tags:

views:

567

answers:

3
+3  Q: 

How is public key used to decrypt in .NET assemblies?

.NET signed assemblies contain public key, but the public key is used for encryption in RSA, then how does .NET uses the public key for decryption of signed assemblies?

Ok, the signed assemblies contain the hash, but the hash is encrypted using the private key and not the public key. So, why and how in .NET private keys are used for encryption and public keys for decryption. I mean, that all software like RSACryptoPad uses the public key for encryption and not for decryption.

+3  A: 

The idea is that a signature can only be created using the private key, but after that anyone with a copy of the public key can validate the signature. No decryption is required for a signature--the signature is simply added on to the plain text assembly.

sblom  2009-03-22 06:39:14
A: 

The purpose of signing assemblies is to verify their source. If I sign my assembly then send it to you, you should be reasonably sure that's its come from me and it hasn't been tampered with along the way.

Campbell  2009-03-22 06:51:10
+5  A: 

The public-private key pair is not used to encrypt the whole assembly. Instead it is used to sign the assembly.

Simplifying a little, to sign a file - such as an assembly - you take a hash of the file and then ecrypt that hash with your private key. Someone using the file verifies your signature by making a hash of the file themselves and then decrypting your encrypted hash using your public key and confirming these two hashes are the same. This proves two things:

  1. The assembly is from who is claims to be from - i.e you - as it has been produced with your private key.
  2. The assembly hasn't been altered by someone else as the hash you made when you released the assembly is the same as the current one. No-one can alter the signed assembly since they would also have to make corresponding changes to the encrypted hash which requires your private key.

There is a lot more detail about Digital Signatures in this Wikipedia article.

The great thing about public-private key pairs is that they work either way around. So something encrypted with your private key can be only decrypted with your public key but also something encrypted with your public key can be decrypted with your private key. This latter use means that if someone wants to send something to you and only you then then can encrypt it with your freely available public key but they know only you with your private key can decrypt it.

As the keys only work as a pair - making the encryption asymmetric - someone else can't simply reverse the encryption they've done with the public key to get the message to you.

Dave Webb  2009-03-22 07:17:31
extended the base question, with more queries. Thanks for the answer.
Priyank Bolia  2009-03-22 07:29:22
Added some description of why you would encrypt with a public key as well as a private one.
Dave Webb  2009-03-22 07:37:04
This is wrong — signing is not done by encrypting with the private key; it is done by /decrypting/ with it (at least for RSA).
derobert  2009-03-22 08:05:48
What exactly are you decrypting when signing, derobert?
configurator  2009-03-22 08:33:47
@configurator: In RSA, a padded hash of the message. http://en.wikipedia.org/wiki/RSA#Signing_messages has details. Remember "decrypt" in RSA is just a mathematical operation, you can perform it on arbitrary data.
derobert  2009-03-22 08:59:31
that's what I can't understand how will you do encryption with your private keys, it doesn't have the modulus, exp? How is private keys used for encryption, that's the question?
Priyank Bolia  2009-03-22 13:17:51
@Priyank: In RSA, you can either encrypt with the public key and decrypt with the private key - or - encrypt with the private key and decrypt with the public key, aka signing. (No nitpicking regarding which part is encrypting or decrypting please)
configurator  2009-03-22 19:52:30
It works the same way - data multiplied by private key, then public key, then modulo the modulo part is the same as data multiplied by public key, then private key, then modulo the same modulo part.
configurator  2009-03-22 19:53:12

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?