I try to use RSA to implement the following scheme but wasn't sucessful.
Sever encrypt a message using a public key, the client decrpyt the message
using a private key.
I don't want the client to be able to encrypt a message.
However, using the Crypto API I need to pass in both the private and public
key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.
Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?
Thanks very much in advance,
Andy
13  1964 
I'm not sure I understand what you're asking for. Doesn't everyone have the
public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to sign
a plain-text message and spoof the producer's identity, provide a signature.
--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press www.servergeek.com
"Andy Chau" <wu*****@hotmail.com> wrote in message
news:uF**************@TK2MSFTNGP10.phx.gbl... I try to use RSA to implement the following scheme but wasn't sucessful.
Sever encrypt a message using a public key, the client decrpyt the message
using a private key.
I don't want the client to be able to encrypt a message.
However, using the Crypto API I need to pass in both the private and
public key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?
Thanks very much in advance,
Andy
"Andy Chau" <wu*****@hotmail.com> wrote in message news:uF**************@TK2MSFTNGP10.phx.gbl... I try to use RSA to implement the following scheme but wasn't sucessful.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.
Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).
You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)
Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)
Think of it ... encrypted malicious spam .. the next frontier of maluse.
- Michel Gallant
Security Visual MVP http://pages.istar.ca/~neutron
"Andy Chau" <wu*****@hotmail.com> wrote in message news:uF**************@TK2MSFTNGP10.phx.gbl... I try to use RSA to implement the following scheme but wasn't sucessful.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.
Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).
You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)
Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)
Think of it ... encrypted malicious spam .. the next frontier of maluse.
- Michel Gallant
Security Visual MVP http://pages.istar.ca/~neutron
"Andy Chau" <wu*****@hotmail.com> wrote in message When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
"Andy Chau" <wu*****@hotmail.com> wrote in message When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
That is true, but you can say the same for being able to compute the private
key using the public key.
I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:
1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa
Thanks in advance
Andy
"Pieter Philippaerts" <Pi****@nospam.mentalis.org> wrote in message
news:ec**************@TK2MSFTNGP10.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message When the client has both private and public key, it can just use the public key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to
the private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
That is true, but you can say the same for being able to compute the private
key using the public key.
I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:
1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa
Thanks in advance
Andy
"Pieter Philippaerts" <Pi****@nospam.mentalis.org> wrote in message
news:ec**************@TK2MSFTNGP10.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message When the client has both private and public key, it can just use the public key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to
the private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
"Andy Chau" <wu*****@hotmail.com> wrote in message news:ui**************@TK2MSFTNGP11.phx.gbl... That is true, but you can say the same for being able to compute the private
key using the public key.
Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch
Andy
"Pieter Philippaerts" <Pi****@nospam.mentalis.org> wrote in message
news:ec**************@TK2MSFTNGP10.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to
the private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
"Andy Chau" <wu*****@hotmail.com> wrote in message news:ui**************@TK2MSFTNGP11.phx.gbl... That is true, but you can say the same for being able to compute the private
key using the public key.
Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch
Andy
"Pieter Philippaerts" <Pi****@nospam.mentalis.org> wrote in message
news:ec**************@TK2MSFTNGP10.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to
the private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
Hi Mikey,
What I want is a scheme to use two set of keys for encryption/decryption.
I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:
1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa
As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.
I am wondering if there is such alg out there that can implement this
scheme.
Thanks
Andy
"Mickey Williams" <my first name at servergeek.com> wrote in message
news:Od**************@TK2MSFTNGP10.phx.gbl... I'm not sure I understand what you're asking for. Doesn't everyone have
the public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to
sign a plain-text message and spoof the producer's identity, provide a
signature.
--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press
www.servergeek.com
"Andy Chau" <wu*****@hotmail.com> wrote in message
news:uF**************@TK2MSFTNGP10.phx.gbl... I try to use RSA to implement the following scheme but wasn't sucessful.
Sever encrypt a message using a public key, the client decrpyt the
message using a private key.
I don't want the client to be able to encrypt a message.
However, using the Crypto API I need to pass in both the private and
public key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?
Thanks very much in advance,
Andy
Hi Mikey,
What I want is a scheme to use two set of keys for encryption/decryption.
