Re: Cryptography question about private key encryption

[David Tonhofer, m-plify S.A.]

--On Wednesday, February 27, 2002 7:35 PM +0200 [EMAIL PROTECTED] 
wrote:

> I have a quick question about encrypting with private key.
>
> First background: I have a short piece of data (symmetric encryption
> key + some other stuff) encrypted with RSA private key.

You want to encrypt the key+stuff with the PUBLIC key of the
destination, NOT with your private key -- otherwise, as everybody has
your public key, everybody will be able to decrypt the key+stuff.

> Then this
> symmetric key is decrypted using the corresponding RSA public
> key.

Don't shoot yourself in the foot. See above.

> I'm using 2048 bit RSA key created with 'openssl genrsa 2048'.
> The private key needs to be always secret, encrypted symmetric
> key is basically a unique session key, and public key is more like
> "shared secret" distributed to several places but not publicly.

It can be as public as you like (e.g. on your vcard)

> Now I'd like to know how difficult it would be to get the symmetric
> key without actually having the public key?

The right question is: how difficult is it to get the encrypted symmetric
key without having the private key of the destination. Answer: very
difficult by cracking RSA, depending on your symmetric key cryptosystem,
possibly easier. If you for example use a single DES key, one need
not bother to crack RSA, one can do a brute-force attack on your
single-DES-encrypted data stream.

> Should I generate or modify the RSA key in some specific way to
> make this more difficult?

I wouldn't recommend it. Fumbling with the algorithm will most
certainly break it.

> I'm asking because I could not find definite answer in the web
> anywhere on how secure is encryption with private key and
> decryption with public key.

If you are using RSA with 512 bit, it's hard enough.

> Everything was just about signing
> with private key and verifying with public key,

This is different from encrypting, which is done inversely.

> always assuming
> that the public key is really public and therefore not saying
> anything about how difficult it is to crack the private-key
> encrypted data without having the public key.  Since I'm no
> cryptography expert, I'm trying to avoid any pitfall here.

You seem to be asking about faking an RSA-based signature. Having
the public key allows you to verify it. Not having the public key
makes the signature useless, so why crack it?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]