Re: Asymmetric Encryption

---

• From: "Karl Seguin [MVP]" <karlremove@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 16 Jan 2007 09:14:18 -0500

---

Yes, instances of the RSACryptoServiceProvider have methods, such as ToXmlString() which'll export your keys to a Base64 hex values. You can specify if you want to export both your private key and public key. ONce you have the XML, it's pretty plain to see which is which (it's like <encryption><privateKey>...</privateKey><publicKey>....</publicKey></encryption> or something).

Karl

--
http://www.openmymind.net/
http://www.fuelindustries.com/


"pintu" <priyabratabehera@xxxxxxxxx> wrote in message news:1168922923.256405.136280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thanks Karl..Really ur posting will help me in lot..
But still one doubt that..
*how the keys get generated.means we use some methods of
RSACryptoProvider class or not ?and how to know which one is private
and which one is public key. and how to work on them.

Thanks
Priyabrata



Karl Seguin [MVP] wrote:

Asymetric encryption tends to be very good to encrypt short messages. With
this in mind, let me explain to you how WE use it. We use asymetric
encryption to securely exchange a symetric private key.

- The client (we aren't necessarily speaking a web browser), generates a
private key and a public key.
- The client sends the PUBLIC key to the server.
- The server generates a message (in our case it's a random symetric key)
and encrypts it using the PUBLIC key it got from the client
- The server sends the encrypted message
- The client uses it's PRIVATE key to decode the message
- The client and server now have a private SYMETRIC key

As you can see, the asymetric private key is NEVER sent over the wire. Only
the client (which generates it) knows it. Only the PUBLIC key is sent over
the wire (in plain text). The public key is then used by the server to
encrypt a short message. This method let's us establish a secure private key
for symetric encryption (which can do long messages).

With the public key, anyone can create an encrypted message, but only the
private key can be used to decrypt it.

This kind of exchange I explained is pretty typical, but it's still open to
a man in the middle attack. That is, when the client sends it's public key,
someone in the middle could intercept it. Then that person could create
his/her own public/private key and send THAT public key to the server. The
server (who has no way of knowing this) uses the fake public key and
encrypts the message and sends it back. The man in the middle gets THAT
message, decrypts it (since it was his public key used to encrypt it, so he
has the private key) and now has the secret message.

Things like SSL have an extra layer that help prevent man in the middle, but
that's another discussion..

Karl
--
http://www.openmymind.net/
http://www.fuelindustries.com/


"pintu" <priyabratabehera@xxxxxxxxx> wrote in message
news:1168865834.389736.294180@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hello everybody..
>
> I hav some confusion regarding asymmetric encryption.As asymmetric
> encryption it there is one private key and one public key.So any data
> is encrypted using private key and the same is decrypted at client side
> using public key and vice-versa..Now i hav confusion like i.e.
>
> * Are both the keys available to both sender and receiver.?
> * When data is encrypted using public key ,Is the same data decrypted
> using private key( at client side).?
> * How the keys are send to the client/receiver of message..I mean are
> they assigned to browsers or they are validated or send depending on
> login id/password of a user.?
> *If possible kindly explain (in-short) the whole process of assymetric
> encryption.!!!plz
>
> Thanks & Regards
> Priyabrata
>

.

---

• References:
  • Asymmetric Encryption
    • From: pintu
  • Re: Asymmetric Encryption
    • From: Karl Seguin [MVP]
  • Re: Asymmetric Encryption
    • From: pintu

• Prev by Date: Re: Slow page load due to viewstate
• Next by Date: Authentication Forms and CSS-File
• Previous by thread: Re: Asymmetric Encryption
• Next by thread: Adding custom application installable as the pre-requisite in VS2005 deployement project
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: PGP scripting... ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ... (SecProg) Re: RSACryptoServiceProvider decrypt with public key ... private key which my programs could decipher using a public key I've ... But since private key encryption and public key decryption isn't ... > If Alice gives Bob her public key, ... (microsoft.public.dotnet.security) RE: PGP scripting... ... that you keep the private key secret. ... Here is a quick over view of the public key encryption routines (the ... Since only he, through the use of his private key, can decrypt the ... (SecProg) RE: Cannot decrypt files encrypted using Crypto API on a different ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ... (microsoft.public.platformsdk.security) RE: PGP scripting... ... In addition to being confused about arbitrary asymmetry in RSA cryptography ... Microsoft .NET, for example, defines a private key as inclusive of its ... .NET Framework includes the public key. ... As for encryption speed, encryption transformations with a public key ... (SecProg)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.aspnet  > 2007-01