Re: RSA - Public vs. Private Keys



Yes and no. The Verify step is a decryption of the hash bytes on the public
key side (your client). So it *does do decryption, but only with the
signature - not random data. This is a common pattern for license software
that uses RSA:
1) Your server side creates a license (xml, csv, etc) and signs it with
private key. Optionally, your client will send a unique machine hash to the
server first, so that your license can be tied to *that machine only -
otherwise that license will work on any machine.
2) Client installs license somehow.
3) Every client start will Verify the license is good by verifying the
signature.
4) Client then uses any values in the clear text license to enable/disable
certain features (i.e. user count, demo, full, etc).

This does work. However, it still does not protect your app. If your app
is on a client, you can Not protect it. It can be cracked or changed to get
around all that fancy encryption. If you still want that, there are free
and paid solutions already that do the above.

--
William Stacey [MVP]

"Jason" <JipockR3M0VEM3@xxxxxxx> wrote in message
news:OsbVwq2fGHA.1792@xxxxxxxxxxxxxxxxxxxxxxx
| Thanks, all..
|
| I see from my search on the web that others are experiencing the same
| problem as I am. I was intending the message to be a license, per se. See,
| if someone were to use reflector against a DLL with a symmetric algorithm
it
| is not too hard to reverse engineer it. I was hoping that RSA would allow
me
| to let people use Reflector if they wish, but still could not refute the
| license. It would apprear that RSACryptoprovider doesn't allow for this.
|
| I am either going to have to write a provider myself (which I've done in
the
| past for a University class), or use something less secure. Maybe
Microsoft,
| in the future, will let us decrypt with a Public Key (or simply not
require
| public key information be present in the ProviderSettings when attempting
to
| decrypt).
|
| Thanks again, everyone for your time..
|
| -J
|
|
| "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
| in message news:%239Ey%23U2fGHA.2032@xxxxxxxxxxxxxxxxxxxxxxx
| > RSA is intended to encrypt messages with public keys only. Usually,
when
| > people say they want to encrypt with the private key, they really want
to
| > sign a message. The Microsoft crypto stack goes to some lengths to
| > prevent you from using RSA the wrong way by designing the APIs so that
you
| > encrypt with public keys and sign with private keys.
| >
| > Another thing worth pointing out is that RSA is only used for encrypting
| > (or signing) very small amounts of data. Typically, to do bulk
encryption
| > with RSA, you generate a random symmetric key, bulk encrypt with that
and
| > then encrypt the symmetric key with the private key. Cryptographic
| > message systems like PKCS7 are designed to provide a structured way to
| > bundle up the bulk encrypted data, the encrypted session key, info about
| > the bulk encryption algorithm, and public key/certifcate info about the
| > public key used to encypt the message into a tidy binary package to move
| > around. If you don't use PKCS7, you'll need to do something similar to
| > deal with the same issue.
| >
| > Joe K.
| >
| > --
| > Joe Kaplan-MS MVP Directory Services Programming
| > Co-author of "The .NET Developer's Guide to Directory Services
| > Programming"
| > http://www.directoryprogramming.net
| > --
| > "Jason" <JipockR3M0VEM3@xxxxxxx> wrote in message
| > news:OT9UNC2fGHA.2456@xxxxxxxxxxxxxxxxxxxxxxx
| >> I'm sorry to say that it doesn't.. It's a nice overview of
| >> RSACryptoProvider, but it has the same flaw that I"m trying to avoid:
| >> How do you decrypt something on a target machine without that target
| >> machine having the ability to "reverse engineer" your cypher and
| >> re-create a different message?
| >>
| >> The RSA algorithm allows you to decrypt a message (that was cyphered
with
| >> a public key) with a private key, AND it lets you decrypt a message
(that
| >> was cyphered with a private key) with a public key. RSACRyptoProvider
| >> seems to allow the first part, but not the second.
| >>
| >> Anyone have any thoughts??
| >>
| >>
| >>
| >>
| >> "Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| >> wrote in message
news:4580be6319bd768c84d758860c180@xxxxxxxxxxxxxxxxxxxxx
| >>> maybe this helps:
| >>>
| >>>
http://msdn.microsoft.com/msdnmag/issues/06/01/SecurityBriefs/default.aspx
| >>>
| >>> ---------------------------------------
| >>> Dominick Baier - DevelopMentor
| >>> http://www.leastprivilege.com
| >>>
| >>>> I'm running into a dilemma. I"m trying to encrypt a message on one
| >>>> machine, and have it decrypted on another machine (say, the target
| >>>> application). But, I don't want the keys to be 'hacked' very easily.
| >>>> This is a small amount of info, and so I thought RSA sounded
| >>>> appropriate.
| >>>>
| >>>> My idea was to take a message, encrypt it using RSA, and dumping the
| >>>> BASE64 to a flat file (or config file, actually), and then having the
| >>>> application (which is not connected on the net) to read the file,
| >>>> decrypt the message and then utilize the info in it. This is a
| >>>> one-time message.
| >>>>
| >>>> Problem is, is that RSA provider seems to only want to Encrypt with a
| >>>> Public Key and Decrypt with a Private key. Now, the RSA standard (P
| >>>> and Q) doesn't require this, right?! I should be able to swap these,
| >>>> as in, encrypt with a private key and decrypt with the public one. I
| >>>> can't send the private key to the target machine, since when you
| >>>> export parameters, you *must* include the public key as well, even
| >>>> though you don't need it!
| >>>>
| >>>> Has anyone experienced this? Or have a work around?
| >>>>
| >>>> "Take a simple message, encrypt it asymmetrically, and have the
| >>>> message receievd on the target machine without that machine being
able
| >>>> to alter the message with any information it has)"?
| >>>>
| >>>
| >>>
| >>
| >>
| >
| >
|
|


.



Relevant Pages

  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ... the server just sends something to somebody or first the client contacts the ... supposed to somehow encrypt the file and distribute it to the clients. ... the server generates session key, wraps it with the client's public key, ...
    (microsoft.public.platformsdk.security)
  • Re: Looking for a simple blowfish example
    ... Blowfishto encrypt and decrypt? ... version 2.1 of the License, or any later version. ... a string or character text instead of an integer expecially a 1 and a ...
    (sci.crypt)
  • Re: Looking for a simple blowfish example
    ... Blowfishto encrypt and decrypt? ... version 2.1 of the License, or any later version. ... a string or character text instead of an integer expecially a 1 and a ...
    (sci.crypt)
  • Re: encrypting licenses
    ... do the decryption at runtime from the supplied license file? ... I like to encrypt the license file in one application and decrypt it ... Use a private key-pair to encrypt and an public one to decrypt. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Looking for a simple blowfish example
    ... Blowfishto encrypt and decrypt? ... This library is free software; ... version 2.1 of the License, or any later version. ...
    (sci.crypt)