Fails with Invalid private key

[waptaff]

No matter what I use as vanity, I get this:

$ python ./vanity_rsa.py k
Traceback (most recent call last):
  File "./vanity_rsa.py", line 291, in <module>
    main()
  File "./vanity_rsa.py", line 254, in main
    key = make_key(args.vanity, key_length=args.key_length,·
  File "./vanity_rsa.py", line 233, in make_key
    return make_valid_rsa_key(priv_key, pub_key)
  File "./vanity_rsa.py", line 208, in make_valid_rsa_key
    return rsa.RSAPrivateNumbers(
  File "/usr/lib/python3.9/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 367, in private_key
    return backend.load_rsa_private_numbers(self)
  File "/usr/lib/python3.9/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 602, in load_rsa_private_numbers
    return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
  File "/usr/lib/python3.9/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 389, in __init__
    raise ValueError("Invalid private key", errors)
ValueError: ('Invalid private key', [_OpenSSLErrorWithText(code=67764348, lib=4, func=160, reason=124, reason_text=b'error:040A007C:rsa routines:RSA_check_key_ex:dmp1 not congruent to d'), _OpenSSLErrorWithText(code=67764349, lib=4, func=160, reason=125, reason_text=b'error:040A007D:rsa routines:RSA_check_key_ex:dmq1 not congruent to d')])

• Python 3.9
• cryptography==3.4.7
• OpenSSL 1.1.1l

[thenger]

Same results with:

# python --version
Python 3.9.2
# openssl version
OpenSSL 1.1.1k  25 Mar 2021
# pip freeze|grep -E 'cryptography|gmpy2'
cryptography==36.0.1
gmpy2==2.1.2

[colindean]

Essentially the same error with

$ python --version
Python 3.9.11
$ openssl version
OpenSSL 1.1.1s  1 Nov 2022
$ pip freeze|grep -E 'cryptography|gmpy2'
cryptography==39.0.1
gmpy2==2.1.5

[Lomanic]

The script works only with cryptography up to v3.0, tested with python 3.9.15

pip install cryptography==3.1 gmpy2 && python3 vanity_rsa.py ++vanity++ # fails
pip install cryptography==3.0 gmpy2 && python3 vanity_rsa.py ++vanity++ # works

Probably because of this change pyca/cryptography@fce9a79

[colindean]

Just in case anyone else thinks that compiling is an option, cryptography 3.0 won't compile on ARM64 macOS 13, even if you give it openssl includes:

PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" CFLAGS=$(pkg-config --cflags openssl) pip install cryptography==3.0

There are many compile errors with clang 15 with the arm64-apple-darwin22.3.0 target.

Best option is to spend your time making this script work against the latest version of cryptography.

[colindean]

I pored over the docs trying to figure out how to make this work and found that cryptography 39.0.0 added a new parameter to skip the RSA validation added in 3.1, unsafe_skip_rsa_key_validation.

Adding this parameter to the RSAPrivateNumbers.private_key() call made it work for me!

[colindean]

I put up a PR in #4 that works for me and adds some logging of what the script is doing.