Private key generated by openssl does not satisfy n = p * q

Question

I\'ve generated a key with openssl by using the following command

openssl genrsa 1024

I\'ve got the following result

-----BEGI         


        

Answer 1

Why the hell N is not equal to p * q ?

Confirmed with the key provided. However, I could not duplicate when generating my own key with openssl genrsa 1024.

$ ./test-rsa.exe

***** P *****
12716592588957205057720227362856602359162165918588008158928004904780617816265357
754968000322907349867949577092305558696339499022301055839537975977118688137

***** Q *****
10059832080410675679274931119486090017360564066559599189867309386706046720813347
145402059918876964980032136051476889631968099168811652389989474036177869729

***** N *****
12793124891325327128971650020563999246628465128785735817714525182531281036799314
77808216241640625923377085054862755880280251221289282252666015910733318035804933
41719724935049328478344297205955905466581637169109448199715137939448946445804542
355907923908845024638480376219852266194827768486624319018352514599977

*** Calc N ***
12792678607990434048632475001531065755874366303681660462967024860494524785586521
24218714399928148249644594040544628864191685952244681103581135994857552437185369
35880977456835036272916419632947427885989469252242704342884476060911074859116149
906854382812141105735147419775039435625802885168567201322191763704873

---

$ cat test-rsa.c

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>

const char s_key[] = "-----BEGIN RSA PRIVATE KEY-----\n"
"MIICXAIBAAKBgQC2Lh4HLcCR76Wv3oXl6sZ7pv8l9b/66H+I6Bb86tz8RhWCmTCG\n"
"xPVgtZ+w9WutU/rqBHHZOpotX4QDksRD8dRFh6a3HwkIFQdTcDoiD39yNP8F02Gd\n"
"dAl8p/URC5jNCLMSfUK38wMocmoI1I5vqdMNrzUnOup18rl4089Z+faMKQIDAQAB\n"
"AoGBAJrL4z5iWiengxqV8yETBeU8WcJft+n0dapXzHDNAUo8Izr+AIYEBp1Ot4se\n"
"f4igu6zuae80JJ45c2u14p/5dWzN9/URmhTP8xLGjGCjltOJLLyhBPP+ZsLjqu6l\n"
"57MNV6jDqDLdRC66w4NMRCN3FACxcldIC5L6B9OA7UvO1ugBAkEA8s1o6BvufTeD\n"
"ktyOMfW0ZeLGk/6EXp8nf7BIzYhAAPtSt8DegnfYFx2XDgKnYSB15dTDIDMe/KaA\n"
"GcuUb/ZjiQJBAMATb1fFdl7PGccVPgeTaupJayHPySc9PSsACV6VIAnpcU/3NZzd\n"
"MkdIL/JsOsD+1M9uQJqvRZO4qQdjcR5Om6ECQEJGgYlB/pJdcePHomTOvcRF55CE\n"
"G9u8M8rt8qFvvJDICWcxFUulrO16XT4syUWA1825it2iNqYeSL9By63YIokCQBnm\n"
"RPw71xM/r8UleyDAYwlGbxi3EPOmkUnsDldfmltby/ixZ9xIA1CTTkvNBjsh4YY6\n"
"4qE5AxPBMaGaahVhGiECQHyQvXUNE2IUco+ZwmmLnb2ey1s5tBg7i0lEZG47G7GV\n"
"o+yKdJHpToJD8eRJA/2D+pMhQIZm8X/XDIoi1AQ/TRY=\n"
"-----END RSA PRIVATE KEY-----\n";

int main(int argc, char* argv[])
{
    UNUSED(argc), UNUSED(argv);

    int rc;
    FILE* fd = NULL;
    EVP_PKEY* pkey = NULL;
    RSA* rsa = NULL;
    BIGNUM* n = NULL;
    BN_CTX* ctx = NULL;

    fd = fopen("./key.pem", "w+");
    if(fd == NULL) exit(1);

    rc = fwrite(s_key, 1, sizeof(s_key), fd);
    if(rc != sizeof(s_key)) exit(2);

    rc = fseek(fd, 0, SEEK_SET);
    if(rc != 0) exit(3);

    pkey = PEM_read_PrivateKey(fd, NULL, NULL, NULL);
    if(pkey == NULL) exit(4);

    rsa = EVP_PKEY_get1_RSA(pkey);
    if(rsa == NULL) exit(5);

#if 0
    fprintf(stdout, "\n***** RSA *****\n");
    RSA_print_fp(stdout, rsa, 0);
#endif

    fprintf(stdout, "\n***** P *****\n");
    fprintf(stdout, "%s\n", BN_bn2dec(rsa->p));

    fprintf(stdout, "\n***** Q *****\n");
    fprintf(stdout, "%s\n", BN_bn2dec(rsa->q));

    fprintf(stdout, "\n***** N *****\n");
    fprintf(stdout, "%s\n", BN_bn2dec(rsa->n));

    n = BN_new();
    if(!n) exit(6);

    ctx = BN_CTX_new();
    if(ctx == NULL) exit(7);

    rc = BN_mul(n, rsa->p, rsa->q, ctx);
    if(rc != 1) exit(8);

    fprintf(stdout, "\n*** Calc N ***\n");
    fprintf(stdout, "%s\n", BN_bn2dec(n));

    BN_CTX_free(ctx);
    BN_free(n);
    RSA_free(rsa);
    EVP_PKEY_free(pkey);
    fclose(fd);

    return 0;
}

Answer 2

Hi I've tested all 6 private keys you provided in EDIT with this command

$ openssl rsa -check -in privkey

and all of them returns RSA key ok. Except the first one, it returns RSA key error: n does not equal p q.

My answer to your question

Why the hell N is not equal to p * q ?

is: there's no way N is not equal to p*q. The first key has probably been modified, or has been changed during transmission, so it doesn't pass the rsa check test. Digging into the openssl source code, we can see that openssl genrsa command is carried out by

int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)

in /crypto/rsa/rsa_gen.c. At ln:289, the modulus n is calculated with

/* calculate n */
if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;

which means n=p*q. You should look for other possibilities that cause your problem, rather than casting doubt on genrsa command.