picoCTF Solutions
picoCTF 2023CryptographyMedium

ReadMyCert

Published: April 26, 2023Updated: December 9, 2025

Description

A certificate signing request file hides the flag. Treat it as Base64 PEM data and decode the contents to recover the string.

Setup

Download readmycert.csr

Download the CSR and strip the PEM header/footer.

Base64-decode the body to inspect the DER contents. The flag appears near the top.

wget https://artifacts.picoctf.net/c/422/readmycert.csr
cat readmycert.csr
grep -v '-----' readmycert.csr | base64 --decode

Solution

  1. Step 1Decode the PEM
    Either pipe the middle lines through base64 --decode or drop them into CyberChef. The decoded ASN.1 text includes picoCTF{...}.
  2. Step 2Copy the flag
    Extract the picoCTF string from the decoded output and submit.

Flag

picoCTF{read_mycert...b0}

No openssl tooling is required; basic Base64 decoding reveals the answer.