I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:
1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa
As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.
I am wondering if there is such alg out there that can implement this
scheme.
Thanks
Andy
"Mickey Williams" <my first name at servergeek.com> wrote in message
news:Od**************@TK2MSFTNGP10.phx.gbl... I'm not sure I understand what you're asking for. Doesn't everyone have
the public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to
sign a plain-text message and spoof the producer's identity, provide a
signature.
--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press
www.servergeek.com
"Andy Chau" <wu*****@hotmail.com> wrote in message
news:uF**************@TK2MSFTNGP10.phx.gbl... I try to use RSA to implement the following scheme but wasn't sucessful.
Sever encrypt a message using a public key, the client decrpyt the
message using a private key.
I don't want the client to be able to encrypt a message.
However, using the Crypto API I need to pass in both the private and
public key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the
public key to encrypt the message which is what I don't want to allow.
Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?
Thanks very much in advance,
Andy
Yes, you are right.
That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?
Thanks
Andy
"Michel Gallant" <ne*****@nspxistar.ca> wrote in message
news:Om**************@TK2MSFTNGP09.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message
news:ui**************@TK2MSFTNGP11.phx.gbl... That is true, but you can say the same for being able to compute the
private key using the public key.
Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch
Andy
"Pieter Philippaerts" <Pi****@nospam.mentalis.org> wrote in message
news:ec**************@TK2MSFTNGP10.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message
> When the client has both private and public key, it can just use the
public
> key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the
public key from that. Hence it is impossible to only give your client access
to the private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
Yes, you are right.
That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?
Thanks
Andy
"Michel Gallant" <ne*****@nspxistar.ca> wrote in message
news:Om**************@TK2MSFTNGP09.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message
news:ui**************@TK2MSFTNGP11.phx.gbl... That is true, but you can say the same for being able to compute the
private key using the public key.
Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch
Andy
"Pieter Philippaerts" <Pi****@nospam.mentalis.org> wrote in message
news:ec**************@TK2MSFTNGP10.phx.gbl... "Andy Chau" <wu*****@hotmail.com> wrote in message
> When the client has both private and public key, it can just use the
public
> key to encrypt the message which is what I don't want to allow.
With RSA, anyone that has access to the private key can compute the
public key from that. Hence it is impossible to only give your client access
to the private key but not to the public key.
Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michael Sparks |
last post by:
Hi,
I suspect this is a bug with AMK's Crypto package from
http://www.amk.ca/python/code/crypto , but want to
check to see if I'm being dumb before posting a bug
report.
I'm looking at...
|
by: Paul Fi |
last post by:
I have this encryption scheme that I want to implement:
I have an authentication server, which takes clients' credentials to
complete authentication but first I have to encrypt the credentials, I...
|
by: Mark |
last post by:
I have been playing around with encrypting passwords using a class found in a
MS KB (see farther down). It seems to work great so long as the original
password is comprised of characters on the...
|
by: ~~~ .NET Ed ~~~ |
last post by:
Anybody has any idea why this simple thing is not working? I pass a text
file as input to encrypt it, then pass the encrypted version to the same
function and get some garbled data not at all...
|
by: SenseiHitokiri |
last post by:
I have some code that converts a string into base64 for some
encryption.
It was written on the 1.1 framework but I am trying to get it to work
on 2.0. It throws exceptions on the...
|
by: dfa_geko |
last post by:
Hi All,
I had a question about encrypting and decrypting XML files using asymmetric
keys. I copied some sample code from MSDN, here are the samples:
...
|
by: vermarajeev |
last post by:
Hi guys,
I have written code to encrypt and decrypt files using perl script. Please help me to port below code to crypto++ library.
//ENCRYPTION
my $cipher = Crypt::CBC->new(
-cipher =>...
|
by: Fritjolf |
last post by:
Hi.
I've got a strange problem...
I've made a simple program to test encryption/decryption.
I use Rijndael encryption and here are the most important properties.
RijndaelManaged cipher =...
|
by: Fett |
last post by:
I need a crypto package that works on windows with python 2.5. Can
anyone suggest one for me?
I have been searching for a couple days for a good cryptography
package to use for public/private...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
