是否可以使用.net RSACryptoServiceProvider使用私钥加密？

Question

I know that RSACryptoServiceProvider can encrypt with the public key, then it can be decrypted with the private key.

Is it possible to encrypt with the private key and decrypt with the public key using the RSACryptoServiceProvider ?

Answer 1

Just to clear things up a bit:

RSA can be used either for encryption (ensuring that Eve cannot read messages that Alice sends to Bob) or for signing (ensuring that if Alice sends a message to Bob, Bob knows that it was actually Alice that sent the message, and not Eve pretending to be Alice)

RSA generates a pair of keys - a public key and a private key. RSA is designed so that if you apply the public key and then apply the private key, or vice versa, you will get the same message back. And the public key can be derived from the private key, but the opposite is impossible.

To use RSA for encryption, Alice encrypts the message using Bob's public key. The only way to read this message is with Bob's private key, which only he has. Thus Eve can't read the message because he does not have this key. On the other hand, this provides no authentication of the source of the message. Eve can also get Bob's public key (since it's public) and send messages to Bob, pretending to be Alice.

To use RSA for signing, Alice takes a hash of the message, encrypts the hash using her own private key, and appends the result (this is the signature) to the message. Eve can of course still decrypt this using Alice's public key. However, Bob can decrypt the signature using Alice's public key and see if it matches. If it does, it must have been encrypted using Alice's private key, which only she has, so it must have come from Alice.

---

Now, I'm not familiar with the .NET cryptography API, so I'm not sure if it works exactly as described here. But this explanation might help you understand some of the answers you are getting.

Answer 2

EDIT: I should preface this answer by saying that the specific .NET RSACyrptoServiceProvider likely will not support this, due the cargo cult "knowledge" that this is impossible or the more pragmatic knowledge that this is rarely useful to do in practice.

ORIGINAL:

Everyone claiming that there is no such thing either doesn't know how RSA works, or they are stuck in the "signing" rut.

It is entirely possible, and makes complete sense, to encrypt with the private key. Yes, this is similar to signing, but this is NOT at all what most modern libraries take as signing. To them, this means computing a message digest, or HMAC, and encrypting with the private key. Likening encryption with the private key to signing makes just as much sense as saying that sticking a document in a safe, and leaving the key lying around, is a stand-in for signing the document.

Yes, it IS encrypting, because its the same operation. The private-key encrypted ciphertext is just as illegible as the public-key encrypted ciphertext; one needs both keys to decrypt the ciphertext.

See http://fringe.davesource.com/Fringe/Crypt/RSA/Algorithm.html for reference on the RSA algorithm.

Answer 3

Performing the raw RSA operation with the private key is usually called the decryption operation (just as performing it with the public key is called the encryption operation).

It is useful to have access to this operation - for example to implement an operation that is not supported by the framework.

The operation exists: it is the DecryptValue -method, which is defined by RSACryptoServiceProvider's base-class: System.Security.Cryptography.RSA . Unfortunately, it is not supported by RSACryptoServiceProvider (since the underlying win32-api, CryptoAPI, does not support it). If you could get hold of another .NET-implementation of the RSA-class, you would be able to do it, however.

Answer 4

Fortunately no. You can however sign with the private key and verify the signature with the public key.

While the math involve makes sense when the key roles are reversed (and this is how signatures work), encrypting for privacy doesn't make much sense when the decryption key is well know and public.

Answer 5

You can do both; encrypt with private and decypt with public, OR, encrypt with public and decrypt with private. You can not encrypt then decrypt with private key only, nor can you do the same with public keys alone.

Remus nailed it; encrypting with the private key doesn't make much sense when the decryption key is well know and public.

Also, you can derive the public key from the private key, but not vice versa.

Answer 6

You can both encrypt and decrypt with PrivateKey. PrivateKey infact contains both Private and PublicKey.

Theoretically at least you can encrypt with PublicKey and decrypt with PrivateKey and vice-versa. In VB.net I see the first case works and secondcase throws BadKey error

Answer 7

This is what I understand RSA signature.

pseudo code:

First Alice made a signature:

alice_signature = encrypt(alice_message, alice_private_key)

Then Bob Eve... (anyone who having alice_public_key ) verify the signature:

decrypted_message = decrypt(alice_signature, alice_public_key)

To confirm:

if(received_message_from_alice == decrypted_message)
  the signature proved the message is from alice

Answer 8

No. That's not how any public/private key encryption works. You can only encrypt with the public key, and only decrypt with the private key.

If you want to apply the private key to a message, maybe you're looking for a signature , rather than encryption? This is a different cryptographic scheme that can also use RSA keys.

Answer 9

The security of public key cryptosystems rests on the fact that the sign()/encrypt() function is a one-way function in that it would take an infeasible amount of time to decrypt it without the public key "trap-door".

Also, usually the generated keys are not the same length, although they could be. There is a lot of papers about asymmetric key length with RSA.