I am trying to secure a system and am considering using RSA encryption for the purpose of Identifying The Server(Its public key will be pinned to the client) and protecting sent passwords. All of this is for defense against MITM attacks.
So my question is this, Can an attacker who has gained MITM between the client and server can generate his own public and private key pair, so that the client would see the same public key as pinned but private key will belong to the attacker? Again, not necessarily finding the servers private key but a diffrent private key- so that it matches the servers public can and client can be fooled. Thanks!
No, that's not possible. The modulus is shared between the private and public key and is unique for the key pair. You need to factor the modulus into the separate primes to generate a valid private key from it. This is called the RSA problem and it is what makes RSA suitable for asymmetric cryptography.
The only times when a modulus can be factored is if the RSA key pair generation is broken, or when the underlying random number generator repeats over multiple instances, and the attacker learns the key pair through that. Then there are side channels, bad key management...