I have a quick question about encrypting with private key. First background: I have a short piece of data (symmetric encryption key + some other stuff) encrypted with RSA private key. Then this symmetric key is decrypted using the corresponding RSA public key. I'm using 2048 bit RSA key created with 'openssl genrsa 2048'. The private key needs to be always secret, encrypted symmetric key is basically a unique session key, and public key is more like "shared secret" distributed to several places but not publicly.
Now I'd like to know how difficult it would be to get the symmetric key without actually having the public key? Should I generate or modify the RSA key in some specific way to make this more difficult? I'm asking because I could not find definite answer in the web anywhere on how secure is encryption with private key and decryption with public key. Everything was just about signing with private key and verifying with public key, always assuming that the public key is really public and therefore not saying anything about how difficult it is to crack the private-key encrypted data without having the public key. Since I'm no cryptography expert, I'm trying to avoid any pitfall here. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
