1

I was wondering how I use a public key to validate a private key.

I have absolute no idea what I am doing

I am given a public key in the form :

"<RSAKeyValue><Modulus>tuRctbsnB4OSsR7gqNy1ovYZ4vDTn543o4ldX8Wthfjk7dAQKPHQYUmB7EyC4qFQ2GY3/Q+mDjJBDCWbsb8gyFuyU3L93UJ/7szvO+2A/t520srjCN4Yv7HirgpAI0LaWlo1UUUixMU2+kYNv/kBeVUL47TvOIpm0JqstQVDHhJtNMwcbY+3Q0nN4D1jNkSrQitCF3Sdms1kwsIFcdHcUh3WcUBkIefcB97DZKVY915IFbhf1/xdpPBa/E0WjNgtF5q4FI5ClH2CxsDwy2mL6qzZMvRPNWUhaFKlX+CcGvFQOtuJ4K8PZ0P3Wsq55ccxafZp3BQrEcBbto5Cll/E0Q==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"

which is a string and I am trying to validate a private key (which is also provided as a string) with it using python. I know what the issuer and audience needs to be but I'm not sure what to do with all this information.

I have looked at some peoples examples of using various packages but I can't seem to figure out what type pub_key, private_key, and message would be... Please help me... I wish to learn

OldmanCoders
  • 68
  • 7
  • 2
    Possible duplicate of [RSA encryption and decryption in Python](https://stackoverflow.com/questions/30056762/rsa-encryption-and-decryption-in-python) – Kevin Welch Sep 19 '19 at 22:16
  • 1
    Base 64 decode the components of the public key and create the public key. Then create a signature with the private key and verify it with the public key. If it verifies, the keys form a key pair. – Maarten Bodewes Sep 21 '19 at 09:00
  • @KevinWelch I'm not finding answers to actually validating public and private keys in the https://stackoverflow.com/questions/30056762/rsa-encryption-and-decryption-in-python link you've shared. Validating a key pair is different from encrypting or decrypting plaintext. – Nikhil VJ Oct 24 '21 at 01:33
  • @MaartenBodewes can you pls share a link to docu on the function/class that does this verification ? – Nikhil VJ Oct 24 '21 at 01:37

1 Answers1

1

Base 64 decode the components - modulus and public exponent - of the public key from within the XML and create the public key from the decoded unsigned, big endian number values.

Then create a signature with the private key over any data and verify it with the public key using the same RSA signature algorithm such as RSA with PKCS#1 v1.5 padding. If it verifies, the keys form a key pair.

OK, since one user seems to keep struggling, let's actually give some code for you to work with (using Python3 for the integer creation using from_bytes):

#!/bin/python
from Crypto.PublicKey import RSA
from xml.dom import minidom
from base64 import b64decode

document = """\
<RSAKeyValue>
  <Modulus>tuRctbsnB4OSsR7gqNy1ovYZ4vDTn543o4ldX8Wthfjk7dAQKPHQYUmB7EyC4qFQ2GY3/Q+mDjJBDCWbsb8gyFuyU3L93UJ/7szvO+2A/t520srjCN4Yv7HirgpAI0LaWlo1UUUixMU2+kYNv/kBeVUL47TvOIpm0JqstQVDHhJtNMwcbY+3Q0nN4D1jNkSrQitCF3Sdms1kwsIFcdHcUh3WcUBkIefcB97DZKVY915IFbhf1/xdpPBa/E0WjNgtF5q4FI5ClH2CxsDwy2mL6qzZMvRPNWUhaFKlX+CcGvFQOtuJ4K8PZ0P3Wsq55ccxafZp3BQrEcBbto5Cll/E0Q==</Modulus>
  <Exponent>AQAB</Exponent>
</RSAKeyValue>
"""

xmldoc = minidom.parseString(document)

modulusB64 = xmldoc.getElementsByTagName('Modulus')[0].firstChild.data
modulusBin = b64decode(modulusB64)
modulus = int.from_bytes(modulusBin, 'big', signed=False)

exponentB64 = xmldoc.getElementsByTagName('Exponent')[0].firstChild.data 
exponentBin = b64decode(exponentB64)
exponent = int.from_bytes(exponentBin, 'big', signed=False) 

public_key = RSA.construct((modulus, exponent))

Unfortunately I don't havea signature to verify (or a private key to decrypt) so I cannot help you verifying that the public key belongs to the private key. I guess there should be code samples out there that shows basic signature verification or encryption with the public key. Note that the modulus should also be unique and present in both keys for RSA, but that only helps with identification of the keys in the key pair, not so much validation.

Beware that I'm not a python programmer by profession, so there may be shortcuts for what I'm doing; feel free to edit them in.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • pls share some code examples. I've been searching for an hour for python code which takes a public and private key and validates. Can't find anything. – Nikhil VJ Oct 20 '21 at 03:42
  • Maybe programming is a little more than finding code snippets on the internet. – Maarten Bodewes Oct 20 '21 at 09:03
  • maybe posting a reference to the relevant technical docs can help? I'm here: https://www.pycryptodome.org/en/latest/src/examples.html#generate-public-key-and-private-key I'm not able to find the place in the docs where to "validate a private key using a public key" as the original question says though. – Nikhil VJ Oct 24 '21 at 01:30
  • That's just signature creation and verification, as stated in the answer. If the signature verifies it must be created using the private key. – Maarten Bodewes Oct 24 '21 at 13:39
  • 1
    @NikhilVJ I've updated my answer with code.. – Maarten Bodewes Oct 24 '21 at 14:16