Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?

[Andy Chau]

I try to use RSA to implement the following scheme but wasn't sucessful.

Sever encrypt a message using a public key, the client decrpyt the message
using a private key.

I don't want the client to be able to encrypt a message.

However, using the Crypto API I need to pass in both the private and public
key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don't want to allow.

Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?

Thanks very much in advance,

Andy

[Mickey Williams]

I'm not sure I understand what you're asking for. Doesn't everyone have the
public key? Isn't its public availablility the very essence of asymmetric
encryption? If you're worried that an arbitrary client might be able to sign
a plain-text message and spoof the producer's identity, provide a signature.

--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press
[url]www.servergeek.com[/url]


"Andy Chau" <wunchun@hotmail.com> wrote in message
news:uFuj5qeiDHA.2536@TK2MSFTNGP10.phx.gbl...

> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> Sever encrypt a message using a public key, the client decrpyt the message
> using a private key.
>
> I don't want the client to be able to encrypt a message.
>
> However, using the Crypto API I need to pass in both the private and

public

> key pairs in order to decrypt the message.
> When the client has both private and public key, it can just use the

public

> key to encrypt the message which is what I don't want to allow.
>
> Does anyone know if there is any asymmetric crypto API to implmenet this
> scheme?
>
> Thanks very much in advance,
>
> Andy
>
>
>

[Michel Gallant]

"Andy Chau" <wunchun@hotmail.com> wrote in message news:uFuj5qeiDHA.2536@TK2MSFTNGP10.phx.gbl...

> I try to use RSA to implement the following scheme but wasn't sucessful.
>
> When the client has both private and public key, it can just use the public
> key to encrypt the message which is what I don't want to allow.

Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).

You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)

Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON'T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)

Think of it ... encrypted malicious spam .. the next frontier of maluse.

- Michel Gallant
Security Visual MVP
[url]http://pages.istar.ca/~neutron[/url]

[Pieter Philippaerts]

"Andy Chau" <wunchun@hotmail.com> wrote in message

> When the client has both private and public key, it can just use the

public

> key to encrypt the message which is what I don't want to allow.

With RSA, anyone that has access to the private key can compute the public
key from that. Hence it is impossible to only give your client access to the
private key but not to the public key.

Regards,
Pieter Philippaerts
Managed SSL/TLS: [url]http://www.mentalis.org/go.php?sl[/url]

[Andy Chau]

That is true, but you can say the same for being able to compute the private
key using the public key.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

Thanks in advance

Andy

"Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
news:ec$CDvhiDHA.2452@TK2MSFTNGP10.phx.gbl...

> "Andy Chau" <wunchun@hotmail.com> wrote in message

> > When the client has both private and public key, it can just use the

> public

> > key to encrypt the message which is what I don't want to allow.

>
> With RSA, anyone that has access to the private key can compute the public
> key from that. Hence it is impossible to only give your client access to

the

> private key but not to the public key.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: [url]http://www.mentalis.org/go.php?sl[/url]
>
>

[Michel Gallant]

"Andy Chau" <wunchun@hotmail.com> wrote in message news:ui2E9iriDHA.2400@TK2MSFTNGP11.phx.gbl...

> That is true, but you can say the same for being able to compute the private
> key using the public key.

Not TRUE at all .. when you have the public key, you only have the product
of the 2 private primes which does not give you the private key (except by
some massive unrealizable brute force effort).
With private key, you a priori have the 2 primes, and simply multiply them
to get the public key ... totally different.
- Mitch

> Andy
>
> "Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
> news:ec$CDvhiDHA.2452@TK2MSFTNGP10.phx.gbl...

> > "Andy Chau" <wunchun@hotmail.com> wrote in message

> > > When the client has both private and public key, it can just use the

> > public

> > > key to encrypt the message which is what I don't want to allow.

