Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

Reply
Thread Tools

Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

 
 
Andy Chau
Guest
Posts: n/a
 
      10-03-2003
I try to use RSA to implement the following scheme but wasn't sucessful.

Sever encrypt a message using a public key, the client decrpyt the message
using a private key.

I don't want the client to be able to encrypt a message.

However, using the Crypto API I need to pass in both the private and public
key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.

Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?

Thanks very much in advance,

Andy



 
Reply With Quote
 
 
 
 
Mickey Williams
Guest
Posts: n/a
 
      10-03-2003
I'm not sure I understand what you're asking for. Doesn't everyone have the
public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to sign
a plain-text message and spoof the producer's identity, provide a signature.

--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press
www.servergeek.com


"Andy Chau" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> Sever encrypt a message using a public key, the client decrpyt the message
> using a private key.
>
> I don't want the client to be able to encrypt a message.
>
> However, using the Crypto API I need to pass in both the private and

public
> key pairs in order to decrypt the message.
> When the client has both private and public key, it can just use the

public
> key to encrypt the message which is what I don't want to allow.
>
> Does anyone know if there is any asymmetric crypto API to implmenet this
> scheme?
>
> Thanks very much in advance,
>
> Andy
>
>
>



 
Reply With Quote
 
 
 
 
Michel Gallant
Guest
Posts: n/a
 
      10-04-2003
"Andy Chau" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> When the client has both private and public key, it can just use the public
> key to encrypt the message which is what I don't want to allow.


Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).

You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities

Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT

Think of it ... encrypted malicious spam .. the next frontier of maluse.

- Michel Gallant
Security Visual MVP
http://pages.istar.ca/~neutron


 
Reply With Quote
 
Pieter Philippaerts
Guest
Posts: n/a
 
      10-04-2003
"Andy Chau" <(E-Mail Removed)> wrote in message
> When the client has both private and public key, it can just use the

public
> key to encrypt the message which is what I don't want to allow.


With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.

Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl


 
Reply With Quote
 
Andy Chau
Guest
Posts: n/a
 
      10-04-2003
That is true, but you can say the same for being able to compute the private
key using the public key.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

Thanks in advance

Andy

"Pieter Philippaerts" <(E-Mail Removed)> wrote in message
news:ec$(E-Mail Removed)...
> "Andy Chau" <(E-Mail Removed)> wrote in message
> > When the client has both private and public key, it can just use the

> public
> > key to encrypt the message which is what I don't want to allow.

>
> With RSA, anyone that has access to the private key can compute the public
> key from that. Hence it is impossible to only give your client access to

the
> private key but not to the public key.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>



 
Reply With Quote
 
Michel Gallant
Guest
Posts: n/a
 
      10-04-2003
"Andy Chau" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> That is true, but you can say the same for being able to compute the private
> key using the public key.


Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch




> Andy
>
> "Pieter Philippaerts" <(E-Mail Removed)> wrote in message
> news:ec$(E-Mail Removed)...
> > "Andy Chau" <(E-Mail Removed)> wrote in message
> > > When the client has both private and public key, it can just use the

> > public
> > > key to encrypt the message which is what I don't want to allow.

> >
> > With RSA, anyone that has access to the private key can compute the public
> > key from that. Hence it is impossible to only give your client access to

> the
> > private key but not to the public key.
> >
> > Regards,
> > Pieter Philippaerts
> > Managed SSL/TLS: http://www.mentalis.org/go.php?sl
> >
> >

>
>



 
Reply With Quote
 
Andy Chau
Guest
Posts: n/a
 
      10-05-2003
Hi Mikey,

What I want is a scheme to use two set of keys for encryption/decryption.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.

I am wondering if there is such alg out there that can implement this
scheme.

Thanks

Andy

"Mickey Williams" <my first name at servergeek.com> wrote in message
news:Od$(E-Mail Removed)...
> I'm not sure I understand what you're asking for. Doesn't everyone have

the
> public key? Isn't its public availablility the very essence of asymmetric
> encryption? If you're worried that an arbitrary client might be able to

sign
> a plain-text message and spoof the producer's identity, provide a

signature.
>
> --
> Mickey Williams
> Author, "Microsoft Visual C# .NET Core Reference", MS Press
> www.servergeek.com
>
>
> "Andy Chau" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I try to use RSA to implement the following scheme but wasn't sucessful.
> >
> > Sever encrypt a message using a public key, the client decrpyt the

message
> > using a private key.
> >
> > I don't want the client to be able to encrypt a message.
> >
> > However, using the Crypto API I need to pass in both the private and

> public
> > key pairs in order to decrypt the message.
> > When the client has both private and public key, it can just use the

> public
> > key to encrypt the message which is what I don't want to allow.
> >
> > Does anyone know if there is any asymmetric crypto API to implmenet this
> > scheme?
> >
> > Thanks very much in advance,
> >
> > Andy
> >
> >
> >

>
>



 
Reply With Quote
 
Andy Chau
Guest
Posts: n/a
 
      10-05-2003
Yes, you are right.

That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?

Thanks

Andy

"Michel Gallant" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Andy Chau" <(E-Mail Removed)> wrote in message

news:(E-Mail Removed)...
> > That is true, but you can say the same for being able to compute the

private
> > key using the public key.

>
> Not TRUE at all .. when you have the public key, you only have the product
> of the 2 private primes which does not give you the private key (except by
> some massive unrealizable brute force effort).
> With private key, you a priori have the 2 primes, and simply multiply them
> to get the public key ... totally different.
> - Mitch
>
>
>
>
> > Andy
> >
> > "Pieter Philippaerts" <(E-Mail Removed)> wrote in message
> > news:ec$(E-Mail Removed)...
> > > "Andy Chau" <(E-Mail Removed)> wrote in message
> > > > When the client has both private and public key, it can just use the
> > > public
> > > > key to encrypt the message which is what I don't want to allow.
> > >
> > > With RSA, anyone that has access to the private key can compute the

public
> > > key from that. Hence it is impossible to only give your client access

to
> > the
> > > private key but not to the public key.
> > >
> > > Regards,
> > > Pieter Philippaerts
> > > Managed SSL/TLS: http://www.mentalis.org/go.php?sl
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypting/Decrypting XML Documents with Asymmetric Keys dfa_geko ASP .Net 3 04-06-2007 01:31 PM
501 PIX "deny any any" "allow any any" Any Anybody? Networking Student Cisco 4 11-16-2006 10:40 PM
Encrypting/Decrypting Password from a Config File michael.santamaria@gmail.com Java 35 11-09-2005 06:58 PM
encrypting and decrypting with perl Marshall Dudley Perl 1 01-27-2005 06:14 PM
Encrypting/Decrypting Connection String VB Programmer ASP .Net 3 11-30-2004 06:08 AM



Advertisments