Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature request] Reconstruct RSA keys from signatures, to aid with key-confusion attacks #34

Open
the-useless-one opened this issue Feb 9, 2021 · 1 comment
Open

[Feature request] Reconstruct RSA keys from signatures, to aid with key-confusion attacks #34

the-useless-one opened this issue Feb 9, 2021 · 1 comment
Assignees
@ticarpi
Labels
enhancement

Comments

@the-useless-one
Copy link

Hi!

@silentsignal recently published an article on how to reconstruct RSA keys from RSA signatures, and how it can be useful with key-confusion attacks on JWT.

They published rsa_sign2n, which can be used to recreate RSA keys from JWTs. It would be useful to have this attack implemented in jwt_tool.

Thank you for this tool, and for the very detailed wiki!
@ticarpi ticarpi self-assigned this Mar 30, 2021
@ticarpi
Copy link
Owner

ticarpi commented Mar 30, 2021

I have this working in beta currently, and it works on keys with common configurations.
I'm cleaning it up to make it work against more keys, and to integrate better with the rest of the tool.
Should be pushing to live soon.

@ticarpi ticarpi pinned this issue Mar 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ticarpi ticarpi

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@the-useless-one @ticarpi