Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

I'm not sure I understand what you're asking for. Doesn't everyone have the
public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to sign
a plain-text message and spoof the producer's identity, provide a signature.

--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press



"Andy Chau" <wunchun@hotmai l.com> wrote in message
news:uFuj5qeiDH A.2536@TK2MSFTN GP10.phx.gbl...[color=blue]
> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> Sever encrypt a message using a public key, the client decrpyt the message
> using a private key.
>
> I don't want the client to be able to encrypt a message.
>
> However, using the Crypto API I need to pass in both the private and[/color]
public[color=blue]
> key pairs in order to decrypt the message.
> When the client has both private and public key, it can just use the[/color]
public[color=blue]
> key to encrypt the message which is what I don't want to allow.
>
> Does anyone know if there is any asymmetric crypto API to implmenet this
> scheme?
>
> Thanks very much in advance,
>
> Andy
>
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

"Andy Chau" <wunchun@hotmai l.com> wrote in message news:uFuj5qeiDH A.2536@TK2MSFTN GP10.phx.gbl...[color=blue]
> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> When the client has both private and public key, it can just use the public
> key to encrypt the message which is what I don't want to allow.[/color]

Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).

You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)

Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)

Think of it ... encrypted malicious spam .. the next frontier of maluse.

- Michel Gallant
Security Visual MVP

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

"Andy Chau" <wunchun@hotmai l.com> wrote in message news:uFuj5qeiDH A.2536@TK2MSFTN GP10.phx.gbl...[color=blue]
> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> When the client has both private and public key, it can just use the public
> key to encrypt the message which is what I don't want to allow.[/color]

Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).

You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)

Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)

Think of it ... encrypted malicious spam .. the next frontier of maluse.

- Michel Gallant
Security Visual MVP

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

"Andy Chau" <wunchun@hotmai l.com> wrote in message[color=blue]
> When the client has both private and public key, it can just use the[/color]
public[color=blue]
> key to encrypt the message which is what I don't want to allow.[/color]

With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.

Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

"Andy Chau" <wunchun@hotmai l.com> wrote in message[color=blue]
> When the client has both private and public key, it can just use the[/color]
public[color=blue]
> key to encrypt the message which is what I don't want to allow.[/color]

With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.

Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

That is true, but you can say the same for being able to compute the private
key using the public key.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

Thanks in advance

Andy

"Pieter Philippaerts" <Pieter@nospam. mentalis.org> wrote in message
news:ec$CDvhiDH A.2452@TK2MSFTN GP10.phx.gbl...[color=blue]
> "Andy Chau" <wunchun@hotmai l.com> wrote in message[color=green]
> > When the client has both private and public key, it can just use the[/color]
> public[color=green]
> > key to encrypt the message which is what I don't want to allow.[/color]
>
> With RSA, anyone that has access to the private key can compute the public
> key from that. Hence it is impossible to only give your client access to[/color]
the[color=blue]
> private key but not to the public key.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

That is true, but you can say the same for being able to compute the private
key using the public key.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

Thanks in advance

Andy

"Pieter Philippaerts" <Pieter@nospam. mentalis.org> wrote in message
news:ec$CDvhiDH A.2452@TK2MSFTN GP10.phx.gbl...[color=blue]
> "Andy Chau" <wunchun@hotmai l.com> wrote in message[color=green]
> > When the client has both private and public key, it can just use the[/color]
> public[color=green]
> > key to encrypt the message which is what I don't want to allow.[/color]
>
> With RSA, anyone that has access to the private key can compute the public
> key from that. Hence it is impossible to only give your client access to[/color]
the[color=blue]
> private key but not to the public key.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

"Andy Chau" <wunchun@hotmai l.com> wrote in message news:ui2E9iriDH A.2400@TK2MSFTN GP11.phx.gbl...[color=blue]
> That is true, but you can say the same for being able to compute the private
> key using the public key.[/color]

Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch



[color=blue]
> Andy
>
> "Pieter Philippaerts" <Pieter@nospam. mentalis.org> wrote in message
> news:ec$CDvhiDH A.2452@TK2MSFTN GP10.phx.gbl...[color=green]
> > "Andy Chau" <wunchun@hotmai l.com> wrote in message[color=darkred]
> > > When the client has both private and public key, it can just use the[/color]
> > public[color=darkred]
> > > key to encrypt the message which is what I don't want to allow.[/color]
> >
> > With RSA, anyone that has access to the private key can compute the public
> > key from that. Hence it is impossible to only give your client access to[/color]
> the[color=green]
> > private key but not to the public key.
> >
> > Regards,
> > Pieter Philippaerts
> > Managed SSL/TLS: http://www.mentalis.org/go.php?sl
> >
> >[/color]
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

"Andy Chau" <wunchun@hotmai l.com> wrote in message news:ui2E9iriDH A.2400@TK2MSFTN GP11.phx.gbl...[color=blue]
> That is true, but you can say the same for being able to compute the private
> key using the public key.[/color]

Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch



[color=blue]
> Andy
>
> "Pieter Philippaerts" <Pieter@nospam. mentalis.org> wrote in message
> news:ec$CDvhiDH A.2452@TK2MSFTN GP10.phx.gbl...[color=green]
> > "Andy Chau" <wunchun@hotmai l.com> wrote in message[color=darkred]
> > > When the client has both private and public key, it can just use the[/color]
> > public[color=darkred]
> > > key to encrypt the message which is what I don't want to allow.[/color]
> >
> > With RSA, anyone that has access to the private key can compute the public
> > key from that. Hence it is impossible to only give your client access to[/color]
> the[color=green]
> > private key but not to the public key.
> >
> > Regards,
> > Pieter Philippaerts
> > Managed SSL/TLS: http://www.mentalis.org/go.php?sl
> >
> >[/color]
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

Hi Mikey,

What I want is a scheme to use two set of keys for encryption/decryption.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.

I am wondering if there is such alg out there that can implement this
scheme.

Thanks

Andy

"Mickey Williams" <my first name at servergeek.com> wrote in message
news:Od$x3JgiDH A.1796@TK2MSFTN GP10.phx.gbl...[color=blue]
> I'm not sure I understand what you're asking for. Doesn't everyone have[/color]
the[color=blue]
> public key? Isn't its public availablility the very essence of asymmetric
> encryption? If you're worried that an arbitrary client might be able to[/color]
sign[color=blue]
> a plain-text message and spoof the producer's identity, provide a[/color]
signature.[color=blue]
>
> --
> Mickey Williams
> Author, "Microsoft Visual C# .NET Core Reference", MS Press
> www.servergeek.com
>
>
> "Andy Chau" <wunchun@hotmai l.com> wrote in message
> news:uFuj5qeiDH A.2536@TK2MSFTN GP10.phx.gbl...[color=green]
> > I try to use RSA to implement the following scheme but wasn't sucessful.
> >
> > Sever encrypt a message using a public key, the client decrpyt the[/color][/color]
message[color=blue][color=green]
> > using a private key.
> >
> > I don't want the client to be able to encrypt a message.
> >
> > However, using the Crypto API I need to pass in both the private and[/color]
> public[color=green]
> > key pairs in order to decrypt the message.
> > When the client has both private and public key, it can just use the[/color]
> public[color=green]
> > key to encrypt the message which is what I don't want to allow.
> >
> > Does anyone know if there is any asymmetric crypto API to implmenet this
> > scheme?
> >
> > Thanks very much in advance,
> >
> > Andy
> >
> >
> >[/color]
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

Hi Mikey,

What I want is a scheme to use two set of keys for encryption/decryption.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.

I am wondering if there is such alg out there that can implement this
scheme.

Thanks

Andy

"Mickey Williams" <my first name at servergeek.com> wrote in message
news:Od$x3JgiDH A.1796@TK2MSFTN GP10.phx.gbl...[color=blue]
> I'm not sure I understand what you're asking for. Doesn't everyone have[/color]
the[color=blue]
> public key? Isn't its public availablility the very essence of asymmetric
> encryption? If you're worried that an arbitrary client might be able to[/color]
sign[color=blue]
> a plain-text message and spoof the producer's identity, provide a[/color]
signature.[color=blue]
>
> --
> Mickey Williams
> Author, "Microsoft Visual C# .NET Core Reference", MS Press
> www.servergeek.com
>
>
> "Andy Chau" <wunchun@hotmai l.com> wrote in message
> news:uFuj5qeiDH A.2536@TK2MSFTN GP10.phx.gbl...[color=green]
> > I try to use RSA to implement the following scheme but wasn't sucessful.
> >
> > Sever encrypt a message using a public key, the client decrpyt the[/color][/color]
message[color=blue][color=green]
> > using a private key.
> >
> > I don't want the client to be able to encrypt a message.
> >
> > However, using the Crypto API I need to pass in both the private and[/color]
> public[color=green]
> > key pairs in order to decrypt the message.
> > When the client has both private and public key, it can just use the[/color]
> public[color=green]
> > key to encrypt the message which is what I don't want to allow.
> >
> > Does anyone know if there is any asymmetric crypto API to implmenet this
> > scheme?
> >
> > Thanks very much in advance,
> >
> > Andy
> >
> >
> >[/color]
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

