte and prefix zeros to the n bits of the same number. 4) The signature is finished, return the signature information. The following is a python rsa module signature using the partial function HASH_ASN1 = { 'MD5': b('\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10'), 'SHA-1': b('\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14'), 'SHA-2 5 6': b('\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'), 'SHA-3 8 4': b('\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30'), 'SHA-5 1 2': b('\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40'), } def sign(message, priv_key, hash): """Signs the message with the private key. Hashes the message, then signs the hash with the given key. This is known as a "detached signature", because the message itself isn't altered. :param message: the message to sign. Can be an 8-bit string or a file-like object. If the message has a read() method, it is assumed to be a file-like object. :param priv_key: the :py:class:rsa. PrivateKey to sign with :param hash: the hash method used on the message. Use 'MD5', 'SHA-1', 'SHA-2 5 6', 'SHA-3 8 4' or 'SHA-5 1 2'. :return: a message signature block. :raise OverflowError: if the private key is too small to contain the requested hash. """

Get the ASN1 code for this hash method

if hash not in HASH_ASN1: raise ValueError('Invalid hash method: %s' % hash) asn1code = HASH_ASN1[hash]

Calculate the hash

hash = _hash(message, hash)

Encrypt the hash with the private key

[1] [2] [3] [4] [5] [6] next