Public Key Crypto with Private Key Encryption
Question
I'm trying to implement the following in C#:
I want a Generator that internally houses a public-key encryption routine. It can take a byte array that's provided to it (usually by a Client described below) and encrypt it with its private key.
A Client has a public key that it shares with the Generator. It takes the result from the Generator and decrypts it using the public key. It takes the byte array that it initially provided to the Generator and compares the result to see if they line up. The idea is that if they match, it's able to verify with some degree of certainty that whoever generated the encrypted bytes possessed the private key. It's also able to verify that the specific encrypted value corresponds to the data it provided.
Most of the built-in C# public-key crypto libraries I'm seeing want to associate the private key with decryption (such as RSACryptoServiceProvider). I can see why, since a lot of scenarios involve protecting the decryption side of the process instead of the encryption. Are there any C# libraries that make protecting the encryption process straight forward? I've tried looking at Bouncy Castle all morning, but I'm having a difficult time getting it to work for even basic scenarios. The documentation leaves something to be desired...
Again, my main goal is to make sure that whatever produced the encryption possesses the private key. It's also necessary that the Client can make sure the Generator's result corresponds to its provided info. If there are alternative approaches that I'm missing that might conform better to available libraries, I'm all ears :)
1 answers
solution1
4 ACCPTED 2013-04-14 04:29:42
You write:
Again, my main goal is to make sure that whatever produced the encryption possesses the private key.
As mentioned by CodesInChaos you could properly use a signature to achieve this. Usually a signature is used to verify that some data are produced by somebody holding a certain private key, but here you can use it to verify the key holder himself. If you ask him to sign something you produced, you can check that he is in possession of the private key that corresponds to your public key by use of a signature check.
Signatures actually works by making a one-way-hash of some data, and then encrypting this hash using a private key. A public key can then be used to verify the signature, by decrypting the hash and compare it with a recalculated hash value of the data. Only a person possessing the private key, can make the encrypted version of the hash. Sort of what you intend to do in the first place.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.