Yes, you are right.

That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?

Thanks

Andy

"Michel Gallant" <neutron@nspxis tar.ca> wrote in message
news:OmfVR3siDH A.1672@TK2MSFTN GP09.phx.gbl...[color=blue]
> "Andy Chau" <wunchun@hotmai l.com> wrote in message[/color]
news:ui2E9iriDH A.2400@TK2MSFTN GP11.phx.gbl...[color=blue][color=green]
> > That is true, but you can say the same for being able to compute the[/color][/color]
private[color=blue][color=green]
> > key using the public key.[/color]
>
> Not TRUE at all .. when you have the public key, you only have the product
> of the 2 private primes which does not give you the private key (except by
> some massive unrealizable brute force effort).
> With private key, you a priori have the 2 primes, and simply multiply them
> to get the public key ... totally different.
> - Mitch
>
>
>
>[color=green]
> > Andy
> >
> > "Pieter Philippaerts" <Pieter@nospam. mentalis.org> wrote in message
> > news:ec$CDvhiDH A.2452@TK2MSFTN GP10.phx.gbl...[color=darkred]
> > > "Andy Chau" <wunchun@hotmai l.com> wrote in message
> > > > When the client has both private and public key, it can just use the
> > > public
> > > > key to encrypt the message which is what I don't want to allow.
> > >
> > > With RSA, anyone that has access to the private key can compute the[/color][/color][/color]
public[color=blue][color=green][color=darkred]
> > > key from that. Hence it is impossible to only give your client access[/color][/color][/color]
to[color=blue][color=green]
> > the[color=darkred]
> > > private key but not to the public key.
> > >
> > > Regards,
> > > Pieter Philippaerts
> > > Managed SSL/TLS: http://www.mentalis.org/go.php?sl
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

Yes, you are right.

That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?

Thanks

Andy

"Michel Gallant" <neutron@nspxis tar.ca> wrote in message
news:OmfVR3siDH A.1672@TK2MSFTN GP09.phx.gbl...[color=blue]
> "Andy Chau" <wunchun@hotmai l.com> wrote in message[/color]
news:ui2E9iriDH A.2400@TK2MSFTN GP11.phx.gbl...[color=blue][color=green]
> > That is true, but you can say the same for being able to compute the[/color][/color]
private[color=blue][color=green]
> > key using the public key.[/color]
>
> Not TRUE at all .. when you have the public key, you only have the product
> of the 2 private primes which does not give you the private key (except by
> some massive unrealizable brute force effort).
> With private key, you a priori have the 2 primes, and simply multiply them
> to get the public key ... totally different.
> - Mitch
>
>
>
>[color=green]
> > Andy
> >
> > "Pieter Philippaerts" <Pieter@nospam. mentalis.org> wrote in message
> > news:ec$CDvhiDH A.2452@TK2MSFTN GP10.phx.gbl...[color=darkred]
> > > "Andy Chau" <wunchun@hotmai l.com> wrote in message
> > > > When the client has both private and public key, it can just use the
> > > public
> > > > key to encrypt the message which is what I don't want to allow.
> > >
> > > With RSA, anyone that has access to the private key can compute the[/color][/color][/color]
public[color=blue][color=green][color=darkred]
> > > key from that. Hence it is impossible to only give your client access[/color][/color][/color]
to[color=blue][color=green]
> > the[color=darkred]
> > > private key but not to the public key.
> > >
> > > Regards,
> > > Pieter Philippaerts
> > > Managed SSL/TLS: http://www.mentalis.org/go.php?sl
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]