Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How is public key used to decrypt in .NET assemblies?

Tags:

c#

rsa

.NET signed assemblies contain public key, but the public key is used for encryption in RSA, then how does .NET uses the public key for decryption of signed assemblies?

Ok, the signed assemblies contain the hash, but the hash is encrypted using the private key and not the public key. So, why and how in .NET private keys are used for encryption and public keys for decryption. I mean, that all software like RSACryptoPad uses the public key for encryption and not for decryption.

like image 967
Priyank Bolia Avatar asked Dec 30 '22 03:12

Priyank Bolia

2 Answers

The public-private key pair is not used to encrypt the whole assembly. Instead it is used to sign the assembly.

Simplifying a little, to sign a file - such as an assembly - you take a hash of the file and then ecrypt that hash with your private key. Someone using the file verifies your signature by making a hash of the file themselves and then decrypting your encrypted hash using your public key and confirming these two hashes are the same. This proves two things:

  1. The assembly is from who is claims to be from - i.e you - as it has been produced with your private key.
  2. The assembly hasn't been altered by someone else as the hash you made when you released the assembly is the same as the current one. No-one can alter the signed assembly since they would also have to make corresponding changes to the encrypted hash which requires your private key.

There is a lot more detail about Digital Signatures in this Wikipedia article.

The great thing about public-private key pairs is that they work either way around. So something encrypted with your private key can be only decrypted with your public key but also something encrypted with your public key can be decrypted with your private key. This latter use means that if someone wants to send something to you and only you then then can encrypt it with your freely available public key but they know only you with your private key can decrypt it.

As the keys only work as a pair - making the encryption asymmetric - someone else can't simply reverse the encryption they've done with the public key to get the message to you.

like image 178
Dave Webb Avatar answered Jan 10 '23 07:01

Dave Webb

The idea is that a signature can only be created using the private key, but after that anyone with a copy of the public key can validate the signature. No decryption is required for a signature--the signature is simply added on to the plain text assembly.

like image 35
sblom Avatar answered Jan 10 '23 06:01

sblom
Sign in to Comment

Related questions

Linq2Sql: Manage DataContext
C# calling overridden subclass methods without knowledge that it's a subclass instance
C# 4.0 Specification Beta?
override but don't call
Win Form Calculator: Buttons 0 - 9 Event handler to perform repetitive task
Return IQueryable containing 2 Subclasses
What are some good sample desktop application projects I could do in C# .NET
Unable to kill a worker thread in Silverlight
Why can't this be optimized?
Looking for a PDF file parser [closed]
Linq2SQL: Always get .Sum() to return 0 instead of null
NHibernate and Collection Counts
Search Web Content with C#
What does this compiler-generated enumerator mean?
To Form Load() or Not to Form Load()
How do I set the Font color of a label to the same as the caption color of a GroupBox?
IInvokeProvider namespace?
Reuse event handler good practice in C#
Clean way to reduce many TimeSpans into fewer, average TimeSpans?
How can I easily chain two asynchronous requests together?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!