Hello All, Please bare with me but could someone explain the following exercise result? How can a different private key generate the same public key?
Basically I started a new VM and installed Ubuntu 13. Configured SSL and run the heartbleed script that is available in the wild. After a few packets got the RSA Modulus and one PrimeP. Converted the hex into decimal Divided the Modulus / PrimeP and got PrimeQ Used rsatool to generate RSA key and saved output in PEM format Compared (md5) the original key with the reconstructed key and got different values Extracted the pubkey from the original key and the reconstructed and got equal values. Signed a file with the original key and verified it successfully with the public reconstructed key. Here is the evidence: root@kali:~/Heartbleed# md5sum apache.key apache-recovered.key 8f3b1bc3c4fb4875b61ba39b6cf8f766 apache.key b3198c6328b097568018061b51834ddd apache-recovered.key root# openssl rsa -in apache-recovered.key -pubout > apache-recovered.pub.key writing RSA key root# openssl rsa -in apache.key -pubout > apache.pub.key writing RSA key root@kali:~/Heartbleed# md5sum apache.pub.key apache-recovered.pub.key 9c4420445578366d0369a744a12cf313 apache.pub.key 9c4420445578366d0369a744a12cf313 apache-recovered.pub.key root# openssl dgst -md5 -sign apache.key -out filename.sign filename root# openssl dgst -md5 -verify apache-recovered.pub.key -signature filename.sign filename Verified OK Thank you, Luis
