RE: CrpytAPI, Decryption using the Public Key

From: lelteto <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Oct 2007 08:28:02 -0700

1. Are you trying to decrypt on the SAME computer? If yes, you are simply
using the generated key pair's private part (which is still there).

2. You should NOT encrypt / decrypt your data with the RSA key pair. What
you need to do is
- generate a RANDOM symmetric session key with CryptGenKey (If you need to
support Win95 then you cannot use AES. Try to use DES3 - although the
customer would need the stronger crypto, as the old exportable only supported
DES)
- wrap (encrypt) this session key using the RSA public key: CryptExportKey
- now encrypt all your data with the session key
- send the encrypted data AND the exported session key blob to the recipient

The recipien then
- first decrypts the session key with the private key: CryptImportKey
- decrypts the data with the recovered session key

You can read more on how to PROPERLY use cryptography in many books (eg.
Schneier: Applied Cryptography)

Laszlo Elteto
SafeNet, Inc.

"Uri_G" wrote:

Hello, I am generating a public/private key pair with the CALG_RSA_KEYX
algorithm in the Microsoft Base Cryptographic provider, with provider type of
PROV_RSA_FULL and length 1024.
Then I export both the public and the private key BLOBs and save each in a
file.
Then I use the public key file (I import the BLOB) to encrypt some data.
Then I can decrypt the encrypted data with the imported BLOB of the private
key file.
Everything is fine, except, I succeed in decrypting the data with the public
key too.
This is very weird and I have no clue on why this is happening.
Thank you if you solve it!

Another question, I am using 117 length blocks for the encryption, because
it is 128-11 according to the docs of PKCS #1. But how do I specify that I do
not want to use that version, and just want the simplest RSA algorithm? I
need it to be supported up to windows 95.

Thanks,
Uri.

Follow-Ups:
- RE: CrpytAPI, Decryption using the Public Key
  - From: Uri_G

Prev by Date: Re: Interacting with winlogon Desktop of Windows Vista
Next by Date: RE: CrpytAPI, Decryption using the Public Key
Previous by thread: Re: How to work around UAC?
Next by thread: RE: CrpytAPI, Decryption using the Public Key
Index(es):
- Date
- Thread

Relevant Pages

RE: NTE_BAD_DATA
... They are NOT used DIRECTLY to encrypt / decrypt data; ... you should generate a RANDOM SESSION KEY and select a SYMMETRIC ENCRYPTION ... // imported from a BLOB read in from the source file or having ...
(microsoft.public.platformsdk.security)
Re: DECRYPT with PUBLIC key (how to?)
... This is a very stupid thing to think that you can encrypt with private ... Schneier wrote a book where he mistakenly used "Encryption with private ... decrypt it with MY Public Key. ... http://msdn2.microsoft.com/en-us/library/aa387460.aspx (Public/Private Key ...
(microsoft.public.dotnet.security)
RE: CryptDecrypt fails with NTE_BAD_DATA
... As Sylvain explained you are completely misusing the crypto. ... You ecnrypt the message with the SESSION Key iwth CryptEncrypt ... decrypt the message with the session key using CryptDecrypt ... I encrypt the data in chunks of 117 bytes that become 128 bytes. ...
(microsoft.public.platformsdk.security)
Re: [opensuse] Implementation of Private & Secure Mail Server & Mailing Lists Manager
... I'm not talking about public mailing lists. ... The task is to setup closed, private, secure mailing list for limited ... Decrypt using an Encrypt key? ...
(SuSE)
RE: CryptImportKey from windows services says NTE_BAD_DATA
... If you want to encrypt / decrypt between SYSTEM (that's the 'user' for your ... > this session key to a file.while retrieving, ... > I tried above flow with 2 applications. ...
(microsoft.public.platformsdk.security)