Re: Decrypt RSA using D

From: HeatherW (anonymous_at_discussions.microsoft.com)
Date: 05/28/04

• Next message: Ken Allen: "Re: Log Event Category"
• Previous message: Mike: "Compact Framework: https through proxy server"
• In reply to: Rob Teixeira [MVP]: "Re: Decrypt RSA using D"
• Messages sorted by: [ date ] [ thread ]

Date: Fri, 28 May 2004 07:16:02 -0700

Thanks for your detailed reply. I do understand how RSA encryption works, which is why I found it odd that you could not create (or reconstitute) a private key unless you supplied P, Q, etc. Because the algorithm specifically states that after E, M and D are generated, P and Q should be discarded. I did have the class working fine when it was retrieving keys from the CSP container. I was just trying to play around with different scenarios. I guess it's a limitation with the underlying Windows Cryptographic API.

We are planning on using RSA with WSE, so it only uses RSA to encrypt the symmetric key used for the SOAP body--the same scenario you outlined below.
     
Thanks again,

Heather

     ----- Rob Teixeira [MVP] wrote: -----
     
     OK, here's my understanding of it, though I have to admit that it's been a
     long time since I've dealt with the guts of asymmetric (public key) ciphers,
     RSA in particular.
     
     P and Q are basically two really large prime numbers. From these, you
     derrive E and M (the public key), and D (the private key). The other stuff
     you might see (DP DQ InverseQ, etc) are probably just part of the equations
     used to finally derrive the previous elements. Perhaps they are cached as a
     time-saver in this case to avoid recalculations. The theory behind this is
     that anyone with the public key (E & M) can encrypt a message, but only the
     owner of the private key (D) can decrypt it. The public key is meant to be
     shared out in the open, but the private key is meant to stay hidden in one
     single place. In other words, you can never use the public key (E & M) to do
     BOTH encryption AND decryption on the same message. If you could, this
     wouldn't be very secure :-)
     
     If you dig into the crypto api in windows (which is actually used under the
     covers by RSACRyptoServiceProvider), it assumes that the private key is
     always embedded inside the CSP key container and never passed out into the
     world. You can export a key blob containing the private key for backup and
     key escrow purposes, but under normal circumstances, it should just stay put
     in the machine's CSP key container. Therefore, when you generate a
     public/private key pair, you are only really sharing the public key outside
     of this one key container. That means other people will be encrypting
     messages that only you can decrypt. Conversely, you'll need someone else's
     public key sent to you so you can encrypt messages that only they can
     decrypt, because their private key never leaves their CSP key container.
     
     In order to maintain the keys between object lifetime sessions, you'll need
     to set the CSPParameters in the RSACryptoServiceProvider constructor (use a
     named key container is always best so you don't accidentally mess up keys in
     the default container), and make sure to set PersistKeyToCSP to True. Now
     this one machine's key container will have a static (stored) key pair. Every
     time you create a new instance of the RSACryptoServiceProvider and use the
     same CSPParameters, it will automatically load all the private key bits from
     the CSP key container that was last saved in it. If no such key exists, a
     new random key pair is generated.
     
     You can now export the Public key by calling either ExportParameters(False)
     or ToXML(False). Another machine can then import the public key to a temp
     RSACryptoServiceProvider instance (PersistKeyInCsp = false) and encrypt a
     message, send that message to you, and your instance of
     RSACryptoServiceProvider can decrypt it.
     
     At any rate, it's typically a bad idea to encrypt data with RSA. With a 1024
     bit key, you can only deal with about 118 bytes of data max, not to mention
     it's nearly 1000 times slower than Block Ciphers (symmetric encryption).
     Larger RSA keys will just send your performance into oblivion. I usually
     just use RSA to do (symmetric session) Key Exchanges and Digital Signatures,
     which is pretty much what it was intended for. For bulk data encryption, I
     use Rijndael (AES).
     
     Hope that helps,
     
     -Rob Teixeira [MVP]
     
     
     "HeatherW" <anonymous@discussions.microsoft.com> wrote in message
     news:309279E2-3C44-4134-9EE4-93E9BC0D74C6@microsoft.com...
> Hi, I was wondering if there was a way to decrypt something using the
     RSACryptoServiceProvider class if you only know the modulus, exponent and d
     parameters? Theoretically, this is all the algorithm needs, as far as I
     understand it, but when I try to create the class using just these
     parameters I get a 'bad key' exception. Why does it seem that to decrypt
     something the class needs P, Q (which should be discarded after key
     creation) along with the other parameters that are generated when you export
     a private key? Encrypting with just modulus and exponent works fine, it's
     just the decryption side that is causing me problems.
>> Any help would be greatly appreciated,
>> Heather
>>

• Next message: Ken Allen: "Re: Log Event Category"
• Previous message: Mike: "Compact Framework: https through proxy server"
• In reply to: Rob Teixeira [MVP]: "Re: Decrypt RSA using D"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint