Infer PGP private key using an encoded decoded sample

security pgp

No. that is the point of asymmetric keys (public and private) as you can easily encode a message with the public key (that's what it is for) you have the de- and encrypted message. But decrypting the encrypted message is only possible with the private key. The private key can not be regenerated.


Since it has not been mentioned: this is known as a known-plaintext attack, and would be a very bad vulnerability for a cipher to have. In fact, in public-key crypto this attack is equivalent to a chosen-plaintext attack, since anyone can encrypt any message!

There have in fact been some known/chosen-plaintext attacks against RSA (the public-key cipher most often used by PGP to encrypt the symmetric-key), but they usually involve side-channel attacks against poor implementations, or require an insane number of ciphertexts, or only work against certain, rare keys.

However, in general, the answer to your question is "no" - that is what makes the cipher secure.


No this would be very bad. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography and finally public-key cryptography. Hashing makes use of one-way functions. A one-way function is a function that is easy to compute, but hard to invert. Public-key cryptography makes use of asymmetric algorithms.

The algorithms used for public key cryptography are based on mathematical relationships (the most notable ones being the integer factorization and discrete logarithm problems) that presumably have no efficient solution. Although it is computationally easy for the intended recipient to generate the public and private keys, to decrypt the message using the private key, and easy for the sender to encrypt the message using the public key, it is extremely difficult (or effectively impossible) for anyone to derive the private key, based only on their knowledge of the public key.

Just having the original message is not enough to infer the private key.


There are two answers to this.

Is it theoretically possible? Yes. You could generate a fake key, try the encryption, see if it matched. If not, try another fake key, encrypt, see if the output matched. This is commonly called a brute force attack

In practice, this can't be done. It takes a non-zero amount of time and computing power to try this. PGP encryption would usually use a decent size key, maybe 512, 1024, 2048, or even more bits. The key-space (the number of keys you could possibly have) is so big that it would take you forever to find this combination.

My guess is you were asking if you could really do this, not the theory. And so the answer is no. The world doesn't have enough computing power for this. If you asked on security.stackexchange.com someone better familiar with the algorithms and math could tell you how long this would likely take (possibly until the sun metastasizes and boils our planet). My short answer is "not within your lifetime"

Related

Installing Postgres on windows for use with Ruby-on-Rails
iPhone Read UIimage (frames) from video with AVFoundation
Android: Sample Code to connect to VPN in Android 4.0 using VPNService API [closed]
iOS 5.1 with Xcode 4.2 and retina in iPad 3
nginx proxy pass Node, SSL?
Algorithm to find the maximum sum in a sequence of overlapping intervals
Can you have a javascript hook trigger after a DOM element's style object changes?
How do you enable JMX in Websphere?
Searching a number in a rotated sorted Array
PDO try-catch usage in functions
Terminate multiple threads when any thread completes a task
Want to compile native Android binary I can run in terminal on the phone