locked
RSA : Encrypt with private key and decrypt with public key RRS feed

  • Question

  • Hi,

    I want to encrypt with private key and decrypt with public key using the RSACryptoServiceProvider, but it doesn't work.

    I tried many ways, like exchange E and D parameters in keyinfo with the Encrypt... or i tried to use Decrypt for encryption and Encrypt for decryption, but there is a padding error...

    Is it possible with the framework to do that ?

    Thanks

     

     

    Wednesday, February 28, 2007 10:19 AM

Answers

  • If you want to protect against generation of licences by someone else, you ought to be signing, not encrypting.  Encryption prevents against reading of data by third parties, and signing prevents against writing of data by third parties.  If you encrypt with your private key, you won't be protecting against reading of your data by third parties since there's no reason to believe that your intended public key recipients won't share (intentionally or otherwise) the key with anyone else.
    Friday, March 9, 2007 12:41 AM

All replies

  • Use DSACryptoServiceProvider class to sgn your data and then varify the signature.

    View http://msdn2.microsoft.com/en-gb/library/system.security.cryptography.dsacryptoserviceprovider.aspx for code example.

    Best regards

    Tuesday, March 6, 2007 9:18 AM
  • Why do you want to do this?  The purpose of encryption is usually to hide information from anyone other than a specifically intended recipient (i.e.: the holder of the private key).  What you are proposing would potentially allow anyone to read the encrypted data since the public key should be assumed to be truly public (i.e.: holders won't protect it the way they would protect their own private keys).  Is this really what you want?  If so, why bother encrypting at all?
    Wednesday, March 7, 2007 1:37 PM
  • The RSA has the particularity to be "reversable" : you can encrypt with public and decrypt with private, or encrypt with private and decrypt with public.

    I want to distribute datas that people can only decrypt, as a licence file for example.
    I create and encrypt a licence with my private key. I distribute the encrypted licence and the public key, so people can read the licence, but noone can generate a licence, except me.

    Actually, this works really fine with OpenSSL. Now, i want to do the same under .NET.

    Using the signature is not a way, because i can just verify datas, not decrypt them.

    Regards

    Thursday, March 8, 2007 7:34 PM
  • If you want to protect against generation of licences by someone else, you ought to be signing, not encrypting.  Encryption prevents against reading of data by third parties, and signing prevents against writing of data by third parties.  If you encrypt with your private key, you won't be protecting against reading of your data by third parties since there's no reason to believe that your intended public key recipients won't share (intentionally or otherwise) the key with anyone else.
    Friday, March 9, 2007 12:41 AM
  •  Sebastien LEIX wrote:

    The RSA has the particularity to be "reversable" : you can encrypt with public and decrypt with private, or encrypt with private and decrypt with public.

    I want to distribute datas that people can only decrypt, as a licence file for example.
    I create and encrypt a licence with my private key. I distribute the encrypted licence and the public key, so people can read the licence, but noone can generate a licence, except me.

    Actually, this works really fine with OpenSSL. Now, i want to do the same under .NET.

    Using the signature is not a way, because i can just verify datas, not decrypt them.

    Regards

     

    Hi, I met the same problem, is it because of MS's CSP? Have you solve it? I think some time we need encrypted using a private key and decrypt using a public key...

    Monday, April 9, 2007 9:05 PM
  • I solve the problem by using OpenSSL with a c# wrapper.
    Tuesday, April 10, 2007 6:48 PM
  • Did you write the wrapper by yourself or use some existing open source project wrapper? Thanks!
    Wednesday, April 11, 2007 3:27 AM
  • It is difficult to wrap directly OpenSSL function "RSA_private_encrypt" and "RSA_public_decrypt" because there is the RSA struct in parameter, it is complicated for marshaling...

     

    My project was to encrypt and decrypt licence file, so i coded a C++ DLL with high api level. I have only two entry point in my DLL (EncryptLicence and DecryptLicence) and I simply used my dll with DllImport in C#...

     

     

     

     

     

     

    Wednesday, April 11, 2007 3:41 PM
  • Thanks!

    I directly wrapped the "RSA_private_encrypt" and "RSA_public_decrypt", I just modified these to functions in OpenSSL source code, use void* instead of RSA* in the c code, then use IntPtr when import OpenSSL dll. It works...!

    But the problem is when I try to use  i2d_RSAPublicKey and RSA * d2i_RSAPublicKey to export and import the public key (same to private key), the d2i_RSAPublicKey  does not return any value... the strange thing is I can not find the definition or declaration in the source code...it may be declared by some Macro...Do you have idea about it?

    Wednesday, April 11, 2007 8:51 PM
  • Sebastien LEIX: I am in the exact situation as you described here. It would help me greatly if you could provide source code for your solution?
    Sunday, December 30, 2007 7:39 AM
  •  

    I cannot provide you the source code because it is under copyright, i am sorry Sad

    Sunday, December 30, 2007 8:13 AM
  • Ah, too bad.  Thanks for the very quick reply though. 

    Do you know of any helpful resources on how to accomplish this? I am not familiar with neither c++ or openssl, so I am basically banging my head now trying to figure out how to do this.

    • Proposed as answer by amir961 Monday, April 11, 2011 7:12 AM
    • Unproposed as answer by Reed Copsey, JrMVP Wednesday, April 13, 2011 4:56 PM
    • Edited by Reed Copsey, JrMVP Wednesday, April 13, 2011 4:57 PM removed invalid image
    Sunday, December 30, 2007 8:21 AM
  •  

    Hi,

    You can start here -> www.bouncycastle.org. RSA implementation of this library is very clear and there is lot's of real sample codes...

    Sunday, December 30, 2007 11:15 AM