> However, when I try to use openssl to decrypt using the corresponding
> RSA-public key, I get:
>
> A private key is needed for this operation
That is how RSA encryption works:
1) There is a public key that you can distribute.
2) There is a private key from which the public key can be derived.
3) The private key cannot be derived from the public key.
4) You can sign with the private key and verify that signature with the
public key.
5) You can encrypt with the public key and the private key is necessary
to
decrypt.
It sounds like you're not doing any of these five things. What sensible
algorithm permits decryption with the public key?
> The command used is:
>
> openssl rsautl -decrypt -pubin -inkey myrsakey.pub -in blowfish.enc
You cannot decrypt with the public key, otherwise you would have a
piece of
encrypted data that anyone could decrypt. If your goal is to make sure that
the information was somehow processed with the private key, you want a
signature, not an encryption.
> I know RSA encryption and decryption can only be used for very small
> pieces of data. I need to encrypt more data, so I use a symmetric key to
> encrypt and decrypt data and I make sure the key used to encrypt stuff
> was encrypted by myself.
Sounds like you need to both encrypt and sign the key.
> So in short: why can't I decrypt data with an RSA public key that has
> been encrypted with the corresponding RSA private key?
Because you actually encrypted with the public key, which can be
trivially
derived from the private key.
> BTW: I have to do this in Python (sorry, wasn't my choice :-( ), so I
> can't use the RSA_public_decrypt() subroutine which, judging from
> internet comments, *can* actually decrypt data with an RSA public key...
It's hard to tell you what to do without understanding your security and
threat model. But the reason what you're trying to do won't work is that RSA
decryption requires the private key so that only the owner of the key can
decrypt. The standard RSA routines don't imagine a situation where only one
person should be allowed to encrypt but anyone can decrypt, other than a
digital signature.
>What I want to do is the following: I want to restrict use of software
>by specifying limits such as number of CPU's and validity until a
>certain date. This data will be put in an .xml file. But, I want to be
>able to make sure that the software has to use a Smartcard (with public
>and private key) to check the integrity of this .xml file so nobody can
>alter it, but I *also* want to make sure that the .xml file was made and
>certified by the company that owns the software.
That is not easy to do. You are trying to give the information to and
keep
the information from the same entity.
>The easy solution would be to just use certificates and use the validity
>periods therein. I could use the company's CA cert and store the
>software user's cert in the smartcard. However, this would imply having
>to update the smartcard every time they pay license fees and this is not
>what desirable. So I just want to use public/private keys, no
>certificates for this.
I don't follow at all. When someone pays license fees, you need to
somehow
track the information that their validity period was extended. If not by
updating the smartcard, how do you want to do that?
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
