how to decrypt an encrypted text using RSACryptoServiceProvider?

Question

I have encrypted a text using RSACryptoServiceProvider. I exported the public and private key. Obviously I just want to expose the public key inside the decoder application, so I have written a code as follows :

private const string PublicKey = "<RSAKeyValue><Modulus>sIzQmj4vqK0QPd7RXKigD7Oi4GKPwvIPoiUyiKJMGP0qcbUkRPioe2psE/d3c1a2NY9oj4Da2y1qetjvKKFad2QAhXuql/gPIb1WmI+f6q555GClvHWEjrJrD/ho7SLoHbWd6oY6fY609N28lWJUYO97RLVaeg2jfNAUSu5bGC8=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";

private string Decrypt()
        {
            byte[] encryptedKeyAsBytes = Convert.FromBase64String(_encryptedKey);
            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
            rsa.FromXmlString(PublicKey);
            // read ciphertext, decrypt it to plaintext
            byte[] plainBytes = rsa.Decrypt(encryptedKeyAsBytes, false);
            string plainText = System.Text.Encoding.ASCII.GetString(plainBytes);

            return plainText;
        }

But an exception is thrown at line "byte[] plainBytes = rsa.Decrypt(encryptedKeyAsBytes, false);" and says "Key does not exist." However if I expose the whole private and public key then it runns happily. So how can I decrypt the data using only the public key information?

Answer 1

The problem is that you're confusing encryption and signing.

Encryption is where anyone may write a message, but only the private key holder may read it. Signing is where anyone may read a message, but only the private key holder may write it.

When you call Decrypt, the RSACryptoServiceProvider is looking for encryption, that is, public write private read. Thus it looks for the private key.

You want to use the SignData and VerifyData functions to sign the payload so that people can't write it.

Answer 2

You can't - that is the point of public/private key encryption. The public does the encryption; the private does the decryption.

It sounds like you need some sort of key exchange pattern. For example; if your decoder application is trying to decrypt information from another data source (Source Application), I would implement something like this:

1. The Source Application generates a symmetric key, like AES.
2. The Decoder application generates a public and private key pair.
3. The Source Application asks the Decoder application for the public key.
4. The Source application encrypts the symmetric key using the public key, and sends it back to the Decoder application.
5. The Decoder application uses the private key to decrypt the symmetric key.
6. The Decoder application gets data encrypted with the symmetric key from the Source Application.
7. The Decoder Application uses the exchanged symmetric key to decrypt the information it received.

There is just an example; but illustrates the basics of how to exchange data between two applications without any sensitive information transmitted over the wire. The symmetric key is not required at all; but is a very common pattern because RSA starts to introduce problems when encrypting large amounts of information. RSA is better to just encrypt an symmetric encryption key instead.

Answer 3

The short answer is: you can't. To decrypt messages you need the private key, that's the major principle of asymmetric cryptography.

You encrypt messages using someone's public key so that only the person in possession of the corresponding private key is able to decrypt them.

That's why the public key is called public - you may safely distribute it to the public so that they can encrypt messages to be read by you who is the sole owner of the corresponding private key.