0

I used an OpenSSL 1.0.1k 8 Jan 2015 version to generate a 32-bit RSA key, and I tried to generate a CSR for the key

$ openssl req -new -key privatekey.pem -out csr.pem 

139645847348928:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:127:
139645847348928:error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:a_sign.c:314:

openssl only allows me to generate no smaller than 384-bit. Is there another way for me to generate a CSR for my private key?

Pwny
  • 3
  • 2
  • 1
    If your RSA private key is 32 bit large, it is trivial to brute-force it. You get no security out of it whatsoever. –  Jan 15 '20 at 10:08
  • 1
    To illustrate just *how* insecure it is, all possible private keys are already downloadable [here](http://www.umopit.ru/CompLab/primes32eng.htm). –  Jan 15 '20 at 10:49
  • Im not trying to achieve security with this key. Thanks for the link! – Pwny Jan 17 '20 at 11:13

1 Answers1

2

You cannot encrypt anything with RSA which is larger than the key size (minus some padding and header) which means that you cannot sign anything if the signature algorithms results in a value larger than the key. A hash digest is 256 bit for SHA-256 or 192 bit for (already insecure) SHA-1, i.e. way larger than 32 bit.

Apart from that: why do you want to use such terribly insecure small key anyway?

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Im trying to create a weak key to brute force it. I'm using 32 bit because i thought it would be a simple task to brute force it. – Pwny Jan 17 '20 at 11:10
  • Is there a way for me to sign this key? – Pwny Jan 17 '20 at 11:16
  • @Pwny You can implement a simple RSA implementation from scratch with most languages. Any ready-made libraries usually have some minimum bitlength to prevent people accidentally creating such keys. –  Jan 17 '20 at 12:12
  • But how do i generate a CSR file from it? – Pwny Jan 17 '20 at 13:09
  • @Pwny: if you are trying to create a weak key to brute force it then just create the weak key and encrypt something. You cannot create a CSR and certificate with it though since for this you would need an acceptable digest algorithm (hash) which has way less then 32 bit output. There is none. – Steffen Ullrich Jan 17 '20 at 13:10
  • Ok thx. I managed to make it work with javascript. – Pwny Jan 17 '20 at 13:38