是否可以只给定 public 密钥和签名来获取 PGP 消息?
Is it possible to obtain the PGP message given only the public key and the signature?
给定 2048 位 SHA256 PGP public 密钥和未知文本的 PGP 签名,专用操作(例如:加密货币采矿场)获取文本的难度如何?
示例:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBGFUY5YBCADAUd3vl1hUXEN8Eyp+G4zSv4O9Q9pvyDOs679RjjsAgP9FhGQp
nwDKILoKxF781Nk4fz6JaP171snXnKvrqMi852/wKwRuoFnMhGZOJVGzUm+hrsWQ
8Jy3pd69PnMXCuCc6TQKJCCzDU7njv79g65K+HctriArInWegYlG6twkgCm8nx53
TgqjsObbEw9+gY9wfup0dehiWbtXljqJATzexLZ6YNLR7uRXDe8BxDHm7o05Wzkw
0LUxxRdIpexpsm3OSvKXDcDrE3kk1HOwfZCJKAUlKJ9400knY/1MUK7LQ7MeIlUo
qC8iHui0LoEI7yCUiBOEvf+qZtI1f6PJ7EqDABEBAAG0KkFydCBTcG9yZXIgKERl
ZGVubmUpIDxqYXZvbnRlMjA1MkB2b24ubmV0PokBTgQTAQgAOBYhBGY6wlHYKDTf
rHqpHgZJ3LS1GFs4BQJhVGOWAhsvBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
EAZJ3LS1GFs4SzEH/2GyUbG2p5de+SAVb3i/GHRKSUyiDejNEp/OzDZ/FfXNsCbu
X7jVZNwmSOtKq5fsxCIip7mqRJz8tX5wEVamImDKf5qeFrurFO5cwsg2pT7h4/WB
ei9CwfslvmPZFa9dOY5eYmAzby1chlEOGj21nwWg9icayaVQsvP7GBkYcHp1aCUU
M17EXQ+e+/yUhxV+RaJ3tPI5Ql7vKJVGzr3r/nfWNu45t9f0jsrPVxkdqOkXAMSP
B9hMexM/MpcUIjZE3oUn48NL6BYaR3OaXqjvFGMgoo9N5Nv4HfXR0H4FVp+QpINm
KJA84SXbw/0W4J2NQ82mT40VM+B9PnG/WAlLssC5AQ0EYVRjlgEIAMOoXSqIXfM0
nNSPi4KIETJqq5X5zwTMfJqMKJV9TnwLUuVjRgjbgVz7AGyNGcGy7038PsGFlhT0
M38O8UbQYvx9BTedM8KmFF9kZ7UyJBNzBj5VS2WNmssv3vjjCpYtKxQ6w8mHQwHx
Jy8vz3zrMQA/NmjJXRblFvmxPyFza/lakzQSLMOVTkTgB796L+D5P9K4O/gupRFX
rzGj7LFyq2E9bgX3+ohH1W8ZivAcLxODXd6/3qogKYofV2O2/ykfO82qg4wHDtlC
xoccKN++diGW3IrarAFvVJn2kyp5hvaHjRssE/XwAZx7mdq3TBuM1U6B/QZPLuF7
Zkrdm+b1L3kAEQEAAYkCbAQYAQgAIBYhBGY6wlHYKDTfrHqpHgZJ3LS1GFs4BQJh
VGOWAhsuAUAJEAZJ3LS1GFs4wHQgBBkBCAAdFiEEIdo0SYj3hyuLILYIpWnL4hoX
OrcFAmFUY5YACgkQpWnL4hoXOrdqQAf/ZP+2KKUxSwokfy5/xQaDjvPDwoaYfhRH
geFdGsk9jxnVtxOuq7FCVeQXepY4fCuglsEWcERKcAvOUIPVd2w/XzCPi99KTmu5
G8XLAFmcyelu6GKCaex1Y/CCYBkjoL0y+LBE1fFuotVuaOmwc5BmUJc+WQ4xqFIX
pKwvNMDFghQixw0YTbdaKWEVmUdfEwsXFXeqazxtKZiTdDxM71iqruug47Bbuwi4
O3Py8g1xlAc6QYpctmLjWQ0Qh8tTrlCWfwFutzrUcCoXrP7cPRrYQy7fGyv894YQ
Vo+zvlW68aNQCcq+xZVtYd8Oh1fuOT88ov6IM9m4F4EPqc2KeS8afcVFB/9FaZFp
J73XIKDplAtkoYU6P1n0qqp5tiuUqEOZSzoFSwDJAQ6Hhaop2ii2oDBFunspWZVZ
HzPHOoXHSi5CZKepFDbRjvkZMFZlTgMTaELk/1uAs2L7Mf1NQZaxTziq8zTTCCUB
