Private key redaction: Ur doin it rong

Redacting private keys may not be as secure as you think, especially for RSA keys. While only three of the values in a private key are absolutely necessary, most of the key’s data is almost as significant as the “public modulus”, which is the second number in the list. It is from this modulus that other values can be determined, including one of the “private primes,” meaning that even redacted keys can reveal sensitive data. Github user Mr. Johan Finn even had a poorly redacted private key in one of his scripts, meaning that anyone who knew where to look could access it.

To top