Data Formats

Privacy-Enhanced Mail?

Using openssl, we can just run the command openssl rsa -in filename.pem -text -noout. Here, the result will be printed in hex bytes.

Using Python, we can use this code. The flag is the value of d

from Crypto.PublicKey import RSA

key = RSA.import_key(open("privacy_enhanced_mail.pem", "rb").read())

print(key.n)
print(key.e)
print(key.d)

Flag: 15682700288056331364787171045819973654991149949197959929860861228180021707316851924456205543665565810892674190059831330231436970914474774562714945620519144389785158908994181951348846017432506464163564960993784254153395406799101314760033445065193429592512349952020982932218524462341002102063435489318813316464511621736943938440710470694912336237680219746204595128959161800595216366237538296447335375818871952520026993102148328897083547184286493241191505953601668858941129790966909236941127851370202421135897091086763569884760099112291072056970636380417349019579768748054760104838790424708988260443926906673795975104689

CERTainly not

DER is just what's inside a PEM file, the one that'll be encoded to base64. In this code, we can directly get n value. We can also convert the DER file to a PEM format.

from Crypto.PublicKey import RSA

der_data = RSA.import_key(open("2048b-rsa-example-cert.der", "rb").read())

# Get DER data
print(der_data.e)
print(der_data.n)

# Convert to PEM
pem_data = der_data.export_key(format="PEM")
print(pem_data.decode())
open("key.pem", "wb").write(pem_data)

Flag: 22825373692019530804306212864609512775374171823993708516509897631547513634635856375624003737068034549047677999310941837454378829351398302382629658264078775456838626207507725494030600516872852306191255492926495965536379271875310457319107936020730050476235278671528265817571433919561175665096171189758406136453987966255236963782666066962654678464950075923060327358691356632908606498231755963567382339010985222623205586923466405809217426670333410014429905146941652293366212903733630083016398810887356019977409467374742266276267137547021576874204809506045914964491063393800499167416471949021995447722415959979785959569497

SSH Keys

The reason why public keys (.pub) have different format (they use SSH wire encoding instead of DER) is that the private key (.pem) contains a lot of unnecessary information that's present to provide faster decryption. The public key files, however, only has the values of e and n, which is enough to authenticate a user.

from cryptography.hazmat.primitives import serialization

pubkey_data = open("bruce_rsa.pub", "rb").read()
pubkey = serialization.load_ssh_public_key(pubkey_data)

n = pubkey.public_numbers().n

print(n)

Flag: 3931406272922523448436194599820093016241472658151801552845094518579507815990600459669259603645261532927611152984942840889898756532060894857045175300145765800633499005451738872081381267004069865557395638550041114206143085403607234109293286336393552756893984605214352988705258638979454736514997314223669075900783806715398880310695945945147755132919037973889075191785977797861557228678159538882153544717797100401096435062359474129755625453831882490603560134477043235433202708948615234536984715872113343812760102812323180391544496030163653046931414723851374554873036582282389904838597668286543337426581680817796038711228401443244655162199302352017964997866677317161014083116730535875521286631858102768961098851209400973899393964931605067856005410998631842673030901078008408649613538143799959803685041566964514489809211962984534322348394428010908984318940411698961150731204316670646676976361958828528229837610795843145048243492909

Transparency

Here's the thing. A certificate contains the public key as well as the associated domain and CA signature. Right now, we are given only the public key, and we need to find the domain.

Certificate Transparency (CT) Logs list all certificates that have been issued by a CA, along with the domain name and the public key's signature. To access all the CT logs, we can use https://crt.sh/.

First, we need to calculate the signature of the public key, which can be done by converting the .pem file to the DER format, and then taking its sha256 value. We can use this command:

openssl rsa -pubin -in transparency.pem -outform DER | openssl sha256

Hash: 29ab37df0a4e4d252f0cf12ad854bede59038fdd9cd652cbc5c222edd26d77d2

After that, using crt.sh's advanced search function, we can select SHA-256(SubjectPublicKeyInfo) and insert the hash value we got. As the result, we got this certificate entry: https://crt.sh/?id=3347792120 which says that it belongs to thetransparencyflagishere.cryptohack.org.

Flag: crypto{thx_redpwn_for_inspiration}