Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Reverse Encryption in .NET

Reply
Thread Tools

Reverse Encryption in .NET

 
 
James Chou
Guest
Posts: n/a
 
      02-26-2004
Hi,

I saw several posts asking for reverse encryption (encrypt with
private key instead of public key) in .NET. I am having the same
question and wonder anybody has a good solution to it.

Basically, my client application generates a key pair and exports the
public key to server. The client application needs to encrypt a string
with the private key and send it to server. Server authenticates the
client after decrypts the stirng with the public key. It looks like a
very simple procedure but it seems impossible with the RSA encryption
provided by .NET. The Encrypt() method of RSACryptoServiceProvider
seems to do encryption with public key ONLY. It does use private key
to encrypt content when generating a signature though.

Does anybody have a solution to it? If .NET doesn't support it, is
there any way I can do it through Win32 CryptoAPI?


Thanks

James
 
Reply With Quote
 
 
 
 
Hernan de Lahitte
Guest
Posts: n/a
 
      02-26-2004
I don't know the value of this method for your business but certainly, from
a security perspective, it's value is null. Worst yet, its highly
"insecure". I wonder why you
don't create the key pair on the server side and send the public key to the
client, so he can use this key to encrypt the message (as normal practice)
and decrypt it on the server with it's private key. In the signature
scenario, the point is different because of the signature procedure nature
(see specs), this procedure DO need to be done by encrypting the hash with
the private key in order for the receiver to decrypt it with it's public
key, therefore achieving the "non-repudiation" key goal of the digital
signatures. The scenario you are describing applies to the signature case.


"James Chou" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi,
>
> I saw several posts asking for reverse encryption (encrypt with
> private key instead of public key) in .NET. I am having the same
> question and wonder anybody has a good solution to it.
>
> Basically, my client application generates a key pair and exports the
> public key to server. The client application needs to encrypt a string
> with the private key and send it to server. Server authenticates the
> client after decrypts the stirng with the public key. It looks like a
> very simple procedure but it seems impossible with the RSA encryption
> provided by .NET. The Encrypt() method of RSACryptoServiceProvider
> seems to do encryption with public key ONLY. It does use private key
> to encrypt content when generating a signature though.
>
> Does anybody have a solution to it? If .NET doesn't support it, is
> there any way I can do it through Win32 CryptoAPI?
>
>
> Thanks
>
> James



 
Reply With Quote
 
 
 
 
james chou
Guest
Posts: n/a
 
      02-27-2004
Thanks for your reply. As I understand, one way to authenticate a client
is to have server use client's public key to decrypt a token that is
encrypted with client's private key. That is exactly how a signature is
generated and verified except signature is generated by encrypting a
digest of a message. If a private key can be used to encrypt a digest of
a message, why can it be used to encrypt the message? I believe it is
technically possible. As matter of fact, I even found a well known
commercial PKI product that can do that. However, Windows cryptoAPI and
Java JCE(with default provider) don't provide this capability.

To keep the private key at server and distribute the public key to
clients doesn't seem to work. Every client can use the public key to
encrypt something and server will be able to decrypt it with no
problems. The server won't be able to tell which client is which unless
we have a keypair for each client. Since the public key is a public
information, everyone including unauthorized users can get it and use it
to access the server.

For my usage, looks like the signature will do it. However, I am
interested to the reason why reverse encryption is not provided in
Windows CryptoAPI and Java JCE.

Again, thanks for your information. Really appreciate that.



*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
Hernan de Lahitte
Guest
Posts: n/a
 
      02-27-2004
I agree with the singature scheme for your scenario. Regarding your question
about ecripting with the private key, I guess (IMO) the CAPI and JCE might
addere to the PKCS#1 standard
(ftp://ftp.rsasecurity.com/pub/pkcs/p...pkcs-1v2-1.pdf) and therefore
only permits to encript with the public key and decrypt with the private
key.

See section 7 of the above document.

7 Encryption schemes

For the purposes of this document, an encryption scheme consists of an
encryption operation and a decryption operation, where the encryption
operation produces a ciphertext from a message with a recipient's RSA public
key, and the decryption operation recovers the message from the ciphertext
with the recipient's corresponding RSA private key.



Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl



"james chou" <(E-Mail Removed)> wrote in message
news:%23Q8EHVN$(E-Mail Removed)...
> Thanks for your reply. As I understand, one way to authenticate a client
> is to have server use client's public key to decrypt a token that is
> encrypted with client's private key. That is exactly how a signature is
> generated and verified except signature is generated by encrypting a
> digest of a message. If a private key can be used to encrypt a digest of
> a message, why can it be used to encrypt the message? I believe it is
> technically possible. As matter of fact, I even found a well known
> commercial PKI product that can do that. However, Windows cryptoAPI and
> Java JCE(with default provider) don't provide this capability.
>
> To keep the private key at server and distribute the public key to
> clients doesn't seem to work. Every client can use the public key to
> encrypt something and server will be able to decrypt it with no
> problems. The server won't be able to tell which client is which unless
> we have a keypair for each client. Since the public key is a public
> information, everyone including unauthorized users can get it and use it
> to access the server.
>
> For my usage, looks like the signature will do it. However, I am
> interested to the reason why reverse encryption is not provided in
> Windows CryptoAPI and Java JCE.
>
> Again, thanks for your information. Really appreciate that.
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!



