Reverse Encryption in .NET

[James Chou]

Hi,

I saw several posts asking for reverse encryption (encrypt with
private key instead of public key) in .NET. I am having the same
question and wonder anybody has a good solution to it.

Basically, my client application generates a key pair and exports the
public key to server. The client application needs to encrypt a string
with the private key and send it to server. Server authenticates the
client after decrypts the stirng with the public key. It looks like a
very simple procedure but it seems impossible with the RSA encryption
provided by .NET. The Encrypt() method of RSACryptoServiceProvider
seems to do encryption with public key ONLY. It does use private key
to encrypt content when generating a signature though.

Does anybody have a solution to it? If .NET doesn't support it, is
there any way I can do it through Win32 CryptoAPI?


Thanks

James

 

[Hernan de Lahitte]

I don't know the value of this method for your business but certainly, from
a security perspective, it's value is null. Worst yet, its highly
"insecure". I wonder why you
don't create the key pair on the server side and send the public key to the
client, so he can use this key to encrypt the message (as normal practice)
and decrypt it on the server with it's private key. In the signature
scenario, the point is different because of the signature procedure nature
(see specs), this procedure DO need to be done by encrypting the hash with
the private key in order for the receiver to decrypt it with it's public
key, therefore achieving the "non-repudiation" key goal of the digital
signatures. The scenario you are describing applies to the signature case.

 

[james chou]

Thanks for your reply. As I understand, one way to authenticate a client
is to have server use client's public key to decrypt a token that is
encrypted with client's private key. That is exactly how a signature is
generated and verified except signature is generated by encrypting a
digest of a message. If a private key can be used to encrypt a digest of
a message, why can it be used to encrypt the message? I believe it is
technically possible. As matter of fact, I even found a well known
commercial PKI product that can do that. However, Windows cryptoAPI and
Java JCE(with default provider) don't provide this capability.

To keep the private key at server and distribute the public key to
clients doesn't seem to work. Every client can use the public key to
encrypt something and server will be able to decrypt it with no
problems. The server won't be able to tell which client is which unless
we have a keypair for each client. Since the public key is a public
information, everyone including unauthorized users can get it and use it
to access the server.

For my usage, looks like the signature will do it. However, I am
interested to the reason why reverse encryption is not provided in
Windows CryptoAPI and Java JCE.

Again, thanks for your information. Really appreciate that.

 

[Hernan de Lahitte]

I agree with the singature scheme for your scenario. Regarding your question
about ecripting with the private key, I guess (IMO) the CAPI and JCE might
addere to the PKCS#1 standard
(ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) and therefore
only permits to encript with the public key and decrypt with the private
key.

See section 7 of the above document.

7 Encryption schemes

For the purposes of this document, an encryption scheme consists of an
encryption operation and a decryption operation, where the encryption
operation produces a ciphertext from a message with a recipient's RSA public
key, and the decryption operation recovers the message from the ciphertext
with the recipient's corresponding RSA private key.



Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl

 

[james chou]

Hi,

Thank you for the link to the RSA document. I took a look at the
document and was convinced that CAPI and JCE must follow that standard
when implementing their encryption/decryption scheme. For folks that
really want to do reverse encryption (for whatever reasons), they just
have to look for something else.

Thanks for your information.

--James

 

[Johanna Espinosa]

Hi, I have the same problem, I checked out the answer you received I would like to know how you resolved the problem finally. I need to reverse the keys because I would like to use it like an authentication method. My model depends of it

I would appreciate your help

Johanna Espinos

----- James Chou wrote: ----

Hi

I saw several posts asking for reverse encryption (encrypt wit
private key instead of public key) in .NET. I am having the sam
question and wonder anybody has a good solution to it

Basically, my client application generates a key pair and exports th
public key to server. The client application needs to encrypt a strin
with the private key and send it to server. Server authenticates th
client after decrypts the stirng with the public key. It looks like
very simple procedure but it seems impossible with the RSA encryptio
provided by .NET. The Encrypt() method of RSACryptoServiceProvide
seems to do encryption with public key ONLY. It does use private ke
to encrypt content when generating a signature though

Does anybody have a solution to it? If .NET doesn't support it, i
there any way I can do it through Win32 CryptoAPI


Thank

Jame

 

[Hernan de Lahitte]

Well, I dont' know if I'm missing something here but (IMO) I would call this
"verifying a digital signature" procedure. In this scenario, you sign (hash
and encrypt with private key) a kind of token and on the server side you
verify the signature with the client public key.
The .NET classes follow the PKCS1 standard and won't let you do "reverse
encryption" as you described.
On the other hand, I wonder if the main reason for this kind of unusual
scenario may be "confidentiality" that might give you this "reverse
encryption" strategy. As you may already know, if you use the public key to
decrypt the message, anybody with the public key (the term "public" is
crutial here) will be able to decrypt it as well.
So if you want to authenticate the client and to provide confidentiality at
the same time, you should use the already known and proven pratices and
protocols and leave this kind of hack out of you security knowledge bag.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, I have the same problem, I checked out the answer you received I would

like to know how you resolved the problem finally. I need to reverse the
keys because I would like to use it like an authentication method. My model
depends of it.

 

[Johanna Espinosa]

Thanks Hernan,

I'm agree with you that reverse encryption isn't the a good idea for
confidentiality but my problem is that funny me I have to propose a
model for component authentication (academic porpuse), right now I just
have a trivial idea but I would like your appreciation, do you have a
e-mail to write you, you can send it to (e-mail address removed)

Any help will be appreciate,


Johanna Espinosa L.

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!