def generate_keypair_num(bits, e=E): while True: p = getStrongPrime(bits) q = getStrongPrime(bits) n = p * q et = (p - 1) * (q - 1) if gcd(et, e) == 1: break d = invmod(e, et) return ((e, n), (d, n))
def deadbeef(target=_TEST_TARGET, length=128, prime_length=4096, public_exponent=65537): """Perform the 0xdeadbeef attack. Returns a strong prime `p`, a prime `q`, and a private exponent `d` such that the last `length` bits of `p * q` is equal to `target`. (It is obvious, I hope, that the resulting key does not have any particular security guarantee.) Or loops forever if the last bit of `target` is `0`. """ d = 0 while not d: N = 2 ** length p = pubkey.getStrongPrime(2048-128) x = target * 2 ** (2048 - 128 - 2 * length) - 1 q = x * ((target * invert(p * x, N)) % N) while not pubkey.isPrime(q): q += N phi = (p - 1) * (q - 1) d = invert(public_exponent, phi) n = p * q e = public_exponent with open(hex(n)[:18], 'wb') as f: f.write("n = {}\ne = {}\nd = {}\np = {}\nq = {}\n" .format(n, e, d, p, q)) return n, e, d, p, q
def generate_pq(modbits): # generate primes p ad q # stolen from pycrypt p = q = 1L while number.size(p*q) < modbits: if modbits > 512 : # Note that q might be one bit longer than p if somebody specifies an odd # number of bits for the key. (Why would anyone do that? You don't get # more security.) p = pubkey.getStrongPrime(modbits>>1, 0, 1e-12, None) q = pubkey.getStrongPrime(modbits - (modbits>>1), 0, 1e-12, None) else : p = pubkey.getPrime(modbits>>1, None) q = pubkey.getPrime(modbits - (modbits>>1), None) return (p, q)
def generate_pq(modBits): ''' Generate p, q (public key) with modBits bits for SRA encryption generate primes p and q, from Sefasi and pycrypt ''' assert (modBits % 2 == 0) # must provide even number of bits p = q = 1L while number.size(p * q) < modBits: if modBits > 512: p = pubkey.getStrongPrime(modBits >> 1, 0, 1e-12, None) q = pubkey.getStrongPrime(modBits - (modBits >> 1), 0, 1e-12, None) else: p = pubkey.getPrime(modBits >> 1, None) q = pubkey.getPrime(modBits - (modBits >> 1), None) return (p, q)
def generate_pq(modbits): # generate primes p ad q # stolen from pycrypt p = q = 1L while number.size(p * q) < modbits: if modbits > 512: # Note that q might be one bit longer than p if somebody specifies an odd # number of bits for the key. (Why would anyone do that? You don't get # more security.) p = pubkey.getStrongPrime(modbits >> 1, 0, 1e-12, None) q = pubkey.getStrongPrime(modbits - (modbits >> 1), 0, 1e-12, None) else: p = pubkey.getPrime(modbits >> 1, None) q = pubkey.getPrime(modbits - (modbits >> 1), None) return (p, q)
def main(): import os from Crypto.PublicKey.pubkey import getStrongPrime S = getStrongPrime(512) % N C1 = (pow(S, E, N) * C) % N P1 = submit(C1) P = (P1 * invmod(S, N)) % N print(i2s(P))
def generate_py(bits, randfunc, progress_func=None, e=65537): """generate(bits:int, randfunc:callable, progress_func:callable, e:int) Generate an RSA key of length 'bits', public exponent 'e'(which must be odd), using 'randfunc' to get random data and 'progress_func', if present, to display the progress of the key generation. """ obj=RSAobj() obj.e = long(e) # Generate the prime factors of n if progress_func: progress_func('p,q\n') p = q = 1L while number.size(p*q) < bits: # Note that q might be one bit longer than p if somebody specifies an odd # number of bits for the key. (Why would anyone do that? You don't get # more security.) p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) q = pubkey.getStrongPrime(bits - (bits>>1), obj.e, 1e-12, randfunc) # It's OK for p to be larger than q, but let's be # kind to the function that will invert it for # th calculation of u. if p > q: (p, q)=(q, p) obj.p = p obj.q = q if progress_func: progress_func('u\n') obj.u = pubkey.inverse(obj.p, obj.q) obj.n = obj.p*obj.q if progress_func: progress_func('d\n') obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1)) assert bits <= 1+obj.size(), "Generated key is too small" return obj
