Re: An old gem - private key encryption

From: Michel Gallant (neutron_at_istar.ca)
Date: 07/06/05 

Date: Wed, 6 Jul 2005 09:25:55 -0400

Not meaning to split hairs here, and this is largely a matter of clear
understanding of what a signature really is, but CryptSignHash(..)
does actually ENCRYPT a block of data (which a formatted signature
block, containing hash of data covered by the signature) with the RSA
private key.
Here is a very clear description of the procedure used:
   http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/signature_sample.asp
Note the line therein:
 "Next, the block is encrypted with the appropriate private key .."

This standard PKCS1 signature blob is the exact data (except for reversed byte
order) found in any higher level pkcs7 signature.

However, capi does NOT support a somewhat lower level use of CryptEncrypt
with the PRIVATE key. RSA private key encryption is only supported through
CryptSignHash .. which manages building the block with correct padding.

- Mitch Gallant
   www.jensign.com

"lelteto" <lelteto@discussions.microsoft.com> wrote in message news:60B301FE-8C5F-46F5-B502-EC45A05DDB73@microsoft.com...
> CAPI will NOT allow you to 'sign' and arbitrary buffer - it allows only to
> sign HASH values. And for your purpose (proof that you have the private key)
> it is OK. So what you need to do is HASH your data THEN sign the hash. CAPI
> can certainly do that.
> I don't see the reason to ENCRYPT your buffer with the private key because
> anybody can decrypt it anyway (assuming the public key is public).
> You should either use sound standard cryptographic methods and protocols or
> you could make mistakes.
>
> On the other hand, if you really really want to use the private key to
> encrypt data CAPI will NOT do that for you. You would need something else
> (maybe OpenSSL or just a plain modexp routine).
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "JonS" wrote:
>
> > Thanks for the reply.
> >
> > >> You can use private key only to sign (hash)
> >
> > I thought that signing _was_ encryption using the pivate key. The
> > ciphertext generated is only decipherable using your public key, so it
> > proves the message comes from you.
> >
> > Perhaps I was not clear enough.
> >
> > I need to somehow use CAPI to _sign_ an arbitrary length buffer with a
> > private key. That is, encrypt the buffer and demonstrate ownership of
> > the public key in one step.
> >
> > The code I am replacing is part of a handshake where a challenge
> > reponse (128 byte buffer) is signed by the client. The server decrypts
> > the response with the clients _public_key_ , which the server has a
> > previously been sent a copy. This is confirms to the server that the
> > client owners the public key. Because this is a one-off event (part of
> > a handshake), speed is not an issue.
> >
> > Let me stress, I do not know why it was done this way. I was expecting
> > to see a hash as the challenge response, not a 128byte buffer. However,
> > I am not able to modify the server code.
> >
> > I am replacing clientside code, where the client's certificate+private
> > key were on the HD. In that implementation RSA algorithms written in C
> > worked on this cert+pvt key.
> >
> > I am trying to replace this clientside architecture with
> > certificate+pvtkey on smart card and crypto performed though CAPI.
> >
> >

Relevant Pages

  • Re: RSACryptoServiceProvider decrypt with public key
    ... key/decrypt with the private key and encrypt with the private key/decrypt ... encrypt data and send it back to Alice. ... only she can decrypt Bob's data. ... see the public key and the encrypted data, but she could not decrypt Bob's ...
    (microsoft.public.dotnet.security)
  • Re: how to have a gpg public key?
    ... Having just a public key doesn't do you much good. ... You need both a private key and a public key; ... can encrypt and decrypt your messages and you are just ...
    (Debian-User)
  • Re: DECRYPT with PUBLIC key (how to?)
    ... values in my application which would be decoded with my own public key which ... This is a very stupid thing to think that you can encrypt with private ... Private key operations often uses CRT ... Signature schemes and Encryption schemes have completely different ...
    (microsoft.public.dotnet.security)
  • Re: private to public decrypt now working
    ... would have the private key, all vice presidents would have a public key. ... All vice's could encrypt and only president could decrypt. ...
    (microsoft.public.dotnet.security)
  • [OT] Re: Basic question about Public Private Key Pairs
    ... > and private keys allow me to decrypt, but vice versa is not possible (or ... a public key and a corresponding private key. ... You can encrypt something with each key; ...
    (microsoft.public.dotnet.security)