In a digital certificate issued to a domain, using an RSA cipher, I would like to find the prime number used in the encryption. In firefox you get the public key size and the public exponent e used in RSA. Is it then possible to find the modulus?
I have been told it is possible to find all the components of the RSA public key in the certificate.
Firefox does show the modulus. It shows it in hexadecimal, though, because it's a really big number and most people don't want it as a number.
If you click in the box it expands to the full text, then with some careful mousing you can select from the beginning to the end (the other way around seems to close the box).
The current stackoverflow.com modulus is E2:20:10:03:D8:01:7E:F7:14:BA:E3:4C:CC:36:96:38:03:E0:60:2E:95:17:E6:CA:06:1C:55:DB:F2:45:8C:C6:9C:12:39:B3:11:F2:C1:1A:CE:BD:1F:57:BA:DF:76:39:2C:F0:D5:B1:9D:55:DE:81:BE:C5:FE:B5:68:93:2D:59:83:F1:FB:9F:3E:BC:79:75:00:EC:D4:D8:F6:F4:8F:44:5A:B8:B2:24:D6:9A:90:84:BC:A3:8C:08:07:7B:15:48:32:96:AC:C3:16:39:BF:3B:B4:11:FF:94:CC:0D:26:73:61:A7:B8:C9:BC:28:0E:EB:32:E7:A0:10:A7:16:F4:1A:02:F8:89:FF:FD:97:3B:C3:6C:34:9F:62:E7:B1:C9:0C:5C:90:1B:63:55:60:92:80:AA:67:36:0F:17:AF:F7:A2:6C:13:F2:BB:7E:6E:79:E6:18:25:A5:8D:32:88:54:64:07:8A:B0:67:7D:07:5B:3B:27:DA:7E:73:A1:69:E5:D6:A1:F6:BC:0E:86:56:E8:72:9B:29:9B:08:A4:24:97:93:CC:33:91:C1:02:07:DC:C0:EC:4D:02:1E:31:4A:EA:71:2C:A4:85:93:6D:47:48:F4:91:FF:76:59:98:27:BD:A2:C7:81:BB:DA:A7:A8:E5:B2:63:9B:CB:68:47:5E:F8:F3.
Throwing that at a big number converter, such as https://www.mobilefish.com/services/big_number/big_number.php, and converting hex to decimal, gives 28545667559270722536328739022786592253819358506259770100402101435896071697903628977420219545326987103272186552420452973169159370835343752815436439028214107596377595573672473455033151197271343902899123866538498523276704745196410920898299228024215266960005847032342465925829796610222069401784309268841026345683372697803322805210779147292332915465882324168923726887448041529546541821503314352568777720204912372696110914871608165395895300061714914624066001642195838915022687649853436371063685464728624168828232056605406696894580332490208286479538969275877424497344433351991392941870270197646347642298881819314989427521779
Related
Given a digitally signed PDF with a certificate I do not have the private key to, is it possible to alter the document, sign it with my certificate and keep the previous signature as 'history', that is, the old signature should not verify the integrity of the document, rather the user should just be able to see that it was once signed with this other certificate?
If it's your intention to remove the old signature (created with someone else's private key), alter the document, and add a new signature (using your own private key), then yes, that's possible.
If it's your intention to keep the old signature, and add a second (a so-called approval) signature (using your own private key), then it depends on the nature of the first signature (if that signature "locks" the document, it's not possible) whether or not you can alter the document in-between.
Moreover, altering the document will almost always invalidate the original signature. See Which operations are allowed on a digitally signed PDF? to find out which changes are possible (e.g. filling out a form field) and which changes are impossible (e.g. adding an extra page).
A not so elegant workaround that is used to tackle this by at least one of our customers, is to wrap the signed PDF in a PDF portfolio, and to add a cover page with additional info. A PDF portfolio is like a ZIP file that can be opened in Adobe Reader (and some other PDF viewers). That ZIP file can contain all kinds of other documents, including unaltered signed PDF's in which the signatures are kept intact.
Background:
I have written a java program using itext library to sign PDF with ikey.
I have two ikeys, one with a Common Name certificate, and the other has a Pseudonym certificate.
Description:
When I open the pdf signed by the Common Name cert in Acrobat Reader, it displays the blue ribbon meaning it's a valid signature, and in the Signature Panel it shows "Certified by Jane Doe". Everything is perfect.
However, if the certificate is a Pseudonym certificate, it displayed "Certified by %s".
In spite of the blue ribbon and the validation info all display correctly.(Not allowed to attach image, so put Screenshot here: http://imgur.com/lpvOKLz)
Questions:
Is this an issue with the Acrobat Reader, that it cannot display correct "Certified by" info if the pdf is signed by a Pseudonym certificate?
Any suggestion is appreciated.
I have seen Certified by %s before. See my book about digital signatures figure 2.23. I quote:
As expected, Alice’s certification signature is invalid after Carol
tried to sign the document using a second certification signature,
but the output is kind of strange. In the signature panel, we see
‘Certified by %s’ instead of ‘Certified by Carol’, and there’s a
looking glass instead of a red cross. These situations are rather
exotic and should be avoided. Let’s focus on real life examples, and
combine signing with form filling.
This quote is about the results of some experiments that conflict with the ISO specification / PAdES. You may have found another conflict.
In my book, I describe a situation where there are two certification signatures. This doesn't make sense as it is explicitly forbidden to add two certification signatures. It is also implied in the specs that the certification signature is always the first signature, although Adobe Reader doesn't complain (yet) if it isn't.