> >
> > With RSA, anyone that has access to the private key can compute the public
> > key from that. Hence it is impossible to only give your client access to

> the

> > private key but not to the public key.
> >
> > Regards,
> > Pieter Philippaerts
> > Managed SSL/TLS: [url]http://www.mentalis.org/go.php?sl[/url]
> >
> >

>
>

[Andy Chau]

Hi Mikey,

What I want is a scheme to use two set of keys for encryption/decryption.

I don't exactly need to use RSA if it cannot do the thing I want, I am just
looking for a asymmetric crypto alg that will fit the following
requirements:

1. Have two set of keys, Key-1 and Key2
2. Person A can use Key-1 to encrypt, but not decrypt
3. Person B can use Key-2 to decrypt, but not encrypt
4. It is computationaly impossible to derive Key-1 from Key-2, and vice
versa

As Michael pointed out, RSA is not good for this purpose as getting the
private key enables anyone to compute the public key easily.

I am wondering if there is such alg out there that can implement this
scheme.

Thanks

Andy

"Mickey Williams" <my first name at servergeek.com> wrote in message
news:Od$x3JgiDHA.1796@TK2MSFTNGP10.phx.gbl...

> I'm not sure I understand what you're asking for. Doesn't everyone have

the

> public key? Isn't its public availablility the very essence of asymmetric
> encryption? If you're worried that an arbitrary client might be able to

sign

> a plain-text message and spoof the producer's identity, provide a

signature.

>
> --
> Mickey Williams
> Author, "Microsoft Visual C# .NET Core Reference", MS Press
> [url]www.servergeek.com[/url]
>
>
> "Andy Chau" <wunchun@hotmail.com> wrote in message
> news:uFuj5qeiDHA.2536@TK2MSFTNGP10.phx.gbl...

> > I try to use RSA to implement the following scheme but wasn't sucessful.
> >
> > Sever encrypt a message using a public key, the client decrpyt the

message

> > using a private key.
> >
> > I don't want the client to be able to encrypt a message.
> >
> > However, using the Crypto API I need to pass in both the private and

> public

> > key pairs in order to decrypt the message.
> > When the client has both private and public key, it can just use the

> public

> > key to encrypt the message which is what I don't want to allow.
> >
> > Does anyone know if there is any asymmetric crypto API to implmenet this
> > scheme?
> >
> > Thanks very much in advance,
> >
> > Andy
> >
> >
> >

>
>

[Andy Chau]

Yes, you are right.

That's what make RSA impractical for the scheme I am looking for.
Do you know if there is any other algorithm out there that is more suitable
for the things I want to do?

Thanks

Andy

"Michel Gallant" <neutron@nspxistar.ca> wrote in message
news:OmfVR3siDHA.1672@TK2MSFTNGP09.phx.gbl...

> "Andy Chau" <wunchun@hotmail.com> wrote in message

news:ui2E9iriDHA.2400@TK2MSFTNGP11.phx.gbl...

> > That is true, but you can say the same for being able to compute the

private

> > key using the public key.

>
> Not TRUE at all .. when you have the public key, you only have the product
> of the 2 private primes which does not give you the private key (except by
> some massive unrealizable brute force effort).
> With private key, you a priori have the 2 primes, and simply multiply them
> to get the public key ... totally different.
> - Mitch
>
>
>
>

> > Andy
> >
> > "Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
> > news:ec$CDvhiDHA.2452@TK2MSFTNGP10.phx.gbl...

> > > "Andy Chau" <wunchun@hotmail.com> wrote in message
> > > > When the client has both private and public key, it can just use the
> > > public
> > > > key to encrypt the message which is what I don't want to allow.
> > >
> > > With RSA, anyone that has access to the private key can compute the

public

> > > key from that. Hence it is impossible to only give your client access

to

> > the

> > > private key but not to the public key.
> > >
> > > Regards,
> > > Pieter Philippaerts
> > > Managed SSL/TLS: [url]http://www.mentalis.org/go.php?sl[/url]
> > >
> > >

> >
> >

>
>