RSA Principals

  • Thread starter Thread starter Nak
  • Start date Start date
N

Nak

Hi there,

I have just managed to get some methods together that encrypt data using
RSA encryption. 2 Keys are serialized and saved as files, one public and
one private, this way I can specify which key is used to decrypt/encrypt the
data, all works well, except...

I was under the impression that with RSA encryption you could do the
following,

1. Encrypt data (x) using the public key *ok*
2. Decrypt data (x) using the private key *ok*
3. Encrypt data (y) using the private key *ok*
4. Decrypt data (y) using the public key *problem*
5. Encrypt data (z) using the public key *ok*
6. Decrypt data (z) using the public key *problem*
7. Encrypt data (a) using the private key *ok*
8. Decrypt data (a) using the private key *ok*

I wasn't *totally* sure on the concepts of RSA encryption, maybe I have
written something wrong along the lines? Either that or the articles I have
been reading are wrong (which is more that possible). Anyone got any
thoughts on this? Thanks in advance.

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
there are two versions of rsa...rsa and rsa2. are both computers using the
same rsa protocol version?
 
Hi there,
there are two versions of rsa...rsa and rsa2. are both computers using the
same rsa protocol version?
Click to expand...

Hmm, it's just being implemented locally using the .NET Frameworks RSA
classes. Hmm, 2 versions huh? Does the other version allow for the 2 items
that didn't work for me using the one I have at the moment?

Nick.

~~recap~~~
--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
I think you misunderstand how RSA works.

The public key is used for "encryption" and "verification" while the private
key is used for "decryption" and "signing" (digital signature).

Also, the typical use for RSA encryption is for encrypting symmetric keys.
That is, you generate, for example, a TripleDES key, use that to encrypt
your data, then use RSA public key to encrypt the TripleDES key and send all
these to the recipient who then uses the private key to decrypt the
TripleDES key which he then uses to decrypt the data.

Here is what you should have done:
1. Encrypt data (x) using the public key *ok*
2. Decrypt data (x) using the private key *ok*

3. Sign data (y) using the private key *ok* [this generates a
digital signature (128KB)]
4. Verify signed data (y) using the public key *ok* [provide digital
signature and data that was signed]

Cheers,

Taiwo
 
Hi Taiwo,
I think you misunderstand how RSA works.
Click to expand...

Yup, unfortunately that's what happens when you believe what you read :-(
The public key is used for "encryption" and "verification" while the private
key is used for "decryption" and "signing" (digital signature).
Click to expand...

Right, I know I can do both of those. I didn't realise that the digital
signing process could be done in VB.NET code, that sounds like something I
want to do actually. I shall have to look that up, unless you could point
me in the right direction of course? And I can digitally sign *any* data
can I?
Also, the typical use for RSA encryption is for encrypting symmetric keys.
That is, you generate, for example, a TripleDES key, use that to encrypt
your data, then use RSA public key to encrypt the TripleDES key and send all
these to the recipient who then uses the private key to decrypt the
TripleDES key which he then uses to decrypt the data.
Click to expand...

Aah, I haven't done any TrippleDES, I presume that it is another form of
encryption? But isn't RSA used with SSL connections via HTTPS? Or does that
employ TrippleDES also, I'm slightly confused now because I was under the
impression that the *public* key could be made *public" knowledge anyway,
and that 2 sets of yeys would need to be made for 2 way encryption, hmmm, I
think I must have misunderstanding.
Here is what you should have done:
1. Encrypt data (x) using the public key *ok*
2. Decrypt data (x) using the private key *ok*
Click to expand...

Check :-)
3. Sign data (y) using the private key *ok* [this generates a
digital signature (128KB)]
4. Verify signed data (y) using the public key *ok* [provide digital
signature and data that was signed]
Click to expand...

Is that process simply encrypting then decrypting with the private key? Or
is a digital signature actually attached to the file? If I were to
digitally sign an XML file (If possible) would the data actually be visible
within an XML editor? or is the data left intact? More research needing to
be done by myself I think :-(

"there was much rejoycing.... yay"

Thanks bunches for your help!

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Nak said:
Hi Taiwo,


Yup, unfortunately that's what happens when you believe what you read :-(


Right, I know I can do both of those. I didn't realise that the digital
signing process could be done in VB.NET code, that sounds like something I
want to do actually. I shall have to look that up, unless you could point
me in the right direction of course? And I can digitally sign *any* data
can I?
Click to expand...

Look at the SignData and VerifyData methods of the RSACryptoServiceProvider
class.
Aah, I haven't done any TrippleDES, I presume that it is another form of
encryption? But isn't RSA used with SSL connections via HTTPS? Or does that
employ TrippleDES also, I'm slightly confused now because I was under the
impression that the *public* key could be made *public" knowledge anyway,
and that 2 sets of yeys would need to be made for 2 way encryption, hmmm, I
think I must have misunderstanding.
Click to expand...

SSL uses both symmetric (TripleDES, AES, etc.) and assymetric (RSA)
encryption. Because RSA encryption of large data sets is
processor-intensive, what SSL does is to use symmetric encryption for the
payload but exchange the symmetric keys used via assymetric (RSA)
encryption. That is, it is cheaper to use RSA encryption on the keys which
are of known sizes (128-bit, 256-bit, etc.). I hope that's a bit clearer...
Here is what you should have done:
1. Encrypt data (x) using the public key *ok*
2. Decrypt data (x) using the private key *ok*
Click to expand...

Check :-)
3. Sign data (y) using the private key *ok* [this generates a
digital signature (128KB)]
4. Verify signed data (y) using the public key *ok* [provide digital
signature and data that was signed]
Click to expand...

Is that process simply encrypting then decrypting with the private key? Or
is a digital signature actually attached to the file? If I were to
digitally sign an XML file (If possible) would the data actually be visible
within an XML editor? or is the data left intact? More research needing to
be done by myself I think :-(
Click to expand...

To answer your specific question, the XML file will still be visible.
Digital signature is not used to hide information but rather to guarantee
that data was sent by a known entity and that the data hasn't been modified
while in transit.

A digital signature is simply a one-way cryptographic hash. This implies
that different data sets will resolve to different cryptographic hashes.
When you compute the digital signature of your XML file with your private
key, you must send the digital signature and the XML file to the recepient.
If the recepient can use your public key to "verify" that the digital
signature sent along with the XML file is correct and was computed using
your private key, it means that you were actually the sender (a concept
called non-repudiation).

If you need to hide/encrypt the data in the XML file, do this:
- Generate a symmetric key (TripleDES or Rijndael)
- Encrypt your XML data using the symmetric key
- Compute the hash (digital signature) of the encrypted XML data using your
private key
- ***Encrypt the symmetric key with the recepient's public key
- Send the encrypted XML data, the digital signature, and the encrypted
symmetric key to the recepient
- The recepient will use your public key to verify that you're the sender of
the encrypted XML data by verifying the digital signature for the XML data
- ***The recepient will then use his/her private key to decrypt the
encrypted symmetric key
- The recepient will then use the decrypted symmetric key to decrypt the
encrypted XML data
 
Back
Top