Zuckerbude

not your average tech/non-tech blog - since 2007

Message webmaster with his public key

June 4, 2019 Technical Ben Zucker
Photo by Richard Patterson CC BY 2.0

Photo by Richard Patterson CC BY 2.0

What??

Sending a message to a webmaster with his public key… The idea behind this I actually got from an April fools released by c&t magazine. To cut a long story short they claimed that weak GDPR phrasing could be a reason that common letter post might need to be properly encrypted. They even provided a tool that extracts a websites public key use it to encrypt a provided message.

You can find the article (in German) here and the tool here.

Anyway. I was thinking how I could use this to send webmasters encrypted messages when they do not offer public keys emailing. And for some reason I do not was to ask them for keys. Maybe because I am incredibly clever and shy at the same time … never mind.

Some basics

To get a basic understanding how symmetric and asymmetric encryption - to say the relationship between public and private keys - works just watch this video. I started adding captions in English. Hopefully they will be released into the wild soon.

THX @dunkelmunkel Feel free to watch more of his videos 😉

Grab the key

For this example I will use the website of my female fellow Wintermohn

Two things are needed: A public key and a way to send a message. For the message I think webmaster@ or postmaster@… will probably do.
But first things first. I need a key! (Sorry, played too much Blood lately.)

You should visit the target website beforehand using your browser to check if it loads normally and does not have an invalid or expired certificate.

I used this command to directly extract the public key:

gnutls-cli --print-cert wintermohn.de </dev/null 2>/dev/null|openssl x509 -pubkey -noout

Note: gnutls-cli is a part of the gnutls-bin package.

This should give us an output just like this:

—–BEGIN PUBLIC KEY—–
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AlZC6RLENTnpRB4MzIH
amM1B96QqfqUazWBxx7FNPCOG3gWksbfs9gzYyjWY8YZh6h0I5ng0egJdpfyGVmo
47/ToL3EsO0LYlAI3XMpuI5y3TokAD2kXc+9lm74jNXF4bh0tO+bIXDLnTXJyGJc
M8Pa8dyp0ItBcPQJ5Cyo9pPMVAPw62VP304P9yhlKYkhu79agJuuB7BDU76KYFfA
rQUOpAD4lz4s+2669P6sv9VGrUEPZeFwA0/OvSV7E8lyF58+VC2Mnk11uVmLg7Iw
4QsjXj0EKwgjzK6We5ehsoknpREnjUyzHsPakeehjRLeKx53OqyyuSqOA2mqiIYu
fwIDAQAB
—–END PUBLIC KEY—–

The output may vary because certificates getting renewed from time to time which obviously causes keys to change.
For further processing the key should be saved into a file, pubkey.txt for example. This can easily be achieved by adding > pubkey.txt behind the command above.

Use the key

As learned earlier a public key can be used to encrypt a message in a way that the only method to decrypt it is to own the private key. So let’s do it.
To make my live a bit easier first I created a simple text file with my message inside. I call it message.txt and it contains this:

——- PLAIN TEXT ——-
Dear Wintermohn,

how are you?
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
——- PLAIN TEXT ——-

There is no need for the PLAIN TEXT stuff, I just added it for better understanding. I censored a part of the message because I want to know if Wintermohn is capable to decrypt the message ;-).

Alright, lets just do a quick summary:

  • pubkey.txt containing our public key
  • message.txt containing our unencrypted message.
  • encrypted.txt containing our encrypted message.
  • privkey.txt containing their private key. More on that one later.

For encrypting the message I used this command:

openssl rsautl -encrypt -pubin -inkey pubkey.txt -in message.txt | base64

The output should look like this:

telIPRnagUFqxxhuv6lFs2fXMfPJxV0bHIZl58NXUp/F2aiiJPotWzVoCN7GAZomadvqRvEWrWFk  
33uqAw7VsfWPT1/RmfBY2jRpbZVaukpjn0HWeYeFe0LgVXQjCjVxHXiyOWkRe1LejCJagWdT7SZv  
cNlOJgRV7R2JHS52DhfzOejd1XA9nJkNU1EAkKxO2LnLhh5K+no6TRtm6vksuYUFt82DUbg6gW00  
6r6q8ibbAyhPHCFXYvp+ybqLv+/j6/0c1Kr5R8Dl9o1IRpyeJsh2CEeWzeuSAhlRGpAwBTNPTamn  
P5hHitwNCcincXmijwONCRrdzkiH0vDMTWwnYg==

We can put it directly into a file using > encrypted.txt added to the command above.
This is actually not the “plain” encrypted message. It has been converted in a “human readable” way using base64. Just try to open the encrypted message without base64 and see the mess…

And done. All left to do is to send the message to the webmaster with some additional information about which public key has been used to encrypt it. Otherwise our receiver will have a very tough time… Or most likely simply discards your message.

