login about faq

Hi,

I'm still using visua lfoxpro and i'm trying your examples. One of them particularly interest me (rsa crypting and decrypting string) and it is said you can crypt with the public key and decrypt with the private key but you only use the private key ? Is there a reason??

I want to use private key for crypting and use the public key for decrypting. Is that possible??

Is it possible to decrypt directly from a signature with a public key??

Thank you in advance for your answers

Regards

Jean-Pierre SENET

asked Mar 06 at 10:09

jps's gravatar image

jps
1


An RSA signature does not contain the original data, so you cannot really decrypt from it. You can use the public key to verify that what is claimed to be the original data has not changed, and also that only the owner of the private key could've created the signature.

The Chilkat RSA API does allow for you to encrypt using the private key. You'll notice there is a "usePrivateKey" argument in each of the Encrypt/Decrypt methods. In general, it makes no sense to encrypt with the private key and decrypt with the public key -- except that it's essentially a way to "sign" the data. Given that anybody with access to the public key can decrypt, it's not a means for securing/hiding the data from the public. But you can use it as a means for knowing that the data originated from the owner of the private key.

Also, and this is important: RSA can only encrypt/decrypt very small amounts of data (on the order of 100 bytes). This is not the case for RSA signatures -- where the data is always hashed first using a hash algorithm such as SHA1, SHA256, MD5, etc. and then the hash is signed.

What you may be thinking about is using an RSA key to create an opaque PKCS7 signature, where the PKCS7 structure contains both the original data and the signature. This is done using a digital certificate with an associated RSA key. The Chilkat Crypt2 API can be used to do this. In essence, this likely best fits what you're trying to achieve. You would use Crypt2.OpaqueSignStringENC or one of the other OpaqueSign* methods. I'll try to create some examples linked from the online reference documentation.

link

answered Mar 06 at 19:53

chilkat's gravatar image

chilkat ♦♦
12.8k317367483

link

answered Mar 06 at 20:38

chilkat's gravatar image

chilkat ♦♦
12.8k317367483

hello and thank you for your answer.

In fact we want to use RSA Signature because we have been asked by the french tax office to sign all the transactions in our software (POS) and we have to give them a public key so they can chack the data in the shops and see if the data have been changed.We have to sign files too.

The request is key 2048 bits Algorithm for signature RSA or ECC Algorithm for hashing sha 256 or SH512 Data to be encoded in Base64url.

link

answered Mar 07 at 03:07

jps's gravatar image

jps
1

Hi,

Sorry to ask all theses questions but i a new to rsa,cryption and so on.

Here is what i want to achieve.

Generate public and Private key (2048) which i thing i have done right below is my code

  • Generate a 2048-bit key. Chilkat RSA supports
  • key sizes ranging from 512 bits to 4096 bits.
  • Note: Starting in Chilkat v9.5.0.49, RSA key sizes can be up to 8192 bits.
  • It takes a considerable amount of time and processing power to generate
  • an 8192-bit key. lnSuccess = loRsa.GenerateKey(2048) IF (lnSuccess <> 1) THEN WAIT WINDOW (loRsa.LastErrorText) RELEASE loRsa CANCEL ENDIF

  • Keys are exported in XML format: lcPublicKey = loRsa.ExportPublicKey() clepublique = lcPublicKey lcPrivateKey = loRsa.ExportPrivateKey() cleprivee = lcPrivateKey SET SAFETY off STRTOFILE(clepublique,"c:pressingclepublique.txt") STRTOFILE(cleprivee,"c:pressingcleprivee.txt")

Then hash a string whith the code below

  • Import the private key into the RSA component: lnSuccess = loRsa.ImportPrivateKey(cleprivee) IF (lnSuccess <> 1) THEN WAIT window( loRsa.LastErrorText) RELEASE loPkey RELEASE loRsa CANCEL ENDIF loRsa.EncodingMode = "base64url"

  • If some other non-Chilkat software is going to verify

  • the signature, it is important to match the byte-ordering.
  • The LittleEndian property may be set to 1
  • for little-endian byte ordering,
  • or 0 for big-endian byte ordering.
  • Microsoft apps typically use little-endian, while
  • OpenSSL and other services (such as Amazon CloudFront)
  • use big-endian. loRsa.LittleEndian = 0

lcStrData = thisform.text1.value \ the string to be hashed lnUsePrivateKey = 0

  • Sign the string using the sha-1 hash algorithm.
  • Other valid choices are "md2", "md5", "sha256",
  • "sha384", and "sha512". lcEncryptedStr = loRsa.EncryptStringENC(lcStrData,lnUsePrivateKey)

then sign a hashed string so that it can be compared with the original string to see if this one has been changed.(with the public key that we have given to the tax people)

here is what i coded but doesn't seem to be right

loRsa.EncodingMode = "base64url"

  • If some other non-Chilkat software is going to verify
  • the signature, it is important to match the byte-ordering.
  • The LittleEndian property may be set to 1
  • for little-endian byte ordering,
  • or 0 for big-endian byte ordering.
  • Microsoft apps typically use little-endian, while
  • OpenSSL and other services (such as Amazon CloudFront)
  • use big-endian. loRsa.LittleEndian = 0

lcStrData = thisform.text1.value \

  • Sign the string using the sha-1 hash algorithm.
  • Other valid choices are "md2", "md5", "sha256",
  • "sha384", and "sha512". lcHexSig = loRsa.SignStringENC(lcStrData,"SHA256")
link

answered Mar 08 at 04:53

jps's gravatar image

jps
1

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×54

Asked: Mar 06 at 10:09

Seen: 527 times

Last updated: Mar 08 at 04:53

powered by OSQA