def generate_py(bits, randfunc, progress_func=None): """generate(bits:int, randfunc:callable, progress_func:callable) Generate an RSA key of length 'bits', using 'randfunc' to get random data and 'progress_func', if present, to display the progress of the key generation. """ obj = RSAobj() obj.e = 65537L # Generate the prime factors of n if progress_func: progress_func('p,q\n') p = q = 1L while number.size(p * q) < bits: # Note that q might be one bit longer than p if somebody specifies an odd # number of bits for the key. (Why would anyone do that? You don't get # more security.) p = pubkey.getStrongPrime(bits >> 1, obj.e, 1e-12, randfunc) q = pubkey.getStrongPrime(bits - (bits >> 1), obj.e, 1e-12, randfunc) # p shall be smaller than q (for calc of u) if p > q: (p, q) = (q, p) obj.p = p obj.q = q if progress_func: progress_func('u\n') obj.u = pubkey.inverse(obj.p, obj.q) obj.n = obj.p * obj.q if progress_func: progress_func('d\n') obj.d = pubkey.inverse(obj.e, (obj.p - 1) * (obj.q - 1)) assert bits <= 1 + obj.size(), "Generated key is too small" return obj
def generate_py(bits, randfunc, progress_func=None, e=65537): obj = RSAobj() obj.e = long(e) if progress_func: progress_func('p,q\n') p = q = 1L while number.size(p * q) < bits: p = pubkey.getStrongPrime(bits >> 1, obj.e, 1e-12, randfunc) q = pubkey.getStrongPrime(bits - (bits >> 1), obj.e, 1e-12, randfunc) if p > q: p, q = q, p obj.p = p obj.q = q if progress_func: progress_func('u\n') obj.u = pubkey.inverse(obj.p, obj.q) obj.n = obj.p * obj.q if progress_func: progress_func('d\n') obj.d = pubkey.inverse(obj.e, (obj.p - 1) * (obj.q - 1)) return obj
def generate_py(bits, randfunc, progress_func=None): """generate(bits:int, randfunc:callable, progress_func:callable) Generate an RSA key of length 'bits', using 'randfunc' to get random data and 'progress_func', if present, to display the progress of the key generation. """ obj=RSAobj() obj.e = 65537L # Generate the prime factors of n if progress_func: progress_func('p,q\n') p = q = 1L while number.size(p*q) < bits: # Note that q might be one bit longer than p if somebody specifies an odd # number of bits for the key. (Why would anyone do that? You don't get # more security.) p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) q = pubkey.getStrongPrime(bits - (bits>>1), obj.e, 1e-12, randfunc) # p shall be smaller than q (for calc of u) if p > q: (p, q)=(q, p) obj.p = p obj.q = q if progress_func: progress_func('u\n') obj.u = pubkey.inverse(obj.p, obj.q) obj.n = obj.p*obj.q if progress_func: progress_func('d\n') obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1)) assert bits <= 1+obj.size(), "Generated key is too small" return obj
help="Only match full, not just prefix") parser.add_argument("--processes", "-p", type=int, default=cpu_count(), help="Number of worker processes") args = parser.parse_args() q = Queue(args.processes) processes = [] s = Search(wordlists=args.word_lists.split(','), full=args.full) c = Value('i', 0) for i in range(0, args.processes): print("[+] Starting worker {}".format(i + 1)) processes.append(Process(target=generator, args=(q, s, i + 1, c))) processes[i].start() processes.append(Process(target=counter, args=(c, ))) processes[-1].start() try: while True: q.put((getStrongPrime(512, 3, 1e-12), getStrongPrime(512, 3, 1e-12))) except KeyboardInterrupt: print("[-] Interrupt received, stopping workers.") stdout.flush() for p in processes: p.terminate() for p in processes: p.join()