All geek questions in one place

RSA Private Key Encryption

Is there a way to encrypt a secret key in C #?

I know about the RSACryptoServiceProvider standard in System.Security.Cryptography , but these classes only provide public key encryption and private key decryption . In addition, they provide digital signature functionality that uses internal encryption with the private key , but there are no public functions to perform encryption of the private key and public key .

I found this article on codeproject , which is a very good starting point for performing this kind of encryption, however I was looking for ready-to-use code, since the code in the article is unlikely to encrypt arrays of arbitrarily long bytes containing random values โ€‹โ€‹(this means any values, including zeros).

Do you know some good components (preferably free) to perform private key encryption ?
I am using .NET 3.5 .

Note: I know that this is usually considered the wrong way to use asymmetric encryption (encryption using the private key and decryption using the public key), but I just need to use it that way.

Additional explanation

You have

 var bytes = new byte[30] { /* ... */ };

and you want to use 2048bit RSA so that no one changes anything in this array.

Usually you should use a digital signature (i.e. RIPEMD160 ), which you then attach to the original bytes and send to the recipient.

So, you have 30 bytes of source data and an additional 256 bytes of digital signature (since this is 2048bit RSA ), which generally corresponds to 286 bytes . Hovewer, only 160 bits of this 256 bytes is actually a hash, so there are exactly 1888 bits ( 236 bytes ) not used.

So my idea is this:

Take 30 bytes of source data, attach a hash ( 20 bytes ) to it, and now encrypt these 50 bytes . You get a long message of 256 bytes , which is much shorter than 286 bytes , because "you were able to click the actual data inside the digital signature."

ECDSA Resources

MSDN
Eggheadcafe.com
c-plusplus.de
MSDN Blog
Wiki

DSA Resources

CodeProject
MSDN 1
MSDN 2
MSDN 3

Final decision

If someone is interested in how I solved this problem, I will use 1024bit DSA and SHA1 , which is widely supported in many different versions of Windows ( Windows 2000 and newer), the security is good enough (I do not sign orders, I just need to make sure that some child cannot crack the signature on his iPhone (:-D)), and the signature size is only 40 bytes .

+4
source share
4 answers

What you are trying to create is called a message recovery signature scheme.

Developing a new signature scheme is complicated. Developing a new signature scheme with message recovery is more difficult. I do not know all the details about your design, but there is a good chance that it is susceptible to the selected message attack.

One suggestion for message recovery signature schemes is the RSA PSS-R. But, unfortunately, this proposal applies to a patent.

The IEEE P1363 standardized group discussed the addition of message recovery signature schemes. However, I am not sure about the current state of these efforts, but it may be worth checking out.

+3
source

Your public key is a subset of your private key. You can use your private key as a public key, because it will only use the components of the full key that it requires.

In .NET, your private and public keys are stored in the RSAParameters structure. The structure contains fields for:

  • D
  • DP
  • Dq
  • Exhibitor
  • Inverseq
  • Modulus
  • P
  • Q
+2
source

If you are at a point where the data is so small that the digital signature is huge in comparison, then you have a redundant signature. The solution is not to roll your own algorithm, but to reduce what is there. You definitely do not want to try to combine the key with the hash in an amateur way: this has already been broken, so we have an HMAC.

So the main idea:

  • Create a session key using a cryptographically strong RNG.

  • Pass it through PKE.

  • Use the session key to create the HMAC-SHA1 (or HMAC-RIPEMD160 or something else).

  • If the size of the hash is absurdly large for the given data, cut it in half by tipping the upper part from the bottom. Repeat as necessary.

  • Send the data and the hash (possibly trimmed).

  • The receiver uses the data and the session key to regenerate the hash, and then compares it with the transmitted (possibly after the first reduction).

  • Change session keys frequently.

This is a compromise between the frenzy of translating your own system and using a bad one.

I am widely open to constructive criticism ...

+2
source

I get it now, after reading the comments.

Answer: do not do this.

Cryptographic signature algorithms are not algorithms from which you can select or change steps. In particular, if the sig signature looks something like encrypt(hash) , orig + sig does not match encrypt(orig + hash) . In addition, even legacy signature algorithms such as PKCS v1.5 are not as simple as encrypt(hash) .

A technique like the one you describe protects safety for the sake of skill. If you do not have bandwidth for a 256-byte signature, you will need one of the following:

  • another algorithm
  • more bandwidth or
  • smaller key.

And if you go with (1), make sure that this is not the algorithm that you composed! The simple fact is that it is cryptocurrency .

+1
source

Source: https://habr.com/ru/post/1316714/

More articles:


All Articles