Asked by:
RSA Encryption using Microsoft Crypto API
Question

Is it possible to encrypt data on one PC using secret RSA key and decrypt it on another with public RSA key. I am using Microsoft Crypto API.
Can You give an example of source code?
I am trying to extend this code: http://www.niris.co.uk/crypt.html
I want to generate and save secret, public keys in files, encrypt data, then to read public key from file and decrypt data.
One guy told me, that it is impossible to achieve, because RSA is used only as symmetric algorithm, no secret or public keys.
I can only create a session key to encrypt and another session key to decrypt. But how encrypt and decrypt using different session keys ?
 Moved by Helen Zhao Monday, June 4, 2012 9:02 AM (From:Visual C++ General)
Friday, June 1, 2012 2:39 PM
All replies

On 6/1/2012 10:39 AM, Terminus Amulius wrote:
Is it possible to encrypt data on one PC using secret RSA key and decrypt it on another with public RSA key. I am using Microsoft Crypto API.
No. Nor does it make much sense. Since the decryption key is public, anyone can decrypt the data  what's the point of encrypting it then?
Perhaps you are looking to create a digital signature (which is, basically, a hash of the data encrypted with the private key; it proves that the data does come from the party owning the public key). That you can indeed do with CryptoAPI
I want to generate and save secret, public keys
That's an oxymoron. A key can either be secret or public, it can't be both. If you want a secret shared key, just use a symmetric encryption algorithm, such as AES.
One guy told me, that it is impossible to achieve, because RSA is used only as symmetric algorithm, no secret or public keys.
No, RSA is an asymmetric algorithm, with a private and public key forming a pair.
I can only create a session key to encrypt and another session key to decrypt.
What do you mean, another session key? You have to decrypt with the same key that was used for encryption, otherwise you would just get random garbage. That's the whole point of encryption  if you don't know the key, you can't see the original data.
Igor Tandetnik
Friday, June 1, 2012 5:01 PM 
I have made a mistake. This would be correct: Public key for encryption, private key for decryption.
I have found interesting link:
http://blogs.msdn.com/b/alejacma/archive/2008/01/28/howtogeneratekeypairsencryptanddecryptdatawithcryptoapi.aspx
This is what i was asking, doesn't it ? I can make keys on one pc, transfer data and private key on another to decrypt it. I can move private key through secure channel and then send my data over none secure. Key generator make key pair (private and public keys), no session keys.
Friday, June 1, 2012 6:59 PM 
On 6/1/2012 2:59 PM, Terminus Amulius wrote:
I have made a mistake. This would be correct: Public key for encryption, private key for decryption.
This should work. However, it is illadvised to encrypt data with RSA public key directly (and in fact, I believe CryptAPI limits the amount of data that can be thus encrypted). RSA is vulnerable to analysis of large amounts of ciphertext. Besides, RSA encryption is slow, orders of magnitude slower than symmetric encryption.
So normally, you would generate a random session key, encrypt the data with some symmetric algorithm using that key, then encrypt that session key itself with RSA public key and send the encrypted key together with the data. The recipient would decrypt the session key with the private key, then decrypt the data with the session key.
CryptAPI provides two functions, CryptEncryptMessage and CryptDecryptMessage, which do all this in one call. See
http://msdn.microsoft.com/enus/library/windows/desktop/aa382376.aspx
I can make keys on one pc, transfer data and private key on another to
decrypt it. I can move private key through secure channel
And what key would you use to secure that channel?
If you can transport and store keys securely somehow, then you don't need publickey cryptography in the first place. Just generate a session key, transfer it to the other machine, and use the same key on both ends to encrypt and decrypt with a symmetric encryption algorithm. The whole point of publickey cryptography is to allow key exchange when keys cannot be trasported securely.
Key generator make key pair (private and public keys), no session keys.
Again, why do you want that? What benefit do you hope to achieve by using publickey cryptography, rather than plain vanilla symmetric encryption? What problem are you trying to solve?
Igor Tandetnik
Friday, June 1, 2012 7:26 PM 
Hi Terminus,
According to your description, I'd like to move this thread to "Application Security for Windows Desktop Forum" for better support.
Thanks for your understanding and active participation in the MSDN Forum.
Best regards,Helen Zhao [MSFT]
MSDN Community Support  Feedback to us
Monday, June 4, 2012 9:01 AM