Re: RSA - Public vs. Private Keys
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 24 May 2006 14:09:55 -0500
RSA is intended to encrypt messages with public keys only. Usually, when
people say they want to encrypt with the private key, they really want to
sign a message. The Microsoft crypto stack goes to some lengths to prevent
you from using RSA the wrong way by designing the APIs so that you encrypt
with public keys and sign with private keys.
Another thing worth pointing out is that RSA is only used for encrypting (or
signing) very small amounts of data. Typically, to do bulk encryption with
RSA, you generate a random symmetric key, bulk encrypt with that and then
encrypt the symmetric key with the private key. Cryptographic message
systems like PKCS7 are designed to provide a structured way to bundle up the
bulk encrypted data, the encrypted session key, info about the bulk
encryption algorithm, and public key/certifcate info about the public key
used to encypt the message into a tidy binary package to move around. If
you don't use PKCS7, you'll need to do something similar to deal with the
same issue.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jason" <JipockR3M0VEM3@xxxxxxx> wrote in message
news:OT9UNC2fGHA.2456@xxxxxxxxxxxxxxxxxxxxxxx
I'm sorry to say that it doesn't.. It's a nice overview of
RSACryptoProvider, but it has the same flaw that I"m trying to avoid:
How do you decrypt something on a target machine without that target
machine having the ability to "reverse engineer" your cypher and re-create
a different message?
The RSA algorithm allows you to decrypt a message (that was cyphered with
a public key) with a private key, AND it lets you decrypt a message (that
was cyphered with a private key) with a public key. RSACRyptoProvider
seems to allow the first part, but not the second.
Anyone have any thoughts??
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be6319bd768c84d758860c180@xxxxxxxxxxxxxxxxxxxxx
maybe this helps:
http://msdn.microsoft.com/msdnmag/issues/06/01/SecurityBriefs/default.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I'm running into a dilemma. I"m trying to encrypt a message on one
machine, and have it decrypted on another machine (say, the target
application). But, I don't want the keys to be 'hacked' very easily.
This is a small amount of info, and so I thought RSA sounded
appropriate.
My idea was to take a message, encrypt it using RSA, and dumping the
BASE64 to a flat file (or config file, actually), and then having the
application (which is not connected on the net) to read the file,
decrypt the message and then utilize the info in it. This is a
one-time message.
Problem is, is that RSA provider seems to only want to Encrypt with a
Public Key and Decrypt with a Private key. Now, the RSA standard (P
and Q) doesn't require this, right?! I should be able to swap these,
as in, encrypt with a private key and decrypt with the public one. I
can't send the private key to the target machine, since when you
export parameters, you *must* include the public key as well, even
though you don't need it!
Has anyone experienced this? Or have a work around?
"Take a simple message, encrypt it asymmetrically, and have the
message receievd on the target machine without that machine being able
to alter the message with any information it has)"?
.
- References:
- Re: RSA - Public vs. Private Keys
- From: Dominick Baier [DevelopMentor]
- Re: RSA - Public vs. Private Keys
- Prev by Date: Re: Dotfuscating Part of an Application
- Next by Date: Re: RSA - Public vs. Private Keys
- Previous by thread: Re: RSA - Public vs. Private Keys
- Next by thread: Re: RSA - Public vs. Private Keys
- Index(es):
Relevant Pages
|
