Is it possible to use pure Encrypting and Decrypting keys in asymmetric cryptography instead of private and public keys?

If you're asking what I think you're asking, you're solving a problem like this one:

You encrypt some data. You send it to clients, and want them to be able to decrypt it, but you do not want them to be able to encrypt anything, because then they could convince other clients that they're you.

Is that close? Can you tell us what problem you're solving?

For the rest of the folks on the thread, it sounds pretty clear the OP wants a decrypt-only key, instead of the usual encrypt-only public key.

Edit: the comments are correct in that a private key can't be used to encrypt, but it's not that difficult to generate the public key given the private key. If you have the private key, you effectively can have both keys.

Edit 2: OP, you should probably look into digital signatures. You could sign a message (using the private key) and then confirm the signature with the public key, which I think is exactly what you asked for.

If you want to make sure that the private key-holder cannot encrypt something such that the result is indistinguishable from a message sent by the public key-holder, then you could simply double-wrap your data.

Simply have two key-pairs.

Side A gets the private key of key-pair 1, and the public key of key-pair 2. Side B gets the public key of key-pair 1, and the private key of key-pair 2.

Side B sends his/her/its message by first encrypting it with the public key of key-pair 1, and then the private key of key-pair 2.

Side A decrypts the result using the public key of key-pair 2, and the private key of key-pair 1 (in that order).

Side A can generate the public key of key-pair 1, but cannot generate the private key of key-pair 2, so side A cannot generate a valid message.

The inverse works in the other direction.

Down-side: If you have a central person (or server) that every other person (or computer) is communicating with, each party needs their own private key, and they need to share the corresponding public key with the central person (or server) they are communicating with.

No, I need the private key for encoding my arbitrary messages and my users must have my open key for decoding my messages. I understand, it's a strange task looks like digital signing, but I can't use RSAPKCS1SignatureFormatter/Deformatter for it.

macropas 2010-06-17 12:25:18

I don't really understand why it is not working like this. You probably need to combine encoding and signing, as described in my answer. I agree, it gets complicated because of that. But you should solve all the problems I can think of with that.

Stefan Steinegger 2010-06-17 13:26:21

If I read it right, you're suggesting that every recipient has their own public/private key pair and he individually encrypts the message to all of them (or at least a symmetric key). I don't think he wants it to work like that.

Rup 2010-06-17 14:25:14

@Rup: only if he wants to send individual messages to them which another can't read. I actually don't know what he wants. But if he wants this kind of security, he needs such a mechanism.

Stefan Steinegger 2010-06-17 15:12:13

Stefan, the OP want to send (public) messages others can't _fake_.

Henk Holterman 2010-06-17 19:48:48

Something like this. Clients are not humans, they are special facilities. I send commands to them. Of course I can use symmetric cryptography, but it's not so secure

macropas 2010-06-17 13:21:37

There is no such thing as a "encrypt or decrypt only key" in public key cryptography. The main reason being that there is no (or no "real") technical or mathematical difference between those two keys. The difference is how you handle the keys. Once you have given away one of them, you call it public key. But *before* you gave it away you could have decided to give the other one away, then that would have become your "public" key... It really does not matter. The only important point is that you can *decrypt* anything you have *encrypted* with the other key **and vice versa!**

scherand 2010-06-17 13:32:20

@scherand. In this case I can't understand you. In standard RSA implementation public key is really encrypt-only.

macropas 2010-06-17 13:41:24

You can use the public key to encrypt and decrypt, you can only do the opposite though with the private key.

SLC 2010-06-17 13:53:30

@SLC: You are mistaken! Standard public key is for encryption only. You can not decrypt by it

macropas 2010-06-17 14:03:13

@macropas: No. The source of the confusion is that, when you use a library or such thing, you never get to choose which of the two keys will become your public key and which the private one. But theoretically you **could** choose free (as in beer :)). Once you (or someone else) has decided which of the two keys is named "public" you "only decrypt" with it because you call it "sign" when you encrypt something with it (there are some practical differences but they do not matter for the concept). A signature is nothing but something you "encrypted with your private key" (and hence can only be...

scherand 2010-06-17 14:03:30

...decrypted with your public key). Or the other way around: if something *can be decrypted with your public key, it must have been encrypted with your private key*. Hence you call it "signed".

scherand 2010-06-17 14:04:28

Yup signing is what I was referring to

SLC 2010-06-17 14:17:11

You can not decrypt message using public key in asymmetric ciphering. Your algorithm is wrong

macropas 2010-06-26 09:06:35

http://en.wikipedia.org/wiki/RSA#Signing_messages <-- This description sounds a LOT like encrypting the hash with the private key, and decrypting it with the public key. Just saying that you can use a symmetric key just as easily as a hash in the described situation.

Slartibartfast 2010-06-27 03:34:40

ansaurus

tags:

views:

answers:

Is it possible to use pure Encrypting and Decrypting keys in asymmetric cryptography instead of private and public keys?

related questions