Re: Reverse usage of public/private RSA encryption keys for licensing?

• Previous message: Joe Kaplan \(MVP - ADSI\): "What UPN formats are supported by Kerberos S4U?"
• In reply to: Valery Pryamikov: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Next in thread: William Stacey [MVP]: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Reply: William Stacey [MVP]: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Reply: Morten Dahl: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Nov 2004 15:22:13 -0800

Thanks everybody for all your expertise! I (believe that I) have a
solution:

#1. Here at our office, I generate a RSA private and public key via:

    System.Security.Cryptography.RSACryptoServiceProvider RSA;
    RSA = new RSACryptoServiceProvider();

and save the keys via:

    string privateParameters = RSA.ToXmlString(true));
    string publicParameters = RSA.ToXmlString(false));

I then hash my data that I want to ensure non-tampering via:

    byte[] rawData, hash;
    System.Security.Cryptography.HashAlgorithm HashMan;
    HashMan = new System.Security.Cryptography.SHA1CryptoServiceProvider();
    hash = HashMan.ComputeHash(rawData);

I then make a signature of this hash with the RSA private Crypto:

    signatureFormatter = new RSAPKCS1SignatureFormatter(RSA);
    signatureFormatter.SetHashAlgorithm("SHA1");
    signature = signatureFormatter.CreateSignature(hash);

... and prepend the 128-byte signature and the 20-byte hash in front
of the raw data and write back out to a new file, which becomes my
signed license file.

#2. At the destination computers, I instantiate a RSA Crypto provider:

    RSAPublic = new RSACryptoServiceProvider();

and load it ONLY WITH THE PUBLIC KEY:

    RSAPublic.FromXmlString(publicParameters);

I extract from the raw data the claimed signature and the claimed
hash:

    byte[] rawSignature; // bytes 0 - 127 of raw data
    byte[] rawHash; // bytes 128 - 147 of raw data

I skip over the first 148 (128 + 20) bytes of data to be validated and
compute a SHA1 hash of the bytes to be validated. If my hash equals
the hash stored in the file at location 128 for 20 bytes, then I
proceed, else error.

Then, I instantiate a signatureDeformatter with the public RSA Crypto:

   signatureDeformatter = new RSAPKCS1SignatureDeformatter(RSAPublic);
   signatureDeformatter.SetHashAlgorithm("SHA1");

and, finally, verify the signature with:

    signatureDeformatter.VerifySignature(rawHash, rawSignature);

It seems to work with the few files I've tried. I thank all of you
for your valuabe input.

"Valery Pryamikov" <Valery@nospam.harper.no> wrote in message news:<#bENQWY0EHA.1264@TK2MSFTNGP12.phx.gbl>...
> In other words, assuming special hash properties, there is a theorem that
> proves that forging of RSA signature is at least as difficult as RSA problem
> it-self. And without hash, no such proof exists - ie. without hash it may be
> simpler to forger than to solve RSA problem.
>
> -Valery.
> http://www.harper.no/valery
>
> "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> news:eIRHvEY0EHA.2012@TK2MSFTNGP15.phx.gbl...
> > It's just that there is a theorem that proves that if we use random oracle
> > as hash (highest level of collision resistance), than existence of an
> > algorithm to forge signature (RSA private key encryption of random oracle
> > hash) gives ability to solve RSA problem with sufficient amount of signing
> > requests (non-tight reduction means that amount of signing requests could
> > be quite high). Hash is essential part of this theorem - ie. no hash - no
> > security prove. SHA1 doesn't provide the same level of collision
> > resistance, but having really good collision resistances properties (none
> > has managed to find SHA1 collision so far) it presents good practical
> > substitution to the random oracle. Using private exponent for encrypting
> > arbitrary data doesn't have any security prove.
> >
> > -Valery.
> > http://www.harper.no/valery
> >
> > "William Stacey [MVP]" <staceywREMOVE@mvps.org> wrote in message
> > news:OQhm1KX0EHA.1296@TK2MSFTNGP10.phx.gbl...
> >>> Use RSA singing. RSA signature with strong hash (ie. SHA1) provides much
> >>> better security than encryption of data with RSA private key (ie. what
> >>> you
> >>> asked about).
> >>
> >> Hi Valery. That seems to suggest that RSA signature entails more then
> >> just
> >> encrypting the hash bytes? Is there more going on? TIA
> >>
> >> --
> >> William Stacey, MVP
> >> http://mvp.support.microsoft.com
> >>
> >>
> >
> >

• Previous message: Joe Kaplan \(MVP - ADSI\): "What UPN formats are supported by Kerberos S4U?"
• In reply to: Valery Pryamikov: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Next in thread: William Stacey [MVP]: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Reply: William Stacey [MVP]: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Reply: Morten Dahl: "Re: Reverse usage of public/private RSA encryption keys for licensing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]