Re: Raw RSA operations with CryptDecrypt

From: Valery Pryamikov (valery_at_harper.no)
Date: 03/07/05 

Date: Mon, 7 Mar 2005 00:33:40 +0100

No to both questions.
With CAPI - the only thing you can use public key is signature validation.
This is due to several reasons. most important are:
- historical. CAPI was designed during the time of US Exporting restrictions
on strong cryptographic algorithm. This made it necessary to distinguish RSA
encryption (which was restricted to 512 bit modulus) and signing (that
didn't have such restriction).
- preventive. CAPI tries to protect you from shooting yourself in your leg
by prohibiting operations that's more often leads to subtle flaws and
protocol failures.
- others. like decryption is implemented by single routine that requires
long form of key (with both primes and their inverses) for using Chinese
remainder theorem and Gauss algorithm for gaining 75% performance during
decryption operation. Last is important for protecting against denial of
service when server is required to decrypt many requests from different
clients (ex. SSL session negotiation). Apparently this routine can't be used
with public key - knowledge of primes is the analogy to knowledge of private
key.

-Valery.
http://www.harper.no/valery

"Helen Balabine" <hbalabine@comcast.net> wrote in message
news:OyhWPenIFHA.3376@TK2MSFTNGP14.phx.gbl...
> Does CryptDecrypt work for raw decryption with the *public* RSA key? If
> not,
> is there any other CAPI function which implements a raw RSA public key
> decryption operation (i.e. no PKCS#1 padding checks are performed)?
>
> Thanks!
>
>

Relevant Pages

  • Re: Generate a PKCS#10 request using MS API for a PKCS#11 key pair
    ... I cannot give all the answers, but one important information on using CAPI ... exponent and modulus) are BIG ENDIAN format while MS CAPI uses little endian ... IEnroll2, IEnroll4 etc ... donot know the way tp provide this public key value. ...
    (microsoft.public.platformsdk.security)
  • Secret pkcs#11 key in capi and private/public issues
    ... Is there's any way i could access a pkcs#11 secret symmetric key using ... Is there any way to store long term symmetric keys in capi? ... a corresponding private key in the same CSP? ... points to the Public/Private pair or just to the public key? ...
    (microsoft.public.platformsdk.security)
  • Re: Raw RSA operations with CryptDecrypt
    ... But this does not change the fact that Valery is correct with the "No to ... > With CAPI - the only thing you can use public key is signature validation. ...
    (microsoft.public.platformsdk.security)
  • Need a bit help with decyphering a message
    ... not tell the encryption algorithm, so I decided to do a little ... I checked dozens of packets, and found out that the first 8 bytes are ... It is likely that they are primes, ... if it would be a Public Key). ...
    (sci.crypt)
  • Re: public key crypto
    ... decryption algorithm (and the public key) and find a sequence of numbers ... that can act as a private key which is used to encrypt data. ... > Normally Alice will use Bob's public key to encrypt a message to Bob. ... >> Can we reverse the decryption process so as to generate a private key? ...
    (sci.crypt)
Quantcast