This repository demonstrates a method to recover an ECDSA private key when the same ephemeral key (k) is reused in multiple JWT signatures. This script extracts the necessary parameters from two JWTs, performs the cryptographic calculations as explained below, and derives the private key.
ECDSA signatures rely on a random nonce (k). If k is reused across different messages, it becomes possible to derive the private key using basic algebraic manipulation of the signature equation.
An ECDSA signature consists of two values (r, s), computed as:
If the same k is reused for two different messages (m1 and m2), we get:
By subtracting these equations and solving for d, we recover the private key:
The script automates this process by:
- Parsing two JWTs to extract the signature values (
r,s1, ands2). - Computing the message hashes (
H(m1)andH(m2)). - Performing modular arithmetic to recover
d.
- Extract the signatures from two JWTs signed using the same
k. - Compute the SHA-256 hash of each JWT's header and payload.
- Solve for the private key (
d) using modular arithmetic. - Output the recovered private key.
-
Clone the repository:
git clone https://github.com/Bhanunamikaze/ECDSA-PrivateKey-Recovery.git cd ECDSA-PrivateKey-Recovery -
Install dependencies:
pip install ecdsa pycryptodome libnum
-
Run the script:
#Update JWT keys in teh code and run the below command to Recover Private Key python ECDSA-PrivateKey-Recovery.py Expected Output: Recovered private key (d): 1234567890123456789037412598746321544155
This project is for educational and research purposes only. Unauthorized use of cryptographic exploits may violate applicable laws and regulations.
This project is licensed under the MIT License.