Does RSA Private key always contain the Public key, or is it just .NET?

Asked 19/11, 2008 at 8:25 Answered 19/11, 2008 at 8:40

.net key private public rsacryptoserviceprovider

I'm using RSACryptoServiceProvider in .NET 2 and it seems that the Private part of a Public/Private key pair always contains the Public part as well.

I need to encrypt some info using my Public key, and allow the other party to ONLY DECRYPT what I encrypted. I don't want them to be able to know how I encrypted my message. Is that possible using RSACryptoServiceProvider in .NET?

Amygdalin answered 19/11, 2008 at 8:25 Comment(1)

Your assumption in the post title is correct, but your assumption in the content of your post is wrong. What you want to do is ask for the other party to generate their own private-public key pair, then ask them to give you their public key, you then encrypt your data with their public key, and send your encrypted data to them. ONLY the person with the private key would be able to decrypt your data (i.e. the other party). As a note: Public keys are meant to be shared. Private keys are meant to be secret. – Commissionaire 16/5, 2023 at 13:34

The private key always includes the public key.

What you might really want is Signing. Using the same .NET classes, you can sign data with your private key and verify the signature on the other party's side with the public key (which obviously doesn't contain the private key).

    public static string Sign(string data, string privateAndPublicKey)
    {
        byte[] dataBytes = Encoding.UTF8.GetBytes(data);
        RSACryptoServiceProvider provider = CreateProviderFromKey(privateAndPublicKey);
        byte[] signatureBytes = provider.SignData(dataBytes, "SHA1");
        return Convert.ToBase64String(signatureBytes);
    }

    public static bool Verify(string data, string signature, string publicKey)
    {
        byte[] dataBytes = Encoding.UTF8.GetBytes(data);
        byte[] signatureBytes = Convert.FromBase64String(signature);
        RSACryptoServiceProvider provider = CreateProviderFromKey(publicKey);
        return provider.VerifyData(dataBytes, "SHA1", signatureBytes);
    }

    private static RSACryptoServiceProvider CreateProviderFromKey(string key)
    {
        RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
        provider.FromXmlString(key);
        return provider;
    }

Git answered 19/11, 2008 at 8:32 Comment(0)

How to use:

The other party's public key:

If you want to encrypt something that only the other party (and no one else) can decrypt, you have to encrypt it with their public key (not with your key).

If you get a signature from the other party, you can verify that the signature is correct (as opposed to created by someone else) by using the other party's public key.

Your own private key:

If you want to sign something so that everyone can verify that you created the contents, you sign it with your own private key. Your public key will be used to verify it. The contents are not encrypted at all (unless you do that separately).

If someone sends you a message encrypted with your public key (so that only you can read it), you can decrypt it with your private key.

Your own public key:

You do not use your own public key. The other party uses it to verify your signatures, and to encrypt messages for your eyes only.

The other party's private key:

You do not have that.

Anaemia answered 19/11, 2008 at 8:40 Comment(0)

Data encryption using private/public key does not work like that. You must use other person's public key, so he/she can decrypt it by means of his/her private key.

Nonetheless this is really slow, so in practice what is actually used to encrypt the message is a symmetric key which is generated at session time. The symmetric key is what is encrypted by means of the public key of the other end (much less data than whole message), and then attached to the encrypted message. SSL for example works like that.

Messick answered 19/11, 2008 at 8:39 Comment(0)

Recommended topics

Hot tags