Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can RSA be both used as encryption and signature?

Tags:

rsa

encryption

signature

I am sorry but my mind suddenly goes blank for this question....

EDIT (Scenario)

If I want information to bypass simple filters like f-ck, is it OK to encrypt the information with public key, and sign by private key?

The public key may have already exchanged by both sides, and it is even hard to get the public key.

EDIT 2

The information itself may not that much credential.

The point of encryption and signature is for bypassing and integrity.

like image 215
Dante May Code Avatar asked Mar 24 '11 14:03

Dante May Code

1 Answers

RSA is two algorithms: one for asymmetric encryption and one for signatures. It so happens that both algorithms can use the same private key structure (this is a source of confusion: many documentations, including the RSA standard, try to explain the signature as "an encryption with the private key", which is, at best, inaccurate).

Using the same key for both usages is possible, but not really recommended, because interactions between both kind of usages have not been fully explored; also, keys for encryption and keys for signatures usually have different life cycles with distinct protection mechanisms (for instance, you normally want to keep a backup of the private key for encryption, to prevent data loss: losing the private key means losing all data which has been encrypted with that key; while you do not want a backup of the signature key).

Your scenario is a bit unclear. Asymmetric encryption uses the public key, while generating the signature uses the private key. If A wants to send a message to B with encryption (for confidentiality) and a signature (for integrity), then A will encrypt the data with a public key for which B knows the private key; and A will sign the data with a private key for which B knows the public key. This calls for two pairs of key: one pair is used for encryption and decryption (A encrypts, B decrypts, B knows the private key), and the other pair is used for signatures (A signs, B verifies, A knows the private key). If both A and B know the private key, then they have a shared secret, and it is much simpler (and faster) to use symmetric encryption (AES) and integrity checks (HMAC).

Standard disclaimer: you look like you are designing your own cryptographic protocol. Do not do this. This road leads to the same security failures that countless other smart people have stumbled upon. Use a tried-and-proven protocol such as SSL/TLS or OpenPGP.

like image 55
Thomas Pornin Avatar answered Sep 20 '22 00:09

Thomas Pornin
Sign in to Comment

Related questions

C# Libraries to encrypt/decrypt using AES
SMS encryption over GSM
How to Decode ionCube encrypted files? [closed]
How to check if string is a valid sha256 hash in PHP?
How to add padding on to a byte array?
Sending Encrypted strings using socket in Python
Error with encrypt message with RSA python
Cipher.getInstance() and Cipher.getInit() for each message in case of random IV for AES encryption
encrypting a .Net application and assemblies
Java equivalent of C#'s Rfc2898DerivedBytes
C# AES-256 Encryption
Password handling best practices?
LibTomCrypt and LibTomMath—development status?
Encrypting/Decrypting Passwords to and from a MySQL database
Where can I find the Java source code for the Vigenere cipher? [closed]
In C#, why is pinning a secret key in memory more secure?
How can i encrypt and decrypt my Cookies in ASP.NET
Why do I have "Checksum fail" on every bad SQL request in Oracle when Native Encryption (ASO) is enabled?
PHP Source Encryption - Effectiveness and Disadvantages
Avoid that repeated same messages look always same after encryption, and can be replayed by an attacker?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!