Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

  • Thread starter Thread starter Andy Chau
  • Start date Start date
A

Andy Chau

I try to use RSA to implement the following scheme but wasn't sucessful.

Sever encrypt a message using a public key, the client decrpyt the message
using a private key.

I don't want the client to be able to encrypt a message.

However, using the Crypto API I need to pass in both the private and public
key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.

Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?

Thanks very much in advance,

Andy
 
I'm not sure I understand what you're asking for. Doesn't everyone have the
public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to sign
a plain-text message and spoof the producer's identity, provide a signature.
 
Andy Chau said:
I try to use RSA to implement the following scheme but wasn't sucessful.

When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.
Click to expand...

Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).

You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)

Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)

Think of it ... encrypted malicious spam .. the next frontier of maluse.

- Michel Gallant
Security Visual MVP
http://pages.istar.ca/~neutron
 
Andy Chau said:
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.
Click to expand...

With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.

Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
 
That is true, but you can say the same for being able to compute the private
key using the public key.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

Thanks in advance

Andy
 
Andy Chau said:
That is true, but you can say the same for being able to compute the private
key using the public key.
Click to expand...

Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch
 
Hi Mikey,

What I want is a scheme to use two set of keys for encryption/decryption.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.

I am wondering if there is such alg out there that can implement this
scheme.

Thanks

Andy
 
Yes, you are right.

That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?

Thanks

Andy
 
Back
Top