RE: Problems with public key decryption with RSA

From: pike (pike_at_discussions.microsoft.com)
Date: 01/31/05 

Date: Mon, 31 Jan 2005 04:17:05 -0800

Thanks Laszlo.

However I think my initial posting was misleading because of my lack of
knowledge on the Cryptography subject. The Key containers were just
complicating the matter and were a "red herring", as was the Windows Service.

A weekends worth of research has told me that I cannot encrypt data with the
Private Key and decrypt with the Public Key with Microsofts implementation of
RSA (RSACryptoServiceProvider).

So my question now is do I redesign what I haven written to incorporate the
customers requirements, which are, "to be able to receive encrypted (&
signed) data packages where I can also verify they have come from a specific
sender." or do I try to find another implementation of RSA?

A possible solution I have thought of is to :-
Create a signed hash for the "data to encrypt" with a RSA Private Key
Encrypt the data symmetrically
Encrypt the symmetric key with a fixed symmetric key known to sender/recipient

Then the client would know that the package had come from that specific
sender (from the signature) and would be able to decrypt the data
symmetrically once it had decrypted the key (with the fixed key). This
solution is not as secure as my initial one but may be workable?

Are there any other implementations of the RSA that I could use with .NET
out there or does someone have a suggestion for me please?

Hope someone out there can help!

Best Regards,
Pike

"lelteto" wrote:

> You need to use MACHINE_KEYSET (in CryptAcquireContext)
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "pike" wrote:
>
> > I have created an encryption class whose main encryption method encrypts
> > small amounts of bytes (in this case the Key & IV for Rijndael encryption of
> > main data) using .NET's RSA methods.
> >
> > This had all been working fine until I tried using the class within a
> > "Windows Service" application. The application fails on a Decrypt with a "bad
> > key" error in the "Windows Service" but runs fine (with same key & encrypted
> > data) in a normal windows application.
> >
> > The main sections of code from within my class are the following:-
> >
> > I generate my Public / Private keys in a function like this:-
> >
> > // Create RSA Crypto object
> > RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
> >
> > // get public & private key xml
> > sPublicKeyXml = rsaCSP.ToXmlString(false);
> > sPrivateKeyXml = rsaCSP.ToXmlString(true);
> >
> >
> > I encrypt like this:-
> >
> > // encrypt symmetric key
> > // Create CSPParameters required object
> > CspParameters cspParam = new CspParameters();
> > cspParam.Flags = CspProviderFlags.UseDefaultKeyContainer;
> >
> > // encrypt byte[] using asymmetric method RSA
> > RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider(cspParam);
> > // load the private key
> > rsaCSP.FromXmlString(sPrivateKeyXml);
> > // encrypt using private key
> > byte[] byteEncrypted = rsaCSP.Encrypt(byteToEncrypt, false);
> >
> >
> > And I decrypt later like this:-
> >
> >
> > // Create CSPParameters required object
> > CspParameters cspParam = new CspParameters();
> > cspParam.Flags = CspProviderFlags.UseDefaultKeyContainer;
> >
> > // decrypt byte[] using method RSA
> > RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider(cspParam);
> > // load the public key
> > rsaCSP.FromXmlString(sPublicKeyXml);
> >
> > // decrypt using public key
> > byte[] byteDecrypt = rsaCSP.Decrypt(byteEncrypted, false);
> >
> >
> > I have tried running the Windows Service as Administrator but got the same
> > "bad key" error.
> >
> > The stack trace here is
> > "System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(IntPtr hPubKey, Byte[] rgbKey, Boolean fOAEP)"
> >
> > I also tried :-
> >
> > * changing the CspProviderFlags property to to "UseMachineKeyStore" and the
> > code doesn't work at all, even in the normal windows application running as
> > my user.
> >
> > * Importing key using RSAParameters object - will not work encrypting with
> > private key / decrypting with public key - works other way round.
> >
> > * Various combinations of setting up CspParameters - with KeyContainerName
> > set, Flags = UseMachineKeyStore, to no avail
> >
> > My suspicion is that Key stores are somehow involved but with a deadline
> > looming I now require someone with more knowledge on the subject to help me!
> >
> > Also, can you encrypt using the private key and decrypt using the public
> > key? The above code works like this, but the UseMachineStore solution would
> > only work encrypting with Public Key & decrypting with the Private Key.
> > Really, I need to be able to Encrypt with the Private Key.
> >
> > The customer requirement is to be able to receive encrypted (& signed) data
> > packages where I can also verify they have come from a specific sender.
> >
> > My solution is to encrypt the data with Rijndael encryption, encrypt the
> > Rijndael Key & IV with the RSA Private Key & package that up in one file. To
> > decrypt this use the public key to obtain the Rijndael Key & IV (and know who
> > that this can only have come from someone with the private key) & then
> > finally retrieve the data.
> >
> > Sorry for such a long posting, and there are probably multiple issues here
> > but any help would be hugely appreciated!
> >
> > --
> > Best Regards,
> > Pike :-)

Quantcast