# Re: DECRYPT with PUBLIC key (how to?)

*From*: KCS <KCS@xxxxxxxxxxxxxxxxxxxxxxxxx>*Date*: Sun, 14 Jan 2007 11:42:00 -0800

Well hey Valery

I just wanted to know if it could be done because the MS documentation says

it can be. I should have perhaps made clear that I wanted to avoid the 'end

user' having to generate their own key pair and that I wanted to hide certain

values in my application which would be decoded with my own public key which

would not have been made available to the end user.

So I guess I will have to use another encrypt/decrypt method instead to

achieve this.

"Valery Pryamikov" wrote:

Hi.

This is a very stupid thing to think that you can encrypt with private

key and decrypt with public. Encryption has well defined purpose -

protecting confidentiality of information. The public key is not a

secret - what confidentiality of information could you talk about here?

Its definitely thickening how often this kind of questions got asked on

Internet. Probably the major reason for that is that 10-15 years ago

Schneier wrote a book where he mistakenly used "Encryption with private

key" whenever he referred to signature with message recovery with RSA

scheme. But this is wrong! Both perceptually and actually! Thinking

about RSA signature with message recovery as "Encryption with Private

Key" is a WRONG, WRONG, WRONG thing to do. However a bunch of amateurs,

some of these that read Schneier book and others that didn't even do

that much are continuing to require such a thing... when does this

madness stops?

There are plenty of signature schemes that allow message recovery, but

their algorithm isn't in any way similar to encryption/decryption. Even

with RSA - for performance reasons private key computation relies on

Chinese remainder theorem and uses completely different computations

than public exponent computations (which is usually done by using

square and multiply). Private key operations often uses CRT

optimization (that gives about 4-6 times better performance), but you

can't use this technique with Public key (as it trivially exposes

prime factors)...

Signature schemes and Encryption schemes have completely different

security requirements that among other means different usage and other

things such as f.e. padding schemes! And even for RSA, for the most

cases you can't interchange public and private keys. Small public key

that usually used for speeding up square and multiply would be totally

unsafe if somebody decides to use it as private key (everyone knows

that standard public key exponent is 2^16+1|). If public key is about

1/3 (or less) of private key exponent - it is vulnerable to continued

fractions and Weiner attack. If public key is the same size as private

key - there are some works that shows that security bounds of such

scheme might be lower that security bounds of the scheme with small

public exponent (see for example D.Brown, "Breaking RSA may be as

difficult as factoring"), as well as there are many attacks for cases

when public and private exponents are "too close" (when in the worst

case second exponent could be trivially approximated and then found

from approximation by simple trial-fail)...

You seems don't know heck about cryptography. Don't try to develop your

own protocols - it would not be safe as long as you don't get enough

expertise for that. Getting required level of expertise requires many

years of studying... And we have more than enough unsafe protocols

designed by amateurs in crypto, but that uses cryptography...

-Valery.

http://www.harper.no/valery

KCS wrote:

Hi all.

I want to encrypt simple text with MY Private Key so the recipient can

decrypt it with MY Public Key. But I get a 'Bad Key' exception when I try it.

Conflicting info on the web and in articles suggests you cannot do this due

to (export) restrictions in the .NET API and that you can only decrypt using

a Private Key.

But M/Soft's own tech docs at

http://msdn2.microsoft.com/en-us/library/aa387460.aspx (Public/Private Key

Pairs) state:

"...When one key of a key pair is used to encrypt a message, the other key

from that pair is required to decrypt the message. Thus if user A's public

key is used to encrypt data, only user A (or someone who has access to user

A's private key) can decrypt the data. If user A's private key is used to

encrypt a piece of data, only user A's public key will decrypt the data, thus

indicating that user A (or someone with access to user A's private key) did

the encryption."

Can anyone help with an example?

Thanks for any help.

**Follow-Ups**:**Re: DECRYPT with PUBLIC key (how to?)***From:*Valery Pryamikov

**References**:**Re: DECRYPT with PUBLIC key (how to?)***From:*Valery Pryamikov

- Prev by Date:
**Re: DECRYPT with PUBLIC key (how to?)** - Next by Date:
**Re: DECRYPT with PUBLIC key (how to?)** - Previous by thread:
**Re: DECRYPT with PUBLIC key (how to?)** - Next by thread:
**Re: DECRYPT with PUBLIC key (how to?)** - Index(es):