Locating private keys in RAM?
Mike Lisanke
mikelisanke at gmail.com
Tue Sep 5 18:31:57 EDT 2006
Douglas,
Many applications using RSA make use of a private key in its ASN.1 BER form.
In this format, the surrounding encoding of a private key becomes very
easily recognizable.
The follow is an excerpt from RFC3447 (PKCS#1)
-- Representation of RSA private key with information for the CRT
-- algorithm.
--
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
Version ::= INTEGER { two-prime(0), multi(1) }
(CONSTRAINED BY {
-- version must be multi if otherPrimeInfos present --
})
OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
OtherPrimeInfo ::= SEQUENCE {
prime INTEGER, -- ri
exponent INTEGER, -- di
coefficient INTEGER -- ti
}
In ASN.1 BER each integer, a sequence, a version, etc. all have well defined
form of octet (bytes) which represent both the type of object, its size, as
well as its value.
On 9/4/06, Douglas F. Calvert <douglasfcalvert at gmail.com> wrote:
> Hello,
> I remember seeing a paper about identifying private keys in RAM. I
> thought it was by Rivest but I can not locate it for the life of me.
> Does anyone remember reading something like this? The basic operation
> was to identify areas in RAM that had certain characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...
>
>
> --
> --dfc
> douglasfcalvert at gmail.com
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com
>
Best regards,
--
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20060905/9bd1a423/attachment.html>
More information about the cryptography
mailing list