none
RSACryptoServiceProvider - Encrypt and SignData RRS feed

  • Question

  • I have a basic question. I use a public key of a x.509 certificate to encrypt some data. If I try to decrypt using public key, I get an exception, which makes sense. Is this exception only a .NET thing or it will be case with any technology. It just does not make sense to me, if someone will be able to decrypt using a public key. That will make the whole PKI, a joke. Am I correct in assuming that you will never be able to decrypt unless you have the private key, regardless of the technology .NET or otherwise.

    Similarly, with signing, if I use a public key to sign, I get an exception, which again I'm hoping it is not a .NET framework thing. If data is signed with public key, while I verify with public key, it must fail, regardless of I use .NET or not. Am I correct in both the counts? Any pointers will be appreciated.

    PS. I'm not sure if this is a question to BCL forum or if there is any specific forum for cryptography. There are questions related to RSA stuff in this forum and based on that, I'm posting here. Apologies if I'm barking up the wrong tree.

    Monday, October 15, 2012 2:58 PM

Answers

  • I depends on how you setup method for encryption and decryption.  I helped get SHA working about 10 years ago on one system.  To be able to debug the code we kept on using the same key.  Later we went to key server and the key server where the encryption PC and the decryption PC each went to the same server to get the public key.  The server was setup to only give out the public key once to an encryption PC and once to the decryption PC.  The server was also set up so the time between the encryption PC requesting the key and the decryption PC was limited to only a short period of time.

    You can also  use a private key which the encryption PC and Decryption PC changes after each message is sent.  You create what is called a seed which you enter into the encryption PC and Decryption PC.  You can use for this a random number generator anbd intialize the generator with the seed.  The SHA algorithm is designed so if you try every combination of number it will take 1,000 years to decrypt even with the fastest super computer if you use a 256 bit key.


    jdweng

    Tuesday, October 16, 2012 7:45 AM

All replies

  • RSA is an encryption algorithm that you can use a fixed key.  Sha is  public key algorithm where both the encryption and decryption algorithm has to go to a server to key.  To get the encryption key and decryption key you have to provide the server with user profile information.  if you decrypt data with a wrong key you will get an exception using the net library.  Other operating systems when decrypting a mesage with the wrong key will give an error condition which may not be an exception.

    jdweng

    Monday, October 15, 2012 6:32 PM
  • I understand it may not be an exception but basically what I'm asking is, if I encrypt using public key, regardless of the platform, corresponding private key will be needed to decrypt. Similarly, if someone manages to sign using public key, if someone else tries to validate using public key again, validation will fail. Is that correct?
    Tuesday, October 16, 2012 3:08 AM
  • I depends on how you setup method for encryption and decryption.  I helped get SHA working about 10 years ago on one system.  To be able to debug the code we kept on using the same key.  Later we went to key server and the key server where the encryption PC and the decryption PC each went to the same server to get the public key.  The server was setup to only give out the public key once to an encryption PC and once to the decryption PC.  The server was also set up so the time between the encryption PC requesting the key and the decryption PC was limited to only a short period of time.

    You can also  use a private key which the encryption PC and Decryption PC changes after each message is sent.  You create what is called a seed which you enter into the encryption PC and Decryption PC.  You can use for this a random number generator anbd intialize the generator with the seed.  The SHA algorithm is designed so if you try every combination of number it will take 1,000 years to decrypt even with the fastest super computer if you use a 256 bit key.


    jdweng

    Tuesday, October 16, 2012 7:45 AM