Re: DECRYPT with PUBLIC key (how to?)

Well hey Valery
I just wanted to know if it could be done because the MS documentation says
it can be. I should have perhaps made clear that I wanted to avoid the 'end
user' having to generate their own key pair and that I wanted to hide certain
values in my application which would be decoded with my own public key which
would not have been made available to the end user.
So I guess I will have to use another encrypt/decrypt method instead to
achieve this.

"Valery Pryamikov" wrote:


This is a very stupid thing to think that you can encrypt with private
key and decrypt with public. Encryption has well defined purpose -
protecting confidentiality of information. The public key is not a
secret - what confidentiality of information could you talk about here?
Its definitely thickening how often this kind of questions got asked on
Internet. Probably the major reason for that is that 10-15 years ago
Schneier wrote a book where he mistakenly used "Encryption with private
key" whenever he referred to signature with message recovery with RSA
scheme. But this is wrong! Both perceptually and actually! Thinking
about RSA signature with message recovery as "Encryption with Private
Key" is a WRONG, WRONG, WRONG thing to do. However a bunch of amateurs,
some of these that read Schneier book and others that didn't even do
that much are continuing to require such a thing... when does this
madness stops?

There are plenty of signature schemes that allow message recovery, but
their algorithm isn't in any way similar to encryption/decryption. Even
with RSA - for performance reasons private key computation relies on
Chinese remainder theorem and uses completely different computations
than public exponent computations (which is usually done by using
square and multiply). Private key operations often uses CRT
optimization (that gives about 4-6 times better performance), but you
can't use this technique with Public key (as it trivially exposes
prime factors)...

Signature schemes and Encryption schemes have completely different
security requirements that among other means different usage and other
things such as f.e. padding schemes! And even for RSA, for the most
cases you can't interchange public and private keys. Small public key
that usually used for speeding up square and multiply would be totally
unsafe if somebody decides to use it as private key (everyone knows
that standard public key exponent is 2^16+1|). If public key is about
1/3 (or less) of private key exponent - it is vulnerable to continued
fractions and Weiner attack. If public key is the same size as private
key - there are some works that shows that security bounds of such
scheme might be lower that security bounds of the scheme with small
public exponent (see for example D.Brown, "Breaking RSA may be as
difficult as factoring"), as well as there are many attacks for cases
when public and private exponents are "too close" (when in the worst
case second exponent could be trivially approximated and then found
from approximation by simple trial-fail)...
You seems don't know heck about cryptography. Don't try to develop your
own protocols - it would not be safe as long as you don't get enough
expertise for that. Getting required level of expertise requires many
years of studying... And we have more than enough unsafe protocols
designed by amateurs in crypto, but that uses cryptography...


KCS wrote:
Hi all.

I want to encrypt simple text with MY Private Key so the recipient can
decrypt it with MY Public Key. But I get a 'Bad Key' exception when I try it.

Conflicting info on the web and in articles suggests you cannot do this due
to (export) restrictions in the .NET API and that you can only decrypt using
a Private Key.

But M/Soft's own tech docs at (Public/Private Key
Pairs) state:

"...When one key of a key pair is used to encrypt a message, the other key
from that pair is required to decrypt the message. Thus if user A's public
key is used to encrypt data, only user A (or someone who has access to user
A's private key) can decrypt the data. If user A's private key is used to
encrypt a piece of data, only user A's public key will decrypt the data, thus
indicating that user A (or someone with access to user A's private key) did
the encryption."

Can anyone help with an example?

Thanks for any help.