Decrypt data using an RSA public key

views:

answers:

+2 Q:

Decrypt data using an RSA public key

First off, that is not a typo, I want to decrypt using a public key. The purpose for doing this is to challenge a third party to ensure they do, in fact, have the private key that corresponds to the public key. Basically, I would send some random data, they would encrypt it with their private key, I would decrypt it using the public key and compare the decrypted value to the random data that I sent. I believe this is a pretty standard procedure in public key crypto but for some reason decrypting with a public key seems to be taboo.

I am simply using the RSACryptoServiceProvider in .NET 2.0. However, when I call Decrypt it throws a CryptographicException with message Bad Key. The key is not bad (I can Encrypt with no problem), but it appears as though it will not let me decrypt with just the public key. What gives? This must be possible to do.

+6 A:

I think the recognized term is signing. They sign with the private key, and you verify with the public key. I admit I don't understand the low-level math as well as I should, but my understanding is signing is really just encrypting with the private key.

Use RSACryptoServiceProvider's sign and verify family of methods. In fact, SignHash actually says, "encrypting it with the private key."

Matthew Flaschen 2010-06-25 22:05:29

*"but my understanding is signing is really just encrypting with the private key"* - Well, yes and no. Yes in theory. In practice however, you hash the input first, encrypt the *hash* with the private key, and append that to the message, because RSA is very computationally expensive. In fact, when encrypting in practice you do not even encrypt the input with the public key: you encrypt a large random number, and use that number as the key to a much-faster symmetric encryption algorithm, like AES.

BlueRaja - Danny Pflughoeft 2010-06-25 22:25:43

@BlueRaja, I was actually aware of that (both the hashing and that RSA is only used for exchanging a random session key). That's part of why I referenced `SignHash`. My point is that "signing x" == "encrypting x with a private key." This applies regardless of whether x is a hash or a real message.

Matthew Flaschen 2010-06-25 22:36:38

The major difference between signing and encrypting is that when you *encrypt*, you pad with random data (to prevent plaintext-guessing attacks); when you *sign*, you pad with data that has a predefined structure (to prevent chosen-remainder attacks). When you are verifying a signature, it's important to verify that the padding data is correct also.

caf 2010-06-26 13:43:42

Ok, I'm working with a 3rd party and it doesn't appear as though any hashing is involved. They are simply expecting some random bytes and then expecting me to decrypt the value they return and compare it to the random bytes. I don't see how to do this with `RSACryptoServiceProvider`. I really cannot understand why it won't let me call `Decrypt` with only a public key since that is what it is doing internally when verifying a signature...

Dennis 2010-06-28 13:01:57

These .Net classes should be a wrapper of the crypto API.

There are two types of keys in crypto API. Crypto API is a wrapper around PKCS#11. When you generate a key pair using Microsoft cryptographic service provider, you get AT_EXCHANGE AND AT_SIGNATURE keys. Every key is generated based on some attributes defined in PKCS#11 standard..

AT_EXCHANGE keys Attributes:

wrap/unwrap = true

sign/verify = true

encrypt/decrypt = false

AT_SIGNATURE keys Attributes:

wrap/unwrap = false

sign/verify = true

encrypt/decrypt = false

So basically, when you are exchaning data, you are essentially performing a wrapping/unwrapping function. This is what Microsoft calls it as AT_EXCHANGE. This is primarily used to exchange secrete/symmetric keys and not used to echange huge amounts of data.

So you need to go back and find out which key you chose to EITHER sign / wrap your dat.

Raj 2010-06-30 16:02:29

I'm not quite sure I follow... I'm not doing the signing I'm simply trying to verify the signature. Even then all I really want to do is decrypt some data. From what I'm gathering from what you're saying, it doesn't sound like this is possible using the .NET API?

Dennis 2010-06-30 17:00:38

I donot understand your comment. You are saying >>I'm simply trying to verify the signature.<< BUT YOU ARE ALSO SAYING, >>I really want to do is decrypt some data<< Are you want to just decrypt data or are you want to verify signature or are you want to do both?, If it is the third choice, then look at Hybrid models [http://en.wikipedia.org/wiki/Hybrid_cryptosystem].

Raj 2010-07-01 09:25:17

I have a bunch of bytes that I am trying to RSA decrypt using RSACryptoServiceProvider and all I have is the public key. The terms "signing" and "hash" are just clouding my goal.

Dennis 2010-07-02 13:26:38

ansaurus

tags:

views:

answers:

Decrypt data using an RSA public key

related questions