I can easily imagine that using a pseudonym certificate is also one of those exotic cases where Adobe Reader doesn't really know what to do. What is the sense of signing a document anonymously? Who should Adobe Reader pick as the authorized signer?
The fact that I've seen %s before, tells me (without even looking at your PDF) that %s is an artifact from Adobe Reader. I wrote some of the signing functionality in iText and I'm sure that we don't put the %s there.
I'm trying to verify PDF's digital signatures.
I know that when a PDF is signed, a byterange is defined, the certificates get embedded, and from what i've read, the signed message digest and the timestamp are also stored in the PDF.
I already can extract the certificates and validate them.
Now I'm trying to validate the pdf's integrity and my problem is I don't know where the signed message digest is located.
In this sample signed pdf from Adobe (http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf), i can clearly identify the digest since it is down below the embedded certificates: /DigestMethod/MD5/DigestValue/ (line 1520).
But that PDF sample seems to be from 2009, and I suspect the message digest is stored in a different way now, because I signed a PDF with Adobe Reader and also with iText, and I can't find any message digest field like the previous one.
Can someone tell if the digests are now stored in a different way? Where are they located?
Anyway, for now I'm using that sample document from Adobe, and trying to verify its integrity.
I'm getting the document's bytes to be signed acording to the specified byterange, and digesting them with MD5 algorithm, but the digest value I get doesn't match with the one from the message digest field...
Am I doing something wrong? Is the digest also signed with the signer's private key?
I appreciate any help.
There are numerous details to get right when calculating the hash for integrated PDF signatures, among them:
Extract the correct bytes from the PDF to hash. The ByteRange tells you exactly which byte ranges are signed. To be accepted in modern signing contexts, the ranges must cover the whole PDF file revision with the exception of the value of Contents.
Beware, the value of Contents includes the the leading '<' and the trailing '>' brackets.
Don't use a regular text editor or text processing instructions (like readln or writeln) to process PDFs. PDFs are binary in nature, even if they look textual to the naked eye. Copying PDF parts using such text related operations most likely changes them in details, definitively breaking the signature hash value.
When in doubt, don't guess but read the specification. A copy of ISO 32000-1 has been made available by Adobe here, and much you need to know about the PDF format to start processing them can be found there and in other public standards referenced in there. A very short introduction to integrated PDF signatures can be found in this answer and documents referenced from there.
I am not sure if this is the correct place for this question as this might be more of a theory based question. But I was also interested in the C# implementation of the following. And how feasible it is
I am planning on using PGP for encryption and decryption of files. Is it possible to encrypt the file with two public keys (my public key and the receiver's public key) so that if i will be able to decrypt the file using either one of the private keys.
Is this scenario feasible?
Is so what is the direction I should take for a correct implementation of the same.
Any help would be highly appreciated
On high level (if you use any PGP API), yes, you can pass two or more public PGP keys to OpenPGP API (or software) and have the data encrypted. Then you would be able to use a PGP secret key that corresponds to any of used public PGP keys to decrypt the data.
On lower level - OpenPGP always generates a symmetric key for encryption of data, and then this key is encrypted using one or more public PGP keys, consequently there's no difference how many keys to use.
Now, what to use depends on what platform and development environment you are using (as this is a programming site we assume that you are going to encrypt data in code). For Linux and C there exists GnuPG library. For Java and C# there's some PGP support in BouncyCastle. Finally, OpenPGPBlackbox of our SecureBlackbox library provides full scope of OpenPGP functionality for a number of platforms and languages, including .NET, VCL, ActiveX and C++.
On a side note, the answer you've accepted is completely wrong so I strongly suggest de-accepting it.
Look at this wiki page:
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
What you will see that actual data is encrypted/decrypt with random key and this random key is encrypted/decrypted with according public/private key.
So, as result you don't have to encrypt a file (data) using two keys. You still encrypt the data with one random key. The only difference is that you encrypt this random key with multiple public keys (as example your's and receiver's).
As result, any of you will be able to decrypt random key using private key and decrypt data.
The question could also belong to crypto.stackexchange.com but it is ok here, too. I am not sure whether you have understood the principles of PGP. A public key is used to encrypt and the private key is used to decrypt. So if you encrypt it by using your public key the receiver uses his/her private key to decrypt and/or sign.
For more information I recommend you should read about the RSA or ElGamal algorithm. Hope it helps you:
http://en.wikipedia.org/wiki/RSA
http://en.wikipedia.org/wiki/ElGamal_encryption
http://en.wikipedia.org/wiki/ElGamal_signature_scheme
Both algorithms provide a good way where you could start. Or you maybe want to join some online courses provided by Stanford University:
https://www.coursera.org/course/crypto
https://www.coursera.org/course/crypto2
The only way I can see it working is to have a zip or tar archive containing two files: one encrypted with key 1, the other with key 2.
If the file is text, you could paste two, differently encrypted versions of the same original file into one document.
There is no way to encrypt a file so it is decryptable with two different keys that I know of.
Basically im encrypting a message in PHP using openssl. I have already generated a valid key pair (both saved to PEM files).
In vb.net im trying to use the private key to decrypt the message saved in the mysql database, but i cant seem to find a way to incorporate the private key into the decryption examples. All the examples i have found all concentrate on generating a key pair.
Anyone have any ideas?
Thanks in advance