Re: Reverse Encryption in .NET
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 02/27/04
- Next message: John Stemper: "Re: Security Exception on ASP.Net app"
- Previous message: dotnet: "Re: Access denied"
- In reply to: james chou: "Re: Reverse Encryption in .NET"
- Next in thread: james chou: "Re: Reverse Encryption in .NET"
- Reply: james chou: "Re: Reverse Encryption in .NET"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 09:52:16 -0300
I agree with the singature scheme for your scenario. Regarding your question
about ecripting with the private key, I guess (IMO) the CAPI and JCE might
addere to the PKCS#1 standard
(ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) and therefore
only permits to encript with the public key and decrypt with the private
key.
See section 7 of the above document.
7 Encryption schemes
For the purposes of this document, an encryption scheme consists of an
encryption operation and a decryption operation, where the encryption
operation produces a ciphertext from a message with a recipient's RSA public
key, and the decryption operation recovers the message from the ciphertext
with the recipient's corresponding RSA private key.
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
"james chou" <jameschou2000@yahoo.com> wrote in message
news:%23Q8EHVN$DHA.3804@TK2MSFTNGP09.phx.gbl...
> Thanks for your reply. As I understand, one way to authenticate a client
> is to have server use client's public key to decrypt a token that is
> encrypted with client's private key. That is exactly how a signature is
> generated and verified except signature is generated by encrypting a
> digest of a message. If a private key can be used to encrypt a digest of
> a message, why can it be used to encrypt the message? I believe it is
> technically possible. As matter of fact, I even found a well known
> commercial PKI product that can do that. However, Windows cryptoAPI and
> Java JCE(with default provider) don't provide this capability.
>
> To keep the private key at server and distribute the public key to
> clients doesn't seem to work. Every client can use the public key to
> encrypt something and server will be able to decrypt it with no
> problems. The server won't be able to tell which client is which unless
> we have a keypair for each client. Since the public key is a public
> information, everyone including unauthorized users can get it and use it
> to access the server.
>
> For my usage, looks like the signature will do it. However, I am
> interested to the reason why reverse encryption is not provided in
> Windows CryptoAPI and Java JCE.
>
> Again, thanks for your information. Really appreciate that.
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
- Next message: John Stemper: "Re: Security Exception on ASP.Net app"
- Previous message: dotnet: "Re: Access denied"
- In reply to: james chou: "Re: Reverse Encryption in .NET"
- Next in thread: james chou: "Re: Reverse Encryption in .NET"
- Reply: james chou: "Re: Reverse Encryption in .NET"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
