shmookey/rsa-decryption-order.sh

## rsa-decryption-order.sh
!/bin/bash

# Hypothesis: data encrypted with multiple RSA public keys can be
# decrypted by the matching private keys irrespective of the order in
# which the keys were originally used.

# We shall see about that.

# Generate two 1024-bit RSA keys `k` and `j`
openssl genrsa -out k 1024
openssl genrsa -out j 1024

# Create matching public keys
openssl rsa -pubout -in k -out k.pub
openssl rsa -pubout -in j -out j.pub

# Create a plaintext (must be same as key size to use raw cipher)
printf "%-128s" "Hello, world!" > foo

# Encrypt the plaintext with `k` and then `j`
openssl rsautl -raw -pubin -inkey k.pub -in foo -out foo.k -encrypt
openssl rsautl -raw -pubin -inkey j.pub -in foo.k -out foo.k.j -encrypt

# Control: first decrypt in the conventional order (`j` then `k`)
openssl rsautl -raw -inkey j -in foo.k.j -out foo-ctrl.k -decrypt
openssl rsautl -raw -inkey k -in foo-ctrl.k -out foo-ctrl -decrypt

# Test: now try decrypting the other way around (`k` then `j`)
openssl rsautl -raw -inkey k -in foo.k.j -out foo-test.j -decrypt
openssl rsautl -raw -inkey j -in foo-test.j -out foo-test -decrypt

# Compare the results:
echo "Result of decrypting the usual way:"
xxd foo-ctrl
echo "Result of decrypting the other way around:"
xxd foo-test

# OUTPUT
#
# Generating RSA private key, 1024 bit long modulus
# ................................................................++++++
# .................................++++++
# e is 65537 (0x10001)
# Generating RSA private key, 1024 bit long modulus
# .........++++++
# .................................++++++
# e is 65537 (0x10001)
# writing RSA key
# writing RSA key
# Result of decrypting the usual way:
# 0000000: 4865 6c6c 6f2c 2077 6f72 6c64 2120 2020  Hello, world!
# 0000010: 2020 2020 2020 2020 2020 2020 2020 2020
# 0000020: 2020 2020 2020 2020 2020 2020 2020 2020
# 0000030: 2020 2020 2020 2020 2020 2020 2020 2020
# 0000040: 2020 2020 2020 2020 2020 2020 2020 2020
# 0000050: 2020 2020 2020 2020 2020 2020 2020 2020
# 0000060: 2020 2020 2020 2020 2020 2020 2020 2020
# 0000070: 2020 2020 2020 2020 2020 2020 2020 2020
# Result of decrypting the other way around:
# 0000000: bedf 1b95 0cd7 2f28 1fa8 1a74 6c91 d027  ....../(...tl..'
# 0000010: fe89 731e ea4e 18cf 0ef2 3847 10d8 03fa  ..s..N....8G....
# 0000020: 60ea dfe5 fd2b 9cb0 b9df 0228 f210 288f  `....+.....(..(.
# 0000030: 56ba 0fd4 c300 3d0f 5bb5 cb67 0374 5de4  V.....=.[..g.t].
# 0000040: c099 f9e6 c8b3 a8b0 9acc 7f8c 76c2 1c0a  ............v...
# 0000050: 472c fcd7 c8be 437f 7499 b910 8dea 0482  G,....C.t.......
# 0000060: bcf2 a97f 1b51 83c2 2d45 f600 5f71 1da4  .....Q..-E.._q..
# 0000070: ed2d c1b6 5e8a d4e7 443e a234 9e7d bb36  .-..^...D>.4.}.6
	!/bin/bash

	# Hypothesis: data encrypted with multiple RSA public keys can be
	# decrypted by the matching private keys irrespective of the order in
	# which the keys were originally used.

	# We shall see about that.

	# Generate two 1024-bit RSA keys `k` and `j`
	openssl genrsa -out k 1024
	openssl genrsa -out j 1024

	# Create matching public keys
	openssl rsa -pubout -in k -out k.pub
	openssl rsa -pubout -in j -out j.pub

	# Create a plaintext (must be same as key size to use raw cipher)
	printf "%-128s" "Hello, world!" > foo

	# Encrypt the plaintext with `k` and then `j`
	openssl rsautl -raw -pubin -inkey k.pub -in foo -out foo.k -encrypt
	openssl rsautl -raw -pubin -inkey j.pub -in foo.k -out foo.k.j -encrypt

	# Control: first decrypt in the conventional order (`j` then `k`)
	openssl rsautl -raw -inkey j -in foo.k.j -out foo-ctrl.k -decrypt
	openssl rsautl -raw -inkey k -in foo-ctrl.k -out foo-ctrl -decrypt

	# Test: now try decrypting the other way around (`k` then `j`)
	openssl rsautl -raw -inkey k -in foo.k.j -out foo-test.j -decrypt
	openssl rsautl -raw -inkey j -in foo-test.j -out foo-test -decrypt

	# Compare the results:
	echo "Result of decrypting the usual way:"
	xxd foo-ctrl
	echo "Result of decrypting the other way around:"
	xxd foo-test

	# OUTPUT
	#
	# Generating RSA private key, 1024 bit long modulus
	# ................................................................++++++
	# .................................++++++
	# e is 65537 (0x10001)
	# Generating RSA private key, 1024 bit long modulus
	# .........++++++
	# .................................++++++
	# e is 65537 (0x10001)
	# writing RSA key
	# writing RSA key
	# Result of decrypting the usual way:
	# 0000000: 4865 6c6c 6f2c 2077 6f72 6c64 2120 2020 Hello, world!
	# 0000010: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000020: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000030: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000040: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000050: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000060: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000070: 2020 2020 2020 2020 2020 2020 2020 2020
	# Result of decrypting the other way around:
	# 0000000: bedf 1b95 0cd7 2f28 1fa8 1a74 6c91 d027 ....../(...tl..'
	# 0000010: fe89 731e ea4e 18cf 0ef2 3847 10d8 03fa ..s..N....8G....
	# 0000020: 60ea dfe5 fd2b 9cb0 b9df 0228 f210 288f `....+.....(..(.
	# 0000030: 56ba 0fd4 c300 3d0f 5bb5 cb67 0374 5de4 V.....=.[..g.t].
	# 0000040: c099 f9e6 c8b3 a8b0 9acc 7f8c 76c2 1c0a ............v...
	# 0000050: 472c fcd7 c8be 437f 7499 b910 8dea 0482 G,....C.t.......
	# 0000060: bcf2 a97f 1b51 83c2 2d45 f600 5f71 1da4 .....Q..-E.._q..
	# 0000070: ed2d c1b6 5e8a d4e7 443e a234 9e7d bb36 .-..^...D>.4.}.6