hi jeffrey, i was wondering if there was a way to import my private key into my application to use to decrypt without exposing it? Can I use the methods provided in the link you provided? Can I use key containers? Do you have any experience with this?
On Sun, May 23, 2010 at 8:22 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > OpenSSL is closer to Java than C# or Crypto++. So where you see Java, > thisnk OpenSSL. > > Cryptographic Interoperability: Keys > http://www.codeproject.com/KB/security/CryptoInteropKeys.aspx > > Cryptographic Interoperability: Digital Signatures > http://www.codeproject.com/KB/security/CryptoInteropSign.aspx > > On Sun, May 23, 2010 at 10:06 PM, Chuck Pareto <chuckda...@gmail.com> > wrote: > > Hi, > > I'm a newbie when it comes to RSA, the last time I learned it was in > school > > over 7 years ago in one lecture. > > Maybe I'm missing something but I will try to explain my problem again. > > A former co worker generated a public and private key for our group. (I > > think he used PGP but not sure). > > So I have the 2 .pem files he created. So far so good.. > > Now, he's using openssl rsautl to encrypt and decrypt strings for our > group. > > So far so good.. > > He's calling openssl rsautl from a c# script to encrypt and decrypt these > > strings. So far so good.. > > Now here is what I want to do. I want to use c#'s built in rsa class to > > encrypt and decrypt these strings instead of having the c# script call > > openssl rsautl. So far so good.. > > On this link below there is an example of c# calling and ecrypting with a > > public key, you don't have to go to this link..just for reference. > > > http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.encrypt.aspx > > Now in this script before the encrypt function is called there are two > lines > > of code: > > > > byte[] Exponent = {1,0,1}; > > > > RSAKeyInfo.Exponent = Exponent; > > > > If I try to remove this it throws an error. So I am guessing that a > exponent > > needs to > > > > be defined in order to encrypt a message????Yes, no, I'm missing > something.. > > > > In your response to my first email, you said e and n are needed for > > encrypting. If there is no e being passed in as an argument to openssl > > rsautl, what is the default e? and what is the default n? > > > > > > On Sun, May 23, 2010 at 6:11 PM, Dave Thompson <dthomp...@prinpay.com> > > wrote: > >> > >> > From: owner-openssl-us...@openssl.org On Behalf Of Pareto, > Charles > >> > Sent: Friday, 21 May, 2010 17:14 > >> > >> > I'm trying to get the same result with the c# > >> RSACryptoServiceProvider class > >> > that 'openssl.exe rsautl ' gives me. > >> > > >> > The c# class wants more properties set before you can encrypt a > >> message. > >> > >> I can't help with C#, but this borders on an abstract crypto issue. > >> > >> > How can I obtain the parameters that 'openssl.exe rsautl' > >> implements. > >> > For example the exponent, q parameters, p parameters, dp, dq > parameters, > >> etc. > >> > These are optional arguments for the c# class. > >> > Ex. Exponent = {1,0,1} > >> > >> d,p,q,dP,dQ,qInv are the components of an RSA private key that are not > >> in the public key. And except for the first, only in the CRT (Chinese > >> Remainder Theorem) form, which is used widely including by openssl. > >> If that 'exponent' is notated in bytes, it would be 65537 aka 'F4', > >> a commonly used value for the public exponent e. The private exponent > >> d must be much larger, and for usual e will appear random. > >> > >> > > openssl.exe rsautl -encrypt -inkey dir\\public.pem -pubin -in > >> filename -out encryptedfilename > >> > >> Aside: unless you're using a Unixoid shell glomped onto Windows, > >> like mingw, you usually don't need to specify .exe to find an > >> executable and don't need to double backslashes in pathnames. > >> > >> RSA encrypt, or verify, uses and should need only the public key, > >> which substantively consists only of e and n (where n = p * q). > >> The private key fields are needed, and generally should be used, > >> only for decrypt, or sign. That's the way public-key crypto works, > >> and provides certain (we hope useful!) security features. > >> You can see public.pem does not contain and this command can't use > >> private bits with openssl rsa -in public.pem -pubin -noout -text > >> (Note however that rsautl -decrypt does need the private key.) > >> > >> If some part of C# really demands a private key to RSA *encrypt*, > >> it is hopelessly broken and could never provide useful security. > >> Although M$ certainly makes mistakes from time to time, I would > >> be very surprised if they made such a basic and obvious one, so > >> I suspect your understanding is actually wrong. Perhaps you aren't > >> (correctly) doing something needed to tell it to be in encrypt mode, > >> or (more abstractly) to use a public rather than private RSA key. > >> > >> > >> > >> > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> User Support Mailing List openssl-users@openssl.org > >> Automated List Manager majord...@openssl.org > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
