Re: Decrypt RSA using D

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Rob Teixeira [MVP] (RobTeixeira_at_@msn.com)
Date: 05/26/04 

Date: Wed, 26 May 2004 19:06:09 -0400

OK, here's my understanding of it, though I have to admit that it's been a
long time since I've dealt with the guts of asymmetric (public key) ciphers,
RSA in particular.

P and Q are basically two really large prime numbers. From these, you
derrive E and M (the public key), and D (the private key). The other stuff
you might see (DP DQ InverseQ, etc) are probably just part of the equations
used to finally derrive the previous elements. Perhaps they are cached as a
time-saver in this case to avoid recalculations. The theory behind this is
that anyone with the public key (E & M) can encrypt a message, but only the
owner of the private key (D) can decrypt it. The public key is meant to be
shared out in the open, but the private key is meant to stay hidden in one
single place. In other words, you can never use the public key (E & M) to do
BOTH encryption AND decryption on the same message. If you could, this
wouldn't be very secure :-)

If you dig into the crypto api in windows (which is actually used under the
covers by RSACRyptoServiceProvider), it assumes that the private key is
always embedded inside the CSP key container and never passed out into the
world. You can export a key blob containing the private key for backup and
key escrow purposes, but under normal circumstances, it should just stay put
in the machine's CSP key container. Therefore, when you generate a
public/private key pair, you are only really sharing the public key outside
of this one key container. That means other people will be encrypting
messages that only you can decrypt. Conversely, you'll need someone else's
public key sent to you so you can encrypt messages that only they can
decrypt, because their private key never leaves their CSP key container.

In order to maintain the keys between object lifetime sessions, you'll need
to set the CSPParameters in the RSACryptoServiceProvider constructor (use a
named key container is always best so you don't accidentally mess up keys in
the default container), and make sure to set PersistKeyToCSP to True. Now
this one machine's key container will have a static (stored) key pair. Every
time you create a new instance of the RSACryptoServiceProvider and use the
same CSPParameters, it will automatically load all the private key bits from
the CSP key container that was last saved in it. If no such key exists, a
new random key pair is generated.

You can now export the Public key by calling either ExportParameters(False)
or ToXML(False). Another machine can then import the public key to a temp
RSACryptoServiceProvider instance (PersistKeyInCsp = false) and encrypt a
message, send that message to you, and your instance of
RSACryptoServiceProvider can decrypt it.

At any rate, it's typically a bad idea to encrypt data with RSA. With a 1024
bit key, you can only deal with about 118 bytes of data max, not to mention
it's nearly 1000 times slower than Block Ciphers (symmetric encryption).
Larger RSA keys will just send your performance into oblivion. I usually
just use RSA to do (symmetric session) Key Exchanges and Digital Signatures,
which is pretty much what it was intended for. For bulk data encryption, I
use Rijndael (AES).

Hope that helps,

-Rob Teixeira [MVP]

"HeatherW" <anonymous@discussions.microsoft.com> wrote in message
news:309279E2-3C44-4134-9EE4-93E9BC0D74C6@microsoft.com...
> Hi, I was wondering if there was a way to decrypt something using the
RSACryptoServiceProvider class if you only know the modulus, exponent and d
parameters? Theoretically, this is all the algorithm needs, as far as I
understand it, but when I try to create the class using just these
parameters I get a 'bad key' exception. Why does it seem that to decrypt
something the class needs P, Q (which should be discarded after key
creation) along with the other parameters that are generated when you export
a private key? Encrypting with just modulus and exponent works fine, it's
just the decryption side that is causing me problems.
>
> Any help would be greatly appreciated,
>
> Heather
>
>

Relevant Pages

  • Re: More on learning "Public Key Authentication"
    ... let me say that in public key ... >> encrypt the result with Alice's public key. ... >> is sent to Alice who decrypts the message with her private key (which ... > encrypted with my private key and they can then decrypt it with the ...
    (comp.sys.mac.system)
  • [OT] Re: Basic question about Public Private Key Pairs
    ... > and private keys allow me to decrypt, but vice versa is not possible (or ... a public key and a corresponding private key. ... You can encrypt something with each key; ...
    (microsoft.public.dotnet.security)
  • Re: private to public decrypt now working
    ... would have the private key, all vice presidents would have a public key. ... All vice's could encrypt and only president could decrypt. ...
    (microsoft.public.dotnet.security)
  • Re: Encrypting a public Key
    ... The fact that you are bothering to encrypt this data tells me that you want ... look for the public key of the partner machine. ... Use the public key to decrypt the signature. ... > 4) To decrypt the file, the client computer simply uses it's ClientKey ...
    (microsoft.public.dotnet.framework)
  • Re: RSACryptoServiceProvider - Decrypting then Encrypting
    ... encrypt a message using the PRIVATE key and decrypt using the PUBLIC ... My own reasons for doing this are because I want to be able to encrypt ... a string that can only be decrypted using the public key that I ...
    (microsoft.public.dotnet.framework.aspnet.security)