OTUcQVYXa8IfnQVhKrfDnN9XoRBCMfdmy8lFVv3F7ri6k7O6MyYGxuWXQfh0HnSa
FygxYLa8ra6/0LrsBxc38IsGKbYCBbDypVB1b3az2dbSDnFwubHN1QIUOB+BZ6Ed
tSPrAeShmapU4zseJ+yTQbxvnQMCP6XflZSu5pkYaC+5SomBt5ofV9lTyN93eJtD
t5Kl07dg9++PND2S
=Dvhl
-----END PGP PUBLIC KEY BLOCK-----
以及签名:
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEIdo0SYj3hyuLILYIpWnL4hoXOrcFAmFUY5cUHGphdm9udGUy
MDUyQHZvbi5uZXQACgkQpWnL4hoXOrch5wf/WlVrtizRMlhKjQiCSU6rLVeT+CaV
NQ5xDc1xESeS0ax5+GYi+96o4UGIjRSTmMNSAo6IrbWzpgbG5Moa6XvjyHL0ri7S
rIYN3CJMV4mkb6ow9Zg5rvfizsOifdkBOBZv26EehZobu71UD9kAPSh+yLqwrutN
ew79b4O8p3D8MuTcHZ4J3Cb/N/bAU4eV7zp54O7YL7Zdpbg4LbmgWYg7uIcsYPl3
tiPS1b8dl65/gMzcAKO8Nw+lg8ODRdHLJlHUR2SxWaHLpC4Vzgp2rnBQMQ0TVxfV
Y2KYMDWhbdu9CQ/Aljxc2MdZl0sZTMypsTmY+WGSak6mlI+roO8E8NWqWQ==
=YKLY
-----END PGP SIGNATURE-----
我认为增加密钥的位大小或增加未知文本的大小和复杂性是增加难度的方法。我说得对吗?
假设 PGP 密钥是一个 RSA 密钥,您可以获得已签名消息的哈希值(RSA 签名是一个加密的消息哈希值,可以由用户的 public 密钥解密)。现在你有了哈希,但是哈希函数是一种单向函数,这意味着你不能反转它。
对于小消息(几个字节),您可以通过为每条可能的消息生成哈希消息来暴力破解消息(有点类似于通过暴力测试攻击密码)。
或者,如果您有大量纯文本消息,而您只想识别签名哈希所属的消息,也可以这样做(这类似于使用密码列表和测试列表中的每个密码(如果它具有匹配的哈希))。
据我所知,对于 ECDSA 等其他签名方案,甚至无法检索消息哈希,您只能测试给定消息哈希是否“匹配”当前签名。
给定 2048 位 SHA256 PGP public 密钥和未知文本的 PGP 签名,专用操作(例如:加密货币采矿场)获取文本的难度如何?
示例:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBGFUY5YBCADAUd3vl1hUXEN8Eyp+G4zSv4O9Q9pvyDOs679RjjsAgP9FhGQp
nwDKILoKxF781Nk4fz6JaP171snXnKvrqMi852/wKwRuoFnMhGZOJVGzUm+hrsWQ
8Jy3pd69PnMXCuCc6TQKJCCzDU7njv79g65K+HctriArInWegYlG6twkgCm8nx53
TgqjsObbEw9+gY9wfup0dehiWbtXljqJATzexLZ6YNLR7uRXDe8BxDHm7o05Wzkw
0LUxxRdIpexpsm3OSvKXDcDrE3kk1HOwfZCJKAUlKJ9400knY/1MUK7LQ7MeIlUo
qC8iHui0LoEI7yCUiBOEvf+qZtI1f6PJ7EqDABEBAAG0KkFydCBTcG9yZXIgKERl
ZGVubmUpIDxqYXZvbnRlMjA1MkB2b24ubmV0PokBTgQTAQgAOBYhBGY6wlHYKDTf
rHqpHgZJ3LS1GFs4BQJhVGOWAhsvBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
EAZJ3LS1GFs4SzEH/2GyUbG2p5de+SAVb3i/GHRKSUyiDejNEp/OzDZ/FfXNsCbu
X7jVZNwmSOtKq5fsxCIip7mqRJz8tX5wEVamImDKf5qeFrurFO5cwsg2pT7h4/WB
ei9CwfslvmPZFa9dOY5eYmAzby1chlEOGj21nwWg9icayaVQsvP7GBkYcHp1aCUU
M17EXQ+e+/yUhxV+RaJ3tPI5Ql7vKJVGzr3r/nfWNu45t9f0jsrPVxkdqOkXAMSP
B9hMexM/MpcUIjZE3oUn48NL6BYaR3OaXqjvFGMgoo9N5Nv4HfXR0H4FVp+QpINm
