Databases
StackOverflow2013
Postsdbo
POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
    primarykey
    data
    text
    <p>Signing an assembly in .NET involves a public/private key pair. As far as I can tell from what I've read .NET uses the RSA algorithm and the private key to sign the assembly, checking it with the embedded public key.</p> <p>I know how to retrieve the public key (<code>Assembly.PublicKey</code>). I was wondering, if that key could be used to decrypt a short string that contains some data encrypted with the private key.</p> <p>The docs I've read so far (<a href="http://msdn.microsoft.com/en-us/library/92f9ye3s.aspx#public_key" rel="nofollow noreferrer">e.g.</a>) seem to imply that only the other way round is possible: That I would have to use the public key to encrypt and the private key to decrypt - but I don't really want to include that in the assembly, do I.</p> <p>I guess it would be ok, if I just signed the string. But how?</p> <p>I'm a bit at a loss how to start this. Does anybody have a code snippet?</p> <p>Also, encrypting / signing of the small string would ideally happen in PHP, since I want to offload that to a web server and all we have so far is your generic PHP/MySQL hosted website.</p> <p><strong>Use Case</strong>: I'm trying to come up with a lightweight licensing scheme for a software we are about to release to beta testers. Since the software will probably be freeware, all we really want to achieve is</p> <ol> <li>know who has the software installed (email address)</li> <li>let the software expire after a given period, after which the user will have to get a new license <ul> <li>this is as easy as filling out a form and waiting for an automated email with the key to arrive</li> <li>we are trying to reduce the likelyhood of old versions coming back to bite our reputation / haunt us</li> </ul></li> </ol> <p>Being able to encrypt a tuple (expiry date, fingerprint) and decrypt that at startup would make an easy licensing module: The first time the application is started, the user is asked for email address, name, organisation. This information is posted to the webserver along with an md5 fingerprint of some system info (nic, computer name, assembly major and minor version). The webserver answers by email (checks validity of email address) with an encrypted version of the tuple (expiry date, fingerprint) that is then saved to disk. On startup, this can be decrypted and compared with current date and regenerated fingerprint.</p> <p><em>EDIT</em>: OK, so I don't have all the answers to my question yet. But it looks like .NET won't make it easy to use the private key for encryption (if that is at all possible, the answers don't really agree on that).</p> <p>The route I will take is this (based on my use case):</p> <ul> <li>I will use the private key to sign the license.</li> <li>I will use the public key to verify the license was signed by the private key</li> <li>I will post another question aimed at PHP devs on how to use the .NET keys (produced by <code>sn.exe</code>) to sign some text</li> <li>I am not really worried about the user seeing the license, as it is a hash anyway and computed from stuff he allready knows. All I want is to make it too hard to be worth any bother for your typical building architect to copy my software without me knowing (remember, the software will be freeware - all I want is a paper trail of who has it installed...)</li> </ul> <p>Thank you very much for your answers. </p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USDaren Thomas
    1. USDaren Thomas
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
      1. USPeter Lillevold
      1. VTFavorite
    3. VO
      singulars
      1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
      1. This table or related slice is empty.
      1. VTUpMod
    1. COI don't understand the need for encryption here because you haven't stated what the *attack* is. Encryption is a technique for mitigating the damage due to an *attack*. Be very specific about this: who is the attacker? what are they attacking? what resource is being damaged? and how do you propose that encryption mitigates that damage?
      singulars
      1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
      1. USEric Lippert
    2. COThe reason I ask is because the system you describe is insecure and dangerous. It is highly susceptible to chosen-ciphertext attacks; it is very important with RSA that you never allow an attacker to provide you with a message that you then sign with your private key. If you don't understand why that is, then odds are good you should not be attempting to solve your security problems with encryption. Encryption is a very powerful tool when used correctly, and very weak and dangerous when used incorrectly. Don't use encryption unless you really, REALLY know what you are doing.
      singulars
      1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
      1. USEric Lippert
    3. CO@Eric Lippert: Thank you for those very valuable comments. Actually, just signing the stuff will be enough. But I will now spend a lot of thinking about the chosen-ciphertext attack.
      singulars
      1. POCan I use the assemblies PublicKey to decrypt a string encrypted with the corresponding PrivateKey?
      1. USDaren Thomas
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload