shmookey · April 30, 2016 21:42
diff --git a/rsa-decryption-order.sh b/rsa-decryption-order.sh
 !/bin/bash

 # Hypothesis: data encrypted with multiple RSA public keys can be
 # decrypted by the matching private keys irrespective of the order in
 # which the keys were originally used.

 # We shall see about that.

 # Generate two 1024-bit RSA keys `k` and `j`
 openssl genrsa -out k 1024
 openssl genrsa -out j 1024

 # Create matching public keys
 openssl rsa -pubout -in k -out k.pub
 openssl rsa -pubout -in j -out j.pub

 # Create a plaintext (must be same as key size to use raw cipher)
 printf "%-128s" "Hello, world!" > foo

 # Encrypt the plaintext with `k` and then `j`
 openssl rsautl -raw -pubin -inkey k.pub -in foo -out foo.k -encrypt
 openssl rsautl -raw -pubin -inkey j.pub -in foo.k -out foo.k.j -encrypt

 # Control: first decrypt in the conventional order (`j` then `k`)
 openssl rsautl -raw -inkey j -in foo.k.j -out foo-ctrl.k -decrypt
 openssl rsautl -raw -inkey k -in foo-ctrl.k -out foo-ctrl -decrypt

 # Test: now try decrypting the other way around (`k` then `j`)
 openssl rsautl -raw -inkey k -in foo.k.j -out foo-test.j -decrypt
 openssl rsautl -raw -inkey j -in foo-test.j -out foo-test -decrypt

 # Compare the results:
 echo "Result of decrypting the usual way:"
 xxd foo-ctrl
 echo "Result of decrypting the other way around:"
 xxd foo-test

 # OUTPUT
 #
 # Generating RSA private key, 1024 bit long modulus
 # ................................................................++++++
 # .................................++++++
 # e is 65537 (0x10001)
 # Generating RSA private key, 1024 bit long modulus
 # .........++++++
 # .................................++++++
 # e is 65537 (0x10001)
 # writing RSA key
 # writing RSA key
 # Result of decrypting the usual way:
 # 0000000: 4865 6c6c 6f2c 2077 6f72 6c64 2120 2020  Hello, world!
 # 0000010: 2020 2020 2020 2020 2020 2020 2020 2020
 # 0000020: 2020 2020 2020 2020 2020 2020 2020 2020
 # 0000030: 2020 2020 2020 2020 2020 2020 2020 2020
 # 0000040: 2020 2020 2020 2020 2020 2020 2020 2020
 # 0000050: 2020 2020 2020 2020 2020 2020 2020 2020
 # 0000060: 2020 2020 2020 2020 2020 2020 2020 2020
 # 0000070: 2020 2020 2020 2020 2020 2020 2020 2020
 # Result of decrypting the other way around:
 # 0000000: bedf 1b95 0cd7 2f28 1fa8 1a74 6c91 d027  ....../(...tl..'
 # 0000010: fe89 731e ea4e 18cf 0ef2 3847 10d8 03fa  ..s..N....8G....
 # 0000020: 60ea dfe5 fd2b 9cb0 b9df 0228 f210 288f  `....+.....(..(.
 # 0000030: 56ba 0fd4 c300 3d0f 5bb5 cb67 0374 5de4  V.....=.[..g.t].
 # 0000040: c099 f9e6 c8b3 a8b0 9acc 7f8c 76c2 1c0a  ............v...
 # 0000050: 472c fcd7 c8be 437f 7499 b910 8dea 0482  G,....C.t.......
 # 0000060: bcf2 a97f 1b51 83c2 2d45 f600 5f71 1da4  .....Q..-E.._q..
 # 0000070: ed2d c1b6 5e8a d4e7 443e a234 9e7d bb36  .-..^...D>.4.}.6
	!/bin/bash

	# Hypothesis: data encrypted with multiple RSA public keys can be
	# decrypted by the matching private keys irrespective of the order in
	# which the keys were originally used.

	# We shall see about that.

	# Generate two 1024-bit RSA keys `k` and `j`
	openssl genrsa -out k 1024
	openssl genrsa -out j 1024

	# Create matching public keys
	openssl rsa -pubout -in k -out k.pub
	openssl rsa -pubout -in j -out j.pub

	# Create a plaintext (must be same as key size to use raw cipher)
	printf "%-128s" "Hello, world!" > foo

	# Encrypt the plaintext with `k` and then `j`
	openssl rsautl -raw -pubin -inkey k.pub -in foo -out foo.k -encrypt
	openssl rsautl -raw -pubin -inkey j.pub -in foo.k -out foo.k.j -encrypt

	# Control: first decrypt in the conventional order (`j` then `k`)
	openssl rsautl -raw -inkey j -in foo.k.j -out foo-ctrl.k -decrypt
	openssl rsautl -raw -inkey k -in foo-ctrl.k -out foo-ctrl -decrypt

	# Test: now try decrypting the other way around (`k` then `j`)
	openssl rsautl -raw -inkey k -in foo.k.j -out foo-test.j -decrypt
	openssl rsautl -raw -inkey j -in foo-test.j -out foo-test -decrypt

	# Compare the results:
	echo "Result of decrypting the usual way:"
	xxd foo-ctrl
	echo "Result of decrypting the other way around:"
	xxd foo-test

	# OUTPUT
	#
	# Generating RSA private key, 1024 bit long modulus
	# ................................................................++++++
	# .................................++++++
	# e is 65537 (0x10001)
	# Generating RSA private key, 1024 bit long modulus
	# .........++++++
	# .................................++++++
	# e is 65537 (0x10001)
	# writing RSA key
	# writing RSA key
	# Result of decrypting the usual way:
	# 0000000: 4865 6c6c 6f2c 2077 6f72 6c64 2120 2020 Hello, world!
	# 0000010: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000020: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000030: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000040: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000050: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000060: 2020 2020 2020 2020 2020 2020 2020 2020
	# 0000070: 2020 2020 2020 2020 2020 2020 2020 2020
	# Result of decrypting the other way around:
	# 0000000: bedf 1b95 0cd7 2f28 1fa8 1a74 6c91 d027 ....../(...tl..'
	# 0000010: fe89 731e ea4e 18cf 0ef2 3847 10d8 03fa ..s..N....8G....
	# 0000020: 60ea dfe5 fd2b 9cb0 b9df 0228 f210 288f `....+.....(..(.
	# 0000030: 56ba 0fd4 c300 3d0f 5bb5 cb67 0374 5de4 V.....=.[..g.t].
	# 0000040: c099 f9e6 c8b3 a8b0 9acc 7f8c 76c2 1c0a ............v...
	# 0000050: 472c fcd7 c8be 437f 7499 b910 8dea 0482 G,....C.t.......
	# 0000060: bcf2 a97f 1b51 83c2 2d45 f600 5f71 1da4 .....Q..-E.._q..
	# 0000070: ed2d c1b6 5e8a d4e7 443e a234 9e7d bb36 .-..^...D>.4.}.6