In this scenario, you don't really want to *encrypt* a message to PROG. You want to *sign* a message that PROG can verify. It's not an encryption because the message is not secret. After all, PROG is public, so if it's an encryption, anyone can get the key inside and decrypt the message.
On Tue, Jul 06, 2004 at 11:28:08AM +1000, Russell Robinson wrote: > Hi all, > > This message is primarily for Wei, but if anyone wants to contribute a > response, please do.... > > Wei, in this post: > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg01001.html > > you identify the lack of usefulness in encrypting with the private key > and decrypting with the public key. > > Some experts in the sci.crypt usenet newsgroups have claimed that it's > a relatively simple matter to derive the public key from the private key. > > If these experts are right, then I think encrypting with the private > key and decrypting with the public key is a useful thing.... > > Here's the scenario: > 1. A server wants to encrypt a short message > for program PROG using RSA. PROG is a generally > accessible program that anyone can download. > 2. To decrypt messages, PROG must have the private > key embedded in it. > 3. Mallory has a copy of PROG. He finds the private key > and derives the public key (somehow). > 4. Mallory can now generate encrypted messages for any copy > of PROG. > > However, if Crypto++ supported encryption using the private key and > decryption with the public key, Mallory is stopped at step 3 > (because it's hard to derive the public from the private key). > > Do you agree that this is a cryptographically useful scenario? Is > there any alternative Asymmetric Cipher that would resolve this > problem? > > -- > Russell Robinson (mailto:[EMAIL PROTECTED]) > Author of Tectite (CRM and Licensing for Software Developers) > Download your free CRM from: http://www.tectite.com/ > > BTW, Wei, Love your work :-) >
