7

I am sorry but my mind suddenly goes blank for this question....

EDIT (Scenario)

If I want information to bypass simple filters like f-ck, is it OK to encrypt the information with public key, and sign by private key?

The public key may have already exchanged by both sides, and it is even hard to get the public key.

EDIT 2

The information itself may not that much credential.

The point of encryption and signature is for bypassing and integrity.

Dante May Code
  • 11,177
  • 9
  • 49
  • 81

2 Answers2

22

RSA is two algorithms: one for asymmetric encryption and one for signatures. It so happens that both algorithms can use the same private key structure (this is a source of confusion: many documentations, including the RSA standard, try to explain the signature as "an encryption with the private key", which is, at best, inaccurate).

Using the same key for both usages is possible, but not really recommended, because interactions between both kind of usages have not been fully explored; also, keys for encryption and keys for signatures usually have different life cycles with distinct protection mechanisms (for instance, you normally want to keep a backup of the private key for encryption, to prevent data loss: losing the private key means losing all data which has been encrypted with that key; while you do not want a backup of the signature key).

Your scenario is a bit unclear. Asymmetric encryption uses the public key, while generating the signature uses the private key. If A wants to send a message to B with encryption (for confidentiality) and a signature (for integrity), then A will encrypt the data with a public key for which B knows the private key; and A will sign the data with a private key for which B knows the public key. This calls for two pairs of key: one pair is used for encryption and decryption (A encrypts, B decrypts, B knows the private key), and the other pair is used for signatures (A signs, B verifies, A knows the private key). If both A and B know the private key, then they have a shared secret, and it is much simpler (and faster) to use symmetric encryption (AES) and integrity checks (HMAC).

Standard disclaimer: you look like you are designing your own cryptographic protocol. Do not do this. This road leads to the same security failures that countless other smart people have stumbled upon. Use a tried-and-proven protocol such as SSL/TLS or OpenPGP.

Community
  • 1
  • 1
Thomas Pornin
  • 72,986
  • 14
  • 147
  • 189
-1

Yes:

  • encryption: you encrypt with public key, decrypt with private (obviously)
  • signing: you encrypt the content digest (hash) with private key, verify with public

See http://en.wikipedia.org/wiki/RSA#Signing_messages

davka
  • 13,974
  • 11
  • 61
  • 86
  • If I do the both at the same time, only those possess the key can reveal the information. Right? – Dante May Code Mar 24 '11 at 15:29
  • @Dante: the private key, you mean? Right. – davka Mar 24 '11 at 15:38
  • @Dante: to elaborate - only the private key holder can sign, everybody (having the public key) can verify – davka Mar 24 '11 at 15:41
  • @davka, so in case the key for encrypt is revealed, it is better to use public key to encrypt, to prevent forging. According to my scenario, the information is only obscured to pass some filters. – Dante May Code Mar 24 '11 at 15:52
  • @Dante: I don't exactly understand what you mean. If the **private** key is revealed there is protection whatsoever - anybody can forge a signature and read encrypted messages, so there is no "better" in this case – davka Mar 24 '11 at 16:10
  • @davka, in my scenario, the private key is **only** possessed by me. The risk is much smaller. – Dante May Code Mar 24 '11 at 16:35
  • You cannot use a single RSA key for both signing and encryption -- it doesn't make any sense unless you are only encrypting it to yourself. – President James K. Polk Mar 25 '11 at 02:48