1rsakeyfind(1)                    User Commands                   rsakeyfind(1)
2
3
4

NAME

6       rsakeyfind - Locates BER-encoded RSA private keys in memory images.
7

SYNOPSIS

9       rsakeyfind MEMORY-IMAGE [MODULUS-FILE]
10

DESCRIPTION

12       rsakeyfind  is a tool that locates BER-encoded RSA private keys in MEM‐
13       ORY-IMAGE.  If a MODULUS-FILE is specified, it will locate private  and
14       public keys matching the hex-encoded modulus read from this file.
15
16       If  MODULUS-FILE  is  provided the program searches for the modulus and
17       attempts to parse the surrounding data as a BER-encoded public or  pri‐
18       vate key.
19
20       Otherwise the program searches for a fixed pattern--the BER-encoded RSA
21       version field followed by the integer type of the following field in an
22       RSA  key--and  attempts  to parse the surrounding data as a BER-encoded
23       private key.
24
25       These techniques were successfully tested on  a  Linux  system  running
26       Apache  2.2.3  with  mod_ssl.   However, RSA implementations that store
27       keys in memory using a different format will not be susceptible.
28

SEE ALSO

30       aesfix(1), aeskeyfind(1), biosmemimage(1)
31

AUTHOR

33       rsakeyfind was written by Nadia Heninger and J. Alex Halderman
34
Impressum