Hi everyone.
I'm using RSACryptoServiceProvider in .NET 2 and it seems that the Private part of a Public/Private key pair always contains the Public part as well.
I need to encrypt some info using my Public key, and allow the other party to ONLY DECRYPT what I encrypted. I don't want them to be able to know how I encrypted my message. Is that possible using RSACryptoServiceProvider in .NET?
The private key always includes the public key.
What you might really want is Signing. Using the same .NET classes, you can sign data with your private key and verify the signature on the other party's side with the public key (which obviously doesn't contain the private key).
public static string Sign(string data, string privateAndPublicKey)
{
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
RSACryptoServiceProvider provider = CreateProviderFromKey(privateAndPublicKey);
byte[] signatureBytes = provider.SignData(dataBytes, "SHA1");
return Convert.ToBase64String(signatureBytes);
}
public static bool Verify(string data, string signature, string publicKey)
{
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
byte[] signatureBytes = Convert.FromBase64String(signature);
RSACryptoServiceProvider provider = CreateProviderFromKey(publicKey);
return provider.VerifyData(dataBytes, "SHA1", signatureBytes);
}
private static RSACryptoServiceProvider CreateProviderFromKey(string key)
{
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.FromXmlString(key);
return provider;
}
Data encryption using private/public key does not work like that. You must use other person's public key, so he/she can decrypt it by means of his/her private key.
Nonetheless this is really slow, so in practice what is actually used to encrypt the message is a symmetric key which is generated at session time. The symmetric key is what is encrypted by means of the public key of the other end (much less data than whole message), and then attached to the encrypted message. SSL for example works like that.
Thanks stefan, and thanks for the code. That's cool.
Now do you have any references where I can get some clear info on the signing process, like a tutorial or something?
How to use:
The other party's public key:
If you want to encrypt something that only the other party (and no one else) can decrypt, you have to encrypt it with their public key (not with your key).
If you get a signature from the other party, you can verify that the signature is correct (as opposed to created by someone else) by using the other party's public key.
Your own private key:
If you want to sign something so that everyone can verify that you created the contents, you sign it with your own private key. Your public key will be used to verify it. The contents are not encrypted at all (unless you do that separately).
If someone sends you a message encrypted with your public key (so that only you can read it), you can decrypt it with your private key.
Your own public key:
You do not use your own public key. The other party uses it to verify your signatures, and to encrypt messages for your eyes only.
The other party's private key:
You do not have that.