KJA84SXbw/0W4J2NQ82mT40VM+B9PnG/WAlLssC5AQ0EYVRjlgEIAMOoXSqIXfM0
nNSPi4KIETJqq5X5zwTMfJqMKJV9TnwLUuVjRgjbgVz7AGyNGcGy7038PsGFlhT0
M38O8UbQYvx9BTedM8KmFF9kZ7UyJBNzBj5VS2WNmssv3vjjCpYtKxQ6w8mHQwHx
Jy8vz3zrMQA/NmjJXRblFvmxPyFza/lakzQSLMOVTkTgB796L+D5P9K4O/gupRFX
rzGj7LFyq2E9bgX3+ohH1W8ZivAcLxODXd6/3qogKYofV2O2/ykfO82qg4wHDtlC
xoccKN++diGW3IrarAFvVJn2kyp5hvaHjRssE/XwAZx7mdq3TBuM1U6B/QZPLuF7
Zkrdm+b1L3kAEQEAAYkCbAQYAQgAIBYhBGY6wlHYKDTfrHqpHgZJ3LS1GFs4BQJh
VGOWAhsuAUAJEAZJ3LS1GFs4wHQgBBkBCAAdFiEEIdo0SYj3hyuLILYIpWnL4hoX
OrcFAmFUY5YACgkQpWnL4hoXOrdqQAf/ZP+2KKUxSwokfy5/xQaDjvPDwoaYfhRH
geFdGsk9jxnVtxOuq7FCVeQXepY4fCuglsEWcERKcAvOUIPVd2w/XzCPi99KTmu5
G8XLAFmcyelu6GKCaex1Y/CCYBkjoL0y+LBE1fFuotVuaOmwc5BmUJc+WQ4xqFIX
pKwvNMDFghQixw0YTbdaKWEVmUdfEwsXFXeqazxtKZiTdDxM71iqruug47Bbuwi4
O3Py8g1xlAc6QYpctmLjWQ0Qh8tTrlCWfwFutzrUcCoXrP7cPRrYQy7fGyv894YQ
Vo+zvlW68aNQCcq+xZVtYd8Oh1fuOT88ov6IM9m4F4EPqc2KeS8afcVFB/9FaZFp
J73XIKDplAtkoYU6P1n0qqp5tiuUqEOZSzoFSwDJAQ6Hhaop2ii2oDBFunspWZVZ
HzPHOoXHSi5CZKepFDbRjvkZMFZlTgMTaELk/1uAs2L7Mf1NQZaxTziq8zTTCCUB
OTUcQVYXa8IfnQVhKrfDnN9XoRBCMfdmy8lFVv3F7ri6k7O6MyYGxuWXQfh0HnSa
FygxYLa8ra6/0LrsBxc38IsGKbYCBbDypVB1b3az2dbSDnFwubHN1QIUOB+BZ6Ed
tSPrAeShmapU4zseJ+yTQbxvnQMCP6XflZSu5pkYaC+5SomBt5ofV9lTyN93eJtD
t5Kl07dg9++PND2S
=Dvhl
-----END PGP PUBLIC KEY BLOCK-----
以及签名:
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEIdo0SYj3hyuLILYIpWnL4hoXOrcFAmFUY5cUHGphdm9udGUy
MDUyQHZvbi5uZXQACgkQpWnL4hoXOrch5wf/WlVrtizRMlhKjQiCSU6rLVeT+CaV
NQ5xDc1xESeS0ax5+GYi+96o4UGIjRSTmMNSAo6IrbWzpgbG5Moa6XvjyHL0ri7S
rIYN3CJMV4mkb6ow9Zg5rvfizsOifdkBOBZv26EehZobu71UD9kAPSh+yLqwrutN
ew79b4O8p3D8MuTcHZ4J3Cb/N/bAU4eV7zp54O7YL7Zdpbg4LbmgWYg7uIcsYPl3
tiPS1b8dl65/gMzcAKO8Nw+lg8ODRdHLJlHUR2SxWaHLpC4Vzgp2rnBQMQ0TVxfV
Y2KYMDWhbdu9CQ/Aljxc2MdZl0sZTMypsTmY+WGSak6mlI+roO8E8NWqWQ==
=YKLY
-----END PGP SIGNATURE-----
我认为增加密钥的位大小或增加未知文本的大小和复杂性是增加难度的方法。我说得对吗?
假设 PGP 密钥是一个 RSA 密钥,您可以获得已签名消息的哈希值(RSA 签名是一个加密的消息哈希值,可以由用户的 public 密钥解密)。现在你有了哈希,但是哈希函数是一种单向函数,这意味着你不能反转它。
对于小消息(几个字节),您可以通过为每条可能的消息生成哈希消息来暴力破解消息(有点类似于通过暴力测试攻击密码)。
或者,如果您有大量纯文本消息,而您只想识别签名哈希所属的消息,也可以这样做(这类似于使用密码列表和测试列表中的每个密码(如果它具有匹配的哈希))。
据我所知,对于 ECDSA 等其他签名方案,甚至无法检索消息哈希,您只能测试给定消息哈希是否“匹配”当前签名。