[41151] in cryptography@c2.net mail archive
Re: Locating private keys in RAM?
daemon@ATHENA.MIT.EDU (Mike Lisanke)
Thu Sep 7 07:54:34 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 5 Sep 2006 18:31:57 -0400
From: "Mike Lisanke" <mikelisanke@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <20ee876b0609041814p41ba29ffwee18a64bac5ff2a0@mail.gmail.com>
------=_Part_5734_1312527.1157495517109
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Douglas,
Many applications using RSA make use of a private key in its ASN.1 BER form.
In this format, the surrounding encoding of a private key becomes very
easily recognizable.
The follow is an excerpt from RFC3447 (PKCS#1)
-- Representation of RSA private key with information for the CRT
-- algorithm.
--
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
Version ::= INTEGER { two-prime(0), multi(1) }
(CONSTRAINED BY {
-- version must be multi if otherPrimeInfos present --
})
OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
OtherPrimeInfo ::= SEQUENCE {
prime INTEGER, -- ri
exponent INTEGER, -- di
coefficient INTEGER -- ti
}
In ASN.1 BER each integer, a sequence, a version, etc. all have well defined
form of octet (bytes) which represent both the type of object, its size, as
well as its value.
On 9/4/06, Douglas F. Calvert <douglasfcalvert@gmail.com> wrote:
> Hello,
> I remember seeing a paper about identifying private keys in RAM. I
> thought it was by Rivest but I can not locate it for the life of me.
> Does anyone remember reading something like this? The basic operation
> was to identify areas in RAM that had certain characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...
>
>
> --
> --dfc
> douglasfcalvert@gmail.com
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo@metzdowd.com
>
Best regards,
--
Mike
------=_Part_5734_1312527.1157495517109
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Douglas,<br><br>Many applications using RSA make use of a private key
in its ASN.1 BER form. In this format, the surrounding encoding of a
private key becomes very easily recognizable. <br><br>The follow is an excerpt from RFC3447 (PKCS#1)<br><br>
<div style="margin-left: 40px; font-family: courier new,monospace;">-- Representation of RSA private key with information for the CRT<br>
-- algorithm.<br>
--<br>
RSAPrivateKey ::= SEQUENCE {<br>
version Version,<br>
modulus INTEGER, -- n<br>
publicExponent INTEGER, -- e<br>
privateExponent INTEGER, -- d<br>
prime1 INTEGER, -- p<br>
prime2 INTEGER, -- q<br>
exponent1 INTEGER, -- d mod (p-1)<br>
exponent2 INTEGER, -- d mod (q-1)<br>
coefficient INTEGER, -- (inverse of q) mod p<br>
otherPrimeInfos OtherPrimeInfos OPTIONAL<br>
}<br>
<br>
Version ::= INTEGER { two-prime(0), multi(1) }<br>
(CONSTRAINED BY {<br>
-- version must be multi if otherPrimeInfos present --<br>
})<br>
<br>
OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo<br>
<br>
OtherPrimeInfo ::= SEQUENCE {<br>
prime INTEGER, -- ri<br>
exponent INTEGER, -- di<br>
coefficient INTEGER -- ti<br>
}<br>
</div>
<br>
In ASN.1 BER each integer, a sequence, a version, etc. all have well
defined form of octet (bytes) which represent both the type of object,
its size, as well as its value.<br><br>On 9/4/06, Douglas F. Calvert <<a href="mailto:douglasfcalvert@gmail.com">douglasfcalvert@gmail.com</a>> wrote:<br>> Hello,<br>> I remember seeing a paper about identifying private keys in RAM. I
<br>> thought it was by Rivest but I can not locate it for the life of me.<br>> Does anyone remember reading something like this? The basic operation<br>> was to identify areas in RAM that had certain characteristics such as
<br>> random bits and identifiable key headers...<br>> Any help would be greatly appreciated...<br>> <br>> <br>> --<br>> --dfc<br>> <a href="mailto:douglasfcalvert@gmail.com">douglasfcalvert@gmail.com
</a><br>> <br>> ---------------------------------------------------------------------<br>> The Cryptography Mailing List<br>> Unsubscribe by sending "unsubscribe cryptography" to <a href="mailto:majordomo@metzdowd.com">
majordomo@metzdowd.com</a><br>> <br><br>Best regards,<br>-- <br>Mike
------=_Part_5734_1312527.1157495517109--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
