 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / June 2008Encrypting using RSA private Key
Hi, Is it possible to encrypt using the RSA private key and decrypt using the public key? I am able to do the opposite but when I try to decrypt using the private key I get a "Bad Key" Exception. Here is an example: rsa = new RSACryptoServiceProvider(); RSAParameters publicKey = rsa.ExportParameters(false); RSAParameters privateKey = rsa.ExportParameters(true); byte[] testPlainData = new byte[] { 0x01, 0x02, 0x03 }; rsa.ImportParameters(publicKey); byte[] enc = rsa.Encrypt(testPlainData, false); rsa.ImportParameters(privateKey); byte[] plain = rsa.Decrypt(enc, false); enc = rsa.Encrypt(testPlainData, false); rsa.ImportParameters(publicKey); rsa.Decrypt(enc, false); The first encryption and decryption work fine. The second encryption (using the private key) seems to work but the decryption using the public key throws the exception. Thanks, Jeronimo No, that is a violation of how RSA is intended to be used, so Windows prevents you doing that. You sign and decrypt with the private key, not encrypt. Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Hi, > [quoted text clipped - 22 lines] > > Jeronimo Thanks Joe, However, I find it strange because according to the following article: http://support.microsoft.com/kb/245152 Data that is encrypted with the public key can only be decrypted with the private key. Conversely, data that is encrypted with the private key can be decrypted only with the public key. This asymmetry is the property that makes public key cryptography so useful. That article is misleading at best. You might be better off consulting a deeper article on RSA and asymmetric algorithms. The stuff on Wikipedia is pretty good. The fact remains that you should not attempt to encrypt with the private key and the error you got is a result of you having tried to do so. You can sign if you like though. Do you have specific reason why you want to encrypt with the private key? Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Thanks Joe, > [quoted text clipped - 7 lines] > decrypted only with the public key. This asymmetry is the property that > makes public key cryptography so useful. Thanks Joe, The data that we are transmitting is encrypted using a 3DES key.. The key is encrypted by a user and both the encrypted key and data are sent to a web service that stores the public keys of all users that can send information to it. It made sense to encrypt the 3DES key using the private key but we will now change the scheme and encrypt the key using the server's public key and signed with the user's private key. Yes, you should definitely encrypt with the server's public key and sign with the user's private key. If you were using SSL with client cert auth, it would just do all this for you. WS-Security could also take care of all of this as well. If you really want to do it by hand, you might want to consider packaging the encrypted and signed data using an EnvelopedCms message, as the underlying PKCS#7 format is designed specifically for exchanging these types of messages. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Thanks Joe, > [quoted text clipped - 7 lines] > change the scheme and encrypt the key using the server's public key and > signed with the user's private key. Hi Jeronimo Bertran, not with .NET! the answer is YES but only if you rewrite the rsa algo :-D ...you need a BigInteger library ;-) P = 1st large prime number Q = 2nd large prime number E = Public Exponent: 3 (fast operation), 65537 (secure) (or random number which must: GCD(E, (P-1)*(Q-1))==1) N = Public Modulus, N=P*Q D = Private Exponent: D=E^(-1) mod ((P-1)*(Q-1)) {N,E}=publickey {D}=privatekey standard use: ------------- encryption: C=M^E mod N with M<N decryption: M=C^D mod N the inverse use of rsa :-o is: encryption: C=M^D mod N with M<N decryption: M=C^E mod N ^ = PowerOf HTH SignatureMarcello Cantelmo www.cantelmosoftware.com > Hi, > [quoted text clipped - 22 lines] > > Jeronimo Thanks Marcello. Got it to work. > Thanks Marcello. Got it to work. Hi. Can you share how you got it to work ? I need reverse RSA encryption too. Thanks. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.