DSACryptoServiceProvider vs. RSACryptoServiceProvider

views:

378

answers:

DSACryptoServiceProvider vs. RSACryptoServiceProvider

I seem to have misunderstanding here.

I need to implement public/private key encryption (PKCS) with digital signing. I've found the following classes in .Net framework.

RSACryptoServiceProvider
DSACryptoServiceProvider

I want to encrypt files then digitally sign them, and at the receiver verify the signature and then decrypt.

The class DSACryptoServiceProvider has the function VerifySignature which takes both the signed signed value and the un-signed value!

My question here is whether to encrypt-then-sign or sign-then-encrypt?

If i send the un-signed key (along with the signed key) of the encryption key, then any third party will be able to decrypt the text

You always encrypt then sign. Doing it this way means that the receiving party can check the encrypted data has not been changed during transmission without having to unencrypt, which can be a lengthy process.

blowdart 2009-07-29 12:07:01

I totally agree, but how to implement this using DSACryptoServiceProvider which has the function VerifySignature (signedHash, unsignedHash)? what is the hash here anyway? is it the key of encryption?

ala 2009-07-29 12:09:36

That is wrong. If you need non-repudiation then you really have to sign the message and then encrypt it. Otherwise an adversary could generate his public/secret key pair such that decrypting a signed message results in a plaintext chosen by the adversary.

Accipitridae 2009-07-29 18:43:03

Oh I'm not saying don't do both, but repudiation was not mentioned in the question at all, simply signature verification.In fact if you want both non-repudiation and validation you end up doing both, especially in systems which forward messages from or to other systems.

blowdart 2009-07-29 20:41:42

+1 A:

Signing means:

Sender calculates a hash from the data before sending
Sender encrypts that hash with senders private key
Receiver calculates hash from the received data
Receiver decrypts senders signature with senders public key
Receiver compares the locally calculated hash and the decrypted signature

I suppose VerifySignature() does steps 4) and 5)

In steps 1) and 3) you create the hash for the encrypted or unencrypted data, your choice as long as sender and receiver do it exactly the same.

Note that this is independent of the actual encryption of the data, you can even sign unencrypted data. Also note that the use of the keys is reversed, normally you encrypt with the receivers public key.

Henk Holterman 2009-07-29 13:18:37

thank you this is very informative, but what exactly is going to be sent (from 2 to 3)? is it the hash? (so we create hash on the hashed)?

ala 2009-07-29 13:55:49

You send the signature (== encrypted hash), along with the data.

Henk Holterman 2009-07-29 14:34:17

Just to clarify some possible confusion (but maybe it is obvious):

You don't encrypt the message itself using an asymmetric algorithm - something like AES is probably more appropriate.
You send the encrypted message and the hash (the hash is encrypted). The recipient generates the hash themselves and checks that it matches the hash you sent (that they have decrypted using the senders public key).

If you don't have a shared key to use for the symmetric encryption (i.e the encryption of the message itself) then you probably should generate one and encrypt it with the recipients public key and send it along with the signed message.

macbutch 2009-07-29 14:16:53

ansaurus

tags:

views:

answers:

DSACryptoServiceProvider vs. RSACryptoServiceProvider

related questions