Re: CryptExport private key only

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 11/06/03


Date: Thu, 06 Nov 2003 14:59:18 GMT

In article <eHO88H4mDHA.3612@TK2MSFTNGP11.phx.gbl>, "Anatoly" <wiretransfers@yahoo.com> wrote:
>from conventional use of Public/Private key pairs, it seems that one is
>supposed to use the public key to encrypt data and private key to always
>decrypt data.

Not necessarily. They are a pair of keys, one of which you keep hidden from
view. What you encrypt with one key may only be decrypted with the other
key from that pair.

>Is it legitimate to interchange the private/public keys in their purpose?
>that is can I use the public key to decrypt and private to encrypt and
>benefit from the same level of protection as the conventional scenario?

No - if you encrypt using your private key, anyone can decrypt it, because
anyone has access to your public key (that's what 'public' means - you
publish it to the world). That's not to say that this has no use, just that
encrypting with your private key does not provide the same kind of
protection as encrypting with your public key.

The use that this is commonly put to is "non-repudiation". If you encrypt
something with your private key, then everyone who receives and decrypts
that data knows that it can only have come from you. Because
public(/private) key encryption takes a long time, it's usual that what is
encrypted is not the message that you're asserting came from you, but a
'hash' of that message. Someone who wants to check that the message came
from you will compute their own hash of the message, and will compare that
with the decrypted hash from your signature.

>I seem to have been able to reproduce the exact results when exporting
>encrypting a symmetric type of key into a blob while protecting it with
>either public and private key, and then importing it from the blob again
>using the opposite key (private or public), and decrypting the data with
>that imported symmetric key. The resulting output data is exactly the same
>as the input data.
>
>So does this mean that mathematically the private and public keys are
>interchangeable?

Mathematically, you have a matched pair of keys (specific to the
encryption algorithm chosen), that can work to decrypt and encrypt against
one another's encrypted and decrypted data. What makes one private and the
other public is the fact that you keep one of them hidden, and publish the
other one. You could simply describe this as asymmetric key encryption,
because a different key is used to decrypt than is used to encrypt, but the
power of the system as a whole is only available when one key is published
and the other kept closely guarded.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.


Relevant Pages

  • Re: More on learning "Public Key Authentication"
    ... let me say that in public key ... > encrypt the result with Alice's public key. ... > is sent to Alice who decrypts the message with her private key (which ... encrypted with my private key and they can then decrypt it with the ...
    (comp.sys.mac.system)
  • Re: Public - Private key
    ... As to what could be a very small private key and veyr small public key so ... decrypt A1 and likewise A1 can only decrypt P1. ... When PC1 communicates securely with PC2, PC1 will encrypt the data using the ...
    (microsoft.public.security)
  • Re: DECRYPT with PUBLIC key (how to?)
    ... values in my application which would be decoded with my own public key which ... This is a very stupid thing to think that you can encrypt with private ... Private key operations often uses CRT ... Signature schemes and Encryption schemes have completely different ...
    (microsoft.public.dotnet.security)
  • RSA frustrations - encrypt with private, decrypt with public - possible?
    ... -User with name "Foo" requests license. ... -User has public key, ... sufficient - I want to encrypt / decrypt a small amount of arbitrary ... "distribute private key, ...
    (microsoft.public.security)
  • RSA frustrations - encrypt with private, decrypt with public - possible?
    ... -User with name "Foo" requests license. ... -User has public key, ... sufficient - I want to encrypt / decrypt a small amount of arbitrary ... "distribute private key, ...
    (microsoft.public.dotnet.security)