All geek questions in one place

How to decrypt ciphertext using RSACryptoServiceProvider?

I encrypted the text using RSACryptoServiceProvider. I exported the public and private key. Obviously, I just want to open the public key inside the decoder application, so I wrote the code as follows:

private const string PublicKey = "<RSAKeyValue><Modulus>sIzQmj4vqK0QPd7RXKigD7Oi4GKPwvIPoiUyiKJMGP0qcbUkRPioe2psE/d3c1a2NY9oj4Da2y1qetjvKKFad2QAhXuql/gPIb1WmI+f6q555GClvHWEjrJrD/ho7SLoHbWd6oY6fY609N28lWJUYO97RLVaeg2jfNAUSu5bGC8=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"; private string Decrypt() { byte[] encryptedKeyAsBytes = Convert.FromBase64String(_encryptedKey); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(PublicKey); // read ciphertext, decrypt it to plaintext byte[] plainBytes = rsa.Decrypt(encryptedKeyAsBytes, false); string plainText = System.Text.Encoding.ASCII.GetString(plainBytes); return plainText; }

But the exception is thrown in the line "byte [] plainBytes = rsa.Decrypt (encryptedKeyAsBytes, false);" and says, "The key does not exist." However, if I expose the entire private and public key, it will work successfully. So, how can I decrypt data using only public key information?

+2
source share
3 answers

You cannot - this is a public / private key encryption point. The public does encryption; private does decryption.

It looks like you need some kind of key exchange template. For instance; if your decoder application is trying to decrypt information from another data source (the original application), I would do something like this:

  • The source application generates a symmetric key, such as AES.
  • The Decoder application creates a pair of public and private keys.
  • The source application requests the decoder application for the public key.
  • The original application encrypts the symmetric key with the public key and sends it back to the decoder application.
  • Decoder uses the private key to decrypt the symmetric key.
  • The decoder application receives data encrypted using a symmetric key from the original application.
  • The decoder application uses a symmetric exchange key to decrypt the received information.

There is only an example; but illustrates the basics of exchanging data between two applications without any confidential information transmitted over the cable. A symmetric key is not required at all; but it is a very common model as RSA begins to introduce problems when encrypting large amounts of information. RSA is better to simply encrypt a symmetric encryption key.

+6
source

Short answer: you cannot. To decrypt messages, you need a secret key, which is the basic principle of asymmetric cryptography.

You encrypt messages using the public key, so that only the person with the corresponding private key can decrypt them.

To make a public key public, you can safely distribute it to the public so that they can encrypt messages that should be read by you, the sole owner of the corresponding private key.

+5
source

The problem is that you are confusing encryption and signing.

Encryption is where anyone can write a message, but only the owner of the private key can read it. Signing means that someone can read the message, but only the owner of the private key can write it.

When you call Decrypt, RSACryptoServiceProvider looks for encryption, that is, publicly record private reading. So he is looking for the private key.

You want to use the SignData and VerifyData functions to sign the payload so that people cannot write it.

+1
source

Source: https://habr.com/ru/post/956744/

More articles:


All Articles