How to use crypto/rsa EncryptOAEP with private key?
2,116 views
Skip to first unread message
James Foster
Jun 17, 2013, 7:57:31 AM6/17/13
to golan...@googlegroups.com
I am trying to use RSA encryption in Go. What I am trying to do is encrypt a buffer with a private key (on the server side) and decrypt it with a public key (on the client).
I stumbled upon the EncryptOAEP method in crypto/rsa/rsa.go but it only takes a PublicKey as a parameter, not a private key.
How can I get EncryptOAEP to encrypt using a PrivateKey? Has anyone figured this out?
I stumbled upon the EncryptOAEP method in crypto/rsa/rsa.go but it only takes a PublicKey as a parameter, not a private key.
How can I get EncryptOAEP to encrypt using a PrivateKey? Has anyone figured this out?
Message has been deleted
Péter Szilágyi
Jun 17, 2013, 8:24:46 AM6/17/13
to James Foster, golang-nuts
Hi,
There are a few conceptual problems with what you're trying to do. Usually people sign and decrypt with a secret key, and verify and encrypt with a public key. Although mathematically possible to do the reverse, think about the roles of the two keys:
- secret key - meant to be secret, owned by a single entity
- public key - as the name suggests, *not* secret, known to anyone
Hence if you encrypt with a private key, there's really no protection, since everybody can know the public key. Of course you *may* try and keep the public key private too, but that is just asking for trouble.
So in short, use only the public RSA for encryption. Usually encrypted protocols have a handshake where each side uses their RSA keys to agree upon a single symmetric key (i.e. key exchange protocol) and use that key afterwards. There are various exchange protocols that have different requirements and support a different set of guarantees (DH, STS, etc).
Take a bit of time to read up on encryption in general: symmetric ones (AES specifically), asymmetric ones (RSA specifically) and a few extras like ElGamal. If you're not in too much of a hurry, I would suggest going through this Stanford online crypto course. It started today if I'm not mistaking and is a brilliant one!
Cheers,
Peter
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
James Foster
Jun 17, 2013, 8:30:33 AM6/17/13
to golan...@googlegroups.com, James Foster
Hi Peter. Thanks for your reply.
Digging further, I found out that what I am trying to do is called RSA signing:
- encryption: encrypt with public key, decrypt with private
- signing: encrypt the content digest (hash) with private key, verify with public
Seems I need to look at SignPKCS1v15 and VerifyPKCS1v15 functions. Is there anything else I should look at?
- encryption: encrypt with public key, decrypt with private
- signing: encrypt the content digest (hash) with private key, verify with public
Seems I need to look at SignPKCS1v15 and VerifyPKCS1v15 functions. Is there anything else I should look at?
P.S. Thanks for the Stanford course reference!
agl
Jun 17, 2013, 9:28:38 AM6/17/13
to golan...@googlegroups.com
Encrypting with a private key is signing.
The ensures that the message came from the holder of the private key, but doesn't keep the message confidential.
Cheers
AGL
Reply all
Reply to author
Forward
0 new messages