Re: RSA frustrations - encrypt with private, decrypt with public - possible?
From: Alun Jones (alun_at_texis.invalid)
Date: Mon, 24 Oct 2005 20:10:44 -0700
I'm sorry to have to tell you this, but what you're asking for really _is_
the wrong way around.
Encrypting with the private key is not encrypting. It is, at the very best,
encoding, because your public key is ... available to everyone in the whole
What is the purpose of "encrypting with the private key"?
Is it to prove that the message comes from you? If so, SIGN THE MESSAGE.
Is it to prevent other people from decrypting the message? If so, ENCRYPT
THE MESSAGE WITH THE RECIPIENT'S PUBLIC KEY. [Or, more usually, and
particularly for longer-than-trivial messages, encrypt a symmetric key with
the recipient's public key, and use the symmetric key to encrypt the
Is it to do both? SIGN AND ENCRYPT, as above.
"Encrypting with the private key", while mathematically possible, is
tantamount to screaming "I DON'T UNDERSTAND WHAT I'M DOING WITH
CRYPTOGRAPHY", to anyone who's taken more than an overview course in crypto.
Is that really the message you want to send?
-- [Please don't email posters, if a Usenet response is appropriate.] -- Texas Imperial Software | Find us at http://www.wftpd.com or email 23921 57th Ave SE | firstname.lastname@example.org. Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer. "mRislan" <email@example.com> wrote in message news:firstname.lastname@example.org... > OK - I've seen signs of numerous people being stuck pounding their > heads against desks with the same problem as I have, but I haven't > seen any definitive answers on the subject. > > I don't need lectures on Alice and Bob; I'd prefer if someone give me > a simple answer to what is, I think, a simple question. Can the > following be implemented with framework Cryptography methods (or even > interop on underlying Win32 DLLs)? > > For e.g. software registration purposes, it seems simple and effective > to do the following: > > -User with name "Foo" requests license. > -Provider hashes "Foo" & some other license info, encrypts with > private key, delivers it. > -User has public key (distributed with application), and decrypts hash > with it. Program is happy and works. > > Yes, program code can still be modified to subvert this in various > ways - what can't, really?. But short of that, license information > itself cannot (realistically) be forged assuming a sufficiently large > keysize. > > It seems clear that RSACryptoServiceProvider can't do this, and > effectively only works the other way round. Nevermind CSP - I don't > want anything to do with the 'keystore', I simply want server to sign, > and client to decrypt with only the public key rolled up and > obfuscated in the assembly delivered to them. > > SignData and VerifyData work in the direction I want, but don't seem > sufficient - I want to encrypt / decrypt a small amount of arbitrary > data, not leave it in the clear and merely sign a hash on it. > > Googling for "decrypt with public" and a hundred other variants, > numerous people are answering people with the same question to the > effect of "this is the wrong way to use RSA", "use the keystore", > "distribute private key, hide and encrypt with public". The latter > response at least makes me feel certain that I am not the world's most > crypto-challenged individual after all... but I guess the root problem > is that most responders are not paying attention to the quite clear > descriptions of usage (ie as a software licensing mechanism) before > they start talking about Alice and Bob and which directions make > sense. > > Clearly programs have used and continue to use RSA for precisely this > kind of protection scheme for some time. It has been done in the > pre-managed Win32 world for some time, and the approach seems to be > becoming popular on other platforms: > > http://aquaticmac.com/ > http://macromates.com/sigpipe/archives/2004/09/05/using-openssl-for-license-keys/#more-5 > > RSACryptoServiceProvider looks to be a dead end for my purposes. > > Is there any way to massage the kind of functionality I want out of > the framework, or am I going to have to do the now so-very-familiar > DotNet dance of reinventing the wheel? Please, somebody answer this > clearly and definitively - so that nobody else has to waste days upon > days swimming through documentation and toy code, getting nowhere > fast. > > Risl.