5

I am looking for a way to encrypt data with a private key, and have the public key decrypt it. I am aware this is generally NOT what you want from encryption, as it will be readable with by anyone with the public key, but that is exactly what I require.

I require a string of data to be encrypted by the private key, so that only I can create the encrypted data, and have my application read it by the public key. The idea behind this is to create a license file for my application, encrypt the license details, and have the application read this data. This will prevent licenses being generated by anyone other than me, however will allow the application to read it by the public key.

The idea of this is to control the encrypted data, and not care who can read it, only who can create it.

Using the RSACryptoServiceProvider, I can create my public/private keys, I can encrypt the data with the private key, however when I go to decrypt with the public key, I get a "Key Not Found" exception.

Signing with RSA is also not possible, as I need to compare encrypted data with plain text data, to ensure the license is valid, and signing only verifies the source, not what it contains.

Is there any other crypto provider that I can use to accomplish this, or some other method of reading license details, whereby I keep the private key, and distribute the public key with my application for license verification.

Cheers

Improve this question
12
  • 3
    "However, if a message is digitally signed, any change in the message after signature will invalidate the signature." en.wikipedia.org/wiki/Digital_signature#Integrity. Are you sure signing is not what you need? Commented Nov 2, 2010 at 22:25
  • 5
    What you describe is called "signing", even though you say it is not. Commented Nov 3, 2010 at 1:09
  • I know that I can sign a string of data, and that will authenticate that the data came from me, however, I am using that encrypted data to set options for the license, IE concurrent users. So while I can sign the original data (containing the concurrent user count), and send the plain text data along with it, there is no way to compare the values to ensure that it authentic. ie: I am sending the Concurrent User count as plain text, and also a string containing the encrypted user count. What I then want to do is unencrypt the concurrent user value, and compare it with the plain text value. Commented Nov 3, 2010 at 1:54
  • 1
    @Juzzbott: Because the hashing has nothing to do with the public or private key, it is just a hashing algorithm without any key. Which means you can always go from plain-text to the hash (but not the other way around, which is the whole point of a hash). So you take the plain-text license file, make a hash of it and encrypt that hash with your private key (i.e. signing). Your software can then verify the license by decrypting the hash-value with the public key, and then perform the same hash function on the plaintext license, and compare the two hash values (i.e. verification of a signature.) Commented Nov 3, 2010 at 22:15
  • 1
    @Juzzbott, the link to your article returns 404. :( Commented Dec 14, 2011 at 1:45

2 Answers 2

Reset to default
7

You need signing. Really.

The whole signing API is aimed at signing a Hash-value because RSA is slow so the Hash is used as a synopsis. That should suit your needs, you can always send the unencrypted text alongside. You use the signature to validate it.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

But if I am signing the data with a private key, would I not need to have the private key sent as well, so that I can re-hash and verify the plain text data. How could I compare the encrypted values without it?
@Juzzbott: Because signing is exactly what you describe. Signing means encrypting with the private key, and decrypting with the public key. Signing was made for the exact purphose you describe: To verify the content has not been changed and that the author is in pocession of the private key, using only the public key.
@bjarkef: Or are the two functions that I want to use SignHash() and VerifyHash() from this page? msdn.microsoft.com/en-us/library/…
@Juzzbot: Yes, that is exactly what you need. You'll have to manage the transport of the 'data' yourself, but that's not critical.
-1

I am looking for a way to encrypt data with a private key, and have the public key decrypt it. I am aware this is generally NOT what you want from encryption, as it will be readable with by anyone with the public key, but that is exactly what I require.

"Encrypt with the private key" is not a valid cryptographic transformation. The reason you are having trouble with it is, libraries don't support it because is not a valid cryptographic transformation.

In cases like this you usually want to use a Signature Scheme with Recovery (PSSR).

The idea behind this is to create a license file for my application, encrypt the license details, and have the application read this data. This will prevent licenses being generated by anyone other than me, however will allow the application to read it by the public key.

From a data security point of view, rather than "encrypt the license details", you merely sign the license details. Others [still] will not be able to sign new licenses, and licensees will be able to verify with the public key.

Signing with RSA is also not possible, as I need to compare encrypted data with plain text data, to ensure the license is valid, and signing only verifies the source, not what it contains.

I'm not quite following this. No comment...

Is there any other crypto provider that I can use to accomplish this, or some other method of reading license details, whereby I keep the private key, and distribute the public key with my application for license verification.

I don't know if Microsoft or .Net offers Signature Schemes with Recovery.

If you are open to other libraries, then Botan and Crypto++ offer signature schemes with recovery. A simple Wrapper DLL and Interop should work fine.

In Crypto++ you would use something like this from RSA Signature Schemes on the Crypto++ wiki. The PSSR is Probabilistic Signature Schemes with Recovery.

RSASS<PSSR, SHA256>::Signer signer(privateKey);
RSASS<PSSR, SHA256>::Verifier verifier(publicKey);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.