Switching the roles

Now I am Wintermohn and received a message encrypted with the public key of my website.
First I need to grab my private key which is usually stored on the webserver and looks something like this:

—–BEGIN PRIVATE KEY—–
MIIEpAIBAAKCAQEAtcI5KkctI4K40dXmrxof4IJPmh5o2tgFRJqA6pJil5yUNEfV
YVv6Uk52PgRhW5Y9B60ih1MuCfkUgkriaSAUITUWkNPHa6ns5X+0dLoXjWSWrmkA
oZDHoKgmhMleQWznzzp827dNTw+IB48BJahwIyrSNs13j1uBiWdHiDokWkkuAD8L
6zyzh65hj3e4iYOSh6zlTmA5Ew9K1gxWgHt5SCNP4e1cRswAzOdz/uAp/7tJ6Osm
+qqNVzGGxsDsnhO5mKHC3vi9OVBW0XO4rbz5uzNjelVFsBuc0mp6rBrBLvyXKH1n
1ZwP5S8U7N/WOHI/a8PHYXjMKJ6ixTwU6WcWhwIDAQABAoIBAQCPrW6+6vDVp1ou
FaZ7OG2Gbbw7GlrM1AKmDnRl+T2Sl6XYBgi5I5onQfraX2AOpB6uWMB4tNop7Am4
TTXY4BDJh0vFRIPZqcOoT2D4/LntfVxXlo13KhmD+Cgqw3uMwGgmOhfFH4svOhnP
z82aVSH/yrPNunIOksk9MrUrDLr72pPyl5YNAxRBt/rfKMtXzibJrrj+L7+d7cGk
u7OLM+IAwM/47oKJ8eY3XyvzVLqF+ls7+rdz5cJZ1faTfaYj+76E6MOPe7wqHKa0
f46JihR0J7UhO/Gnx+RwiSJEfyYv4m9hPiHE3M3fkuTz0VzBlM+SvbC9pBHp1zDU
HJ4v281BAoGBAOFzpi1DXIgLUqAYjzWG9Iv49zCIv+k3P2DwSCJELSbOtIiKVowZ
PD1sdHfpXL9RMndlndBtJY4W6IzlySyDBiBdl4Lni0Cc93JjEPGO9UhOqjavOf/L
1GJNon3tgw6lCd9KQ/kuDFlscjSfwW+XnpZlnuqRvidd8SPEaOlspqcRAoGBAM5i
+N7KiivgjSXuABcVmxR5PIRj3BNYsnloEUU/6oR1pLyFgNYBt+MxndS6M2J8Obt7
2b05emk/oZhbFNF2SzT0R/eP76XfhKPy20vS9t1h67FH0zOcBpKfrM4UJJYhQ5g7
7X73bFuJOpDeK5yVuvT1HoKkW70+JUFbOkcq1NQXAoGBANxwh/uZ8c/TwmZnnR9p
ZZO3S3tZOsx+CKpwRxe6MavQURVwrk8uHYixku/sbZNjgUTdRwGUtzPHknqx85Ji
Sos69/o3DCGRWSGvW9HVRl/9CtGNY9iJJJE597fJlGutU4nQw8XREKIfN0vdKPZD
+fx0QH57IsK7SB0A3tPeONUBAoGAC5X0wJUAIqxtYAa3TJRy6zhPFGOCtDdTdYtJ
BOksohj0kXyxGdJo30Emyg1V2x58IzE1rPCwFX5z9NiQF54bZLKd46DZ5CbjDE0S
0HPcVdssXvxYN9p3Z/28tqjc0Oy3HbGniGwdUhonBoDiU9z37M5h0xWk7L+zWbLk
V6Bo6CsCgYA6CK5YADGuwRxHUtNWpFjl+CK4bijbMySZk+KVxwo64Nmu0JqCfU+x
b9jWvaWcv8sbykIGYggZNfoXOlXbdMIxOAi7D3J+MNqZ27gSnxm4p+c1E3BQClI9
jpuNJihMBjUrlys67pyrnKkKmUa6rNAEj3NXs73/amK9xcHhjgmOVg==
—–END PRIVATE KEY—–

Storing the key into a file makes it easier to use it in the command line, so new file: privkey.txt Using this command I can decrypt the message:

base64 -d encrypted.txt |openssl rsautl -decrypt -inkey privkey.txt
Bottom line

I thought this might be interesting. And even not it was fun to write about it.