 
Reply With Quote
 
james chou
Guest
Posts: n/a
 
      02-27-2004
Hi,

Thank you for the link to the RSA document. I took a look at the
document and was convinced that CAPI and JCE must follow that standard
when implementing their encryption/decryption scheme. For folks that
really want to do reverse encryption (for whatever reasons), they just
have to look for something else.

Thanks for your information.

--James





*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
Johanna Espinosa
Guest
Posts: n/a
 
      06-01-2004
Hi, I have the same problem, I checked out the answer you received I would like to know how you resolved the problem finally. I need to reverse the keys because I would like to use it like an authentication method. My model depends of it

I would appreciate your help

Johanna Espinos

----- James Chou wrote: ----

Hi

I saw several posts asking for reverse encryption (encrypt wit
private key instead of public key) in .NET. I am having the sam
question and wonder anybody has a good solution to it

Basically, my client application generates a key pair and exports th
public key to server. The client application needs to encrypt a strin
with the private key and send it to server. Server authenticates th
client after decrypts the stirng with the public key. It looks like
very simple procedure but it seems impossible with the RSA encryptio
provided by .NET. The Encrypt() method of RSACryptoServiceProvide
seems to do encryption with public key ONLY. It does use private ke
to encrypt content when generating a signature though

Does anybody have a solution to it? If .NET doesn't support it, i
there any way I can do it through Win32 CryptoAPI


Thank

Jame

 
Reply With Quote
 
Hernan de Lahitte
Guest
Posts: n/a
 
      06-02-2004
Well, I dont' know if I'm missing something here but (IMO) I would call this
"verifying a digital signature" procedure. In this scenario, you sign (hash
and encrypt with private key) a kind of token and on the server side you
verify the signature with the client public key.
The .NET classes follow the PKCS1 standard and won't let you do "reverse
encryption" as you described.
On the other hand, I wonder if the main reason for this kind of unusual
scenario may be "confidentiality" that might give you this "reverse
encryption" strategy. As you may already know, if you use the public key to
decrypt the message, anybody with the public key (the term "public" is
crutial here) will be able to decrypt it as well.
So if you want to authenticate the client and to provide confidentiality at
the same time, you should use the already known and proven pratices and
protocols and leave this kind of hack out of you security knowledge bag.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.

"Johanna Espinosa" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hi, I have the same problem, I checked out the answer you received I would

like to know how you resolved the problem finally. I need to reverse the
keys because I would like to use it like an authentication method. My model
depends of it.
>
> I would appreciate your help,
>
> Johanna Espinosa
>
> ----- James Chou wrote: -----
>
> Hi,
>
> I saw several posts asking for reverse encryption (encrypt with
> private key instead of public key) in .NET. I am having the same
> question and wonder anybody has a good solution to it.
>
> Basically, my client application generates a key pair and exports the
> public key to server. The client application needs to encrypt a

string
> with the private key and send it to server. Server authenticates the
> client after decrypts the stirng with the public key. It looks like a
> very simple procedure but it seems impossible with the RSA encryption
> provided by .NET. The Encrypt() method of RSACryptoServiceProvider
> seems to do encryption with public key ONLY. It does use private key
> to encrypt content when generating a signature though.
>
> Does anybody have a solution to it? If .NET doesn't support it, is
> there any way I can do it through Win32 CryptoAPI?
>
>
> Thanks
>
> James
>



 
Reply With Quote
 
Johanna Espinosa
Guest
Posts: n/a
 
      06-04-2004
Thanks Hernan,

I'm agree with you that reverse encryption isn't the a good idea for
confidentiality but my problem is that funny me I have to propose a
model for component authentication (academic porpuse), right now I just
have a trivial idea but I would like your appreciation, do you have a
e-mail to write you, you can send it to http://www.velocityreviews.com/forums/(E-Mail Removed)

Any help will be appreciate,


Johanna Espinosa L.

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which hard drive encryption program has the strongest tested encryption & security? =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D=5B:::::::::::::::=BB?= Computer Security 6 02-20-2008 01:35 PM
Reverse engineering an EDIF file? Rastislav Struharik VHDL 8 01-02-2004 01:57 PM
Question on Cisco reverse Subnets James Roper Cisco 2 12-16-2003 10:37 PM
Stacks Queues Reverse Reverse Polish dogbite C++ 4 10-10-2003 05:06 AM
Re: AS5350 reverse telnet Aaron Leonard Cisco 0 07-09-2003 11:49 PM



Advertisments