具有私钥加密的公钥加密
[英]Public Key Crypto with Private Key Encryption
问题描述
I'm trying to implement the following in C#: 
我正在尝试在C#中实现以下内容:
I want a Generator that internally houses a public-key encryption routine. 我想要一个内部包含公钥加密例程的生成器。 It can take a byte array that's provided to it (usually by a Client described below) and encrypt it with its private key. 它可以采用提供给它的字节数组(通常由下面描述的客户端),并使用其私钥对其进行加密。
A Client has a public key that it shares with the Generator. 客户具有与生成器共享的公共密钥。 It takes the result from the Generator and decrypts it using the public key. 它从生成器获取结果,并使用公共密钥对其进行解密。 It takes the byte array that it initially provided to the Generator and compares the result to see if they line up. 它采用最初提供给Generator的字节数组,并比较结果以查看它们是否对齐。 The idea is that if they match, it's able to verify with some degree of certainty that whoever generated the encrypted bytes possessed the private key. 这个想法是,如果它们匹配,则可以一定程度地验证生成加密字节的人是否拥有私钥。 It's also able to verify that the specific encrypted value corresponds to the data it provided. 它还能够验证特定的加密值是否与其提供的数据相对应。
Most of the built-in C# public-key crypto libraries I'm seeing want to associate the private key with decryption (such as RSACryptoServiceProvider). 我看到的大多数内置C#公钥加密库都希望将私钥与解密相关联(例如RSACryptoServiceProvider)。 I can see why, since a lot of scenarios involve protecting the decryption side of the process instead of the encryption. 我明白了为什么,因为很多情况涉及保护过程的解密端而不是加密。 Are there any C# libraries that make protecting the encryption process straight forward? 是否有任何C#库可以直接保护加密过程? I've tried looking at Bouncy Castle all morning, but I'm having a difficult time getting it to work for even basic scenarios. 我整个上午都在尝试查看Bouncy Castle,但要在基本情况下都无法使用它,我却很难。 The documentation leaves something to be desired... 该文档还有一些不足之处...
Again, my main goal is to make sure that whatever produced the encryption possesses the private key. 同样,我的主要目标是确保加密产生的任何东西都具有私钥。 It's also necessary that the Client can make sure the Generator's result corresponds to its provided info. 客户还必须确保生成器的结果与其提供的信息相对应。 If there are alternative approaches that I'm missing that might conform better to available libraries, I'm all ears :) 如果我缺少其他可能更好地适合可用库的替代方法,我将不胜枚举:)
1 个解决方案
解决方案1
4 已采纳 2013-04-14 04:29:42
You write: 你写:
Again, my main goal is to make sure that whatever produced the encryption possesses the private key.
As mentioned by CodesInChaos you could properly use a signature to achieve this. 如CodesInChaos所述,您可以正确使用签名来实现此目的。 Usually a signature is used to verify that some data are produced by somebody holding a certain private key, but here you can use it to verify the key holder himself. 通常,签名用于验证持有某些私钥的人产生的某些数据,但是在这里您可以使用它来验证密钥持有者本人。 If you ask him to sign something you produced, you can check that he is in possession of the private key that corresponds to your public key by use of a signature check. 如果您要求他对自己生产的东西进行签名,则可以使用签名检查来检查他是否拥有与您的公钥相对应的私钥。
Signatures actually works by making a one-way-hash of some data, and then encrypting this hash using a private key. 签名实际上是通过对某些数据进行单向哈希处理,然后使用私钥对该哈希进行加密来工作的。 A public key can then be used to verify the signature, by decrypting the hash and compare it with a recalculated hash value of the data. 然后,可以通过解密散列并将其与重新计算的数据散列值进行比较,使用公钥来验证签名。 Only a person possessing the private key, can make the encrypted version of the hash. 只有拥有私钥的人才能制作哈希的加密版本。 Sort of what you intend to do in the first place. 首先,您打算做什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.