Reputation: 532
Decrypt data using an RSA public key
First off, that is not a typo, I want to decrypt using a public key. The purpose for doing this is to challenge a third party to ensure they do, in fact, have the private key that corresponds to the public key. Basically, I would send some random data, they would encrypt it with their private key, I would decrypt it using the public key and compare the decrypted value to the random data that I sent. I believe this is a pretty standard procedure in public key crypto but for some reason decrypting with a public key seems to be taboo.
I am simply using the RSACryptoServiceProvider in .NET 2.0. However, when I call Decrypt it throws a CryptographicException with message Bad Key. The key is not bad (I can Encrypt with no problem), but it appears as though it will not let me decrypt with just the public key. What gives? This must be possible to do.
Upvotes: 2
Views: 2292
Answers (3)
Reputation: 1437
Per Raj, the key you've been provided with probably isn't marked for exchange.
Ask the party who provided the public key how they generated it. If using makecert.exe, they'll need to specify "-sky Exchange". Without this, you can only use the key for signing and authentication, not encryption/decryption which is the use case you're implementing here.
Upvotes: 0
Reputation: 1163
These .Net classes should be a wrapper of the crypto API.
There are two types of keys in crypto API. Crypto API is a wrapper around PKCS#11. When you generate a key pair using Microsoft cryptographic service provider, you get AT_EXCHANGE AND AT_SIGNATURE keys. Every key is generated based on some attributes defined in PKCS#11 standard..
AT_EXCHANGE keys Attributes:
wrap/unwrap = true
sign/verify = true
encrypt/decrypt = false
AT_SIGNATURE keys Attributes:
wrap/unwrap = false
sign/verify = true
encrypt/decrypt = false
So basically, when you are exchaning data, you are essentially performing a wrapping/unwrapping function. This is what Microsoft calls it as AT_EXCHANGE. This is primarily used to exchange secrete/symmetric keys and not used to echange huge amounts of data.
So you need to go back and find out which key you chose to EITHER sign / wrap your dat.
Upvotes: 0
Reputation: 284786
I think the recognized term is signing. They sign with the private key, and you verify with the public key. I admit I don't understand the low-level math as well as I should, but my understanding is signing is really just encrypting with the private key.
Use RSACryptoServiceProvider's sign and verify family of methods. In fact, SignHash actually says, "encrypting it with the private key."
Upvotes: 7
Related Questions
- public key RSA encrption in dotnet c#
- How to encrypt with private key and decrypt with public key in c# RSA
- Encrypting Data using RSA Public and Private Key in C#
- How to decrypt data with public key
- C# - Encrypting and Decrypting Data using RSA
- RSA: Using public key for decryption in .NET?
- RSA Encrypt with Public Key
- Decryption using the public key
- How to import a Public Key into RSA For decryption
- Encrypting Data with RSA in .NET