Home > Enterprise >  Is it possible to obtain the PGP message given only the public key and the signature?
Is it possible to obtain the PGP message given only the public key and the signature?

Time:09-30

Given a 2048bits SHA256 PGP public key and the PGP signature of a unknown text, how hard it would be for a dedicated operation (Eg.: a cryptocurrency mining farm) to obtain the the text?

Example:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGFUY5YBCADAUd3vl1hUXEN8Eyp G4zSv4O9Q9pvyDOs679RjjsAgP9FhGQp
nwDKILoKxF781Nk4fz6JaP171snXnKvrqMi852/wKwRuoFnMhGZOJVGzUm hrsWQ
8Jy3pd69PnMXCuCc6TQKJCCzDU7njv79g65K HctriArInWegYlG6twkgCm8nx53
TgqjsObbEw9 gY9wfup0dehiWbtXljqJATzexLZ6YNLR7uRXDe8BxDHm7o05Wzkw
0LUxxRdIpexpsm3OSvKXDcDrE3kk1HOwfZCJKAUlKJ9400knY/1MUK7LQ7MeIlUo
qC8iHui0LoEI7yCUiBOEvf qZtI1f6PJ7EqDABEBAAG0KkFydCBTcG9yZXIgKERl
ZGVubmUpIDxqYXZvbnRlMjA1MkB2b24ubmV0PokBTgQTAQgAOBYhBGY6wlHYKDTf
rHqpHgZJ3LS1GFs4BQJhVGOWAhsvBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
EAZJ3LS1GFs4SzEH/2GyUbG2p5de SAVb3i/GHRKSUyiDejNEp/OzDZ/FfXNsCbu
X7jVZNwmSOtKq5fsxCIip7mqRJz8tX5wEVamImDKf5qeFrurFO5cwsg2pT7h4/WB
ei9CwfslvmPZFa9dOY5eYmAzby1chlEOGj21nwWg9icayaVQsvP7GBkYcHp1aCUU
M17EXQ e /yUhxV RaJ3tPI5Ql7vKJVGzr3r/nfWNu45t9f0jsrPVxkdqOkXAMSP
B9hMexM/MpcUIjZE3oUn48NL6BYaR3OaXqjvFGMgoo9N5Nv4HfXR0H4FVp QpINm
KJA84SXbw/0W4J2NQ82mT40VM B9PnG/WAlLssC5AQ0EYVRjlgEIAMOoXSqIXfM0
nNSPi4KIETJqq5X5zwTMfJqMKJV9TnwLUuVjRgjbgVz7AGyNGcGy7038PsGFlhT0
M38O8UbQYvx9BTedM8KmFF9kZ7UyJBNzBj5VS2WNmssv3vjjCpYtKxQ6w8mHQwHx
Jy8vz3zrMQA/NmjJXRblFvmxPyFza/lakzQSLMOVTkTgB796L D5P9K4O/gupRFX
rzGj7LFyq2E9bgX3 ohH1W8ZivAcLxODXd6/3qogKYofV2O2/ykfO82qg4wHDtlC
xoccKN  diGW3IrarAFvVJn2kyp5hvaHjRssE/XwAZx7mdq3TBuM1U6B/QZPLuF7
Zkrdm b1L3kAEQEAAYkCbAQYAQgAIBYhBGY6wlHYKDTfrHqpHgZJ3LS1GFs4BQJh
VGOWAhsuAUAJEAZJ3LS1GFs4wHQgBBkBCAAdFiEEIdo0SYj3hyuLILYIpWnL4hoX
OrcFAmFUY5YACgkQpWnL4hoXOrdqQAf/ZP 2KKUxSwokfy5/xQaDjvPDwoaYfhRH
geFdGsk9jxnVtxOuq7FCVeQXepY4fCuglsEWcERKcAvOUIPVd2w/XzCPi99KTmu5
G8XLAFmcyelu6GKCaex1Y/CCYBkjoL0y LBE1fFuotVuaOmwc5BmUJc WQ4xqFIX
pKwvNMDFghQixw0YTbdaKWEVmUdfEwsXFXeqazxtKZiTdDxM71iqruug47Bbuwi4
O3Py8g1xlAc6QYpctmLjWQ0Qh8tTrlCWfwFutzrUcCoXrP7cPRrYQy7fGyv894YQ
Vo zvlW68aNQCcq xZVtYd8Oh1fuOT88ov6IM9m4F4EPqc2KeS8afcVFB/9FaZFp
J73XIKDplAtkoYU6P1n0qqp5tiuUqEOZSzoFSwDJAQ6Hhaop2ii2oDBFunspWZVZ
HzPHOoXHSi5CZKepFDbRjvkZMFZlTgMTaELk/1uAs2L7Mf1NQZaxTziq8zTTCCUB
OTUcQVYXa8IfnQVhKrfDnN9XoRBCMfdmy8lFVv3F7ri6k7O6MyYGxuWXQfh0HnSa
FygxYLa8ra6/0LrsBxc38IsGKbYCBbDypVB1b3az2dbSDnFwubHN1QIUOB BZ6Ed
tSPrAeShmapU4zseJ yTQbxvnQMCP6XflZSu5pkYaC 5SomBt5ofV9lTyN93eJtD
t5Kl07dg9  PND2S
=Dvhl
-----END PGP PUBLIC KEY BLOCK-----

And the signature:

-----BEGIN PGP SIGNATURE-----

iQFIBAEBCAAyFiEEIdo0SYj3hyuLILYIpWnL4hoXOrcFAmFUY5cUHGphdm9udGUy
MDUyQHZvbi5uZXQACgkQpWnL4hoXOrch5wf/WlVrtizRMlhKjQiCSU6rLVeT CaV
NQ5xDc1xESeS0ax5 GYi 96o4UGIjRSTmMNSAo6IrbWzpgbG5Moa6XvjyHL0ri7S
rIYN3CJMV4mkb6ow9Zg5rvfizsOifdkBOBZv26EehZobu71UD9kAPSh yLqwrutN
ew79b4O8p3D8MuTcHZ4J3Cb/N/bAU4eV7zp54O7YL7Zdpbg4LbmgWYg7uIcsYPl3
tiPS1b8dl65/gMzcAKO8Nw lg8ODRdHLJlHUR2SxWaHLpC4Vzgp2rnBQMQ0TVxfV
Y2KYMDWhbdu9CQ/Aljxc2MdZl0sZTMypsTmY WGSak6mlI roO8E8NWqWQ==
=YKLY
-----END PGP SIGNATURE-----

I imagine that increasing the bit size of the key or increasing the size and complexity of the unknown text are ways to increase the difficulty. Am I correct?

CodePudding user response:

Assuming the PGP key is an RSA key you can get the hash of the message that has been signed with (an RSA signature is an encrypted message hash that can be decrypted by the user's public key). Now you have the hash, but a hash function is a one-way function which means you can not reverse it.

For small messages (a few bytes) you may be able to brute force the message by generating the hash message for every possible message (a bit similar like attacking password by brute force testing).

Alternatively in case you would have a large set of plain text messages and you only want to identify the message the hash of the signature belongs to, this could be done too (this is similar to using an password list and testing each password on the list if it has the matching hash).

For other signature schemes like ECDSA as far as I know even retrieving the message hash is not possible, you can only test if a given message hash "matches" the present signature.

  • Related