是否有任何非对称加密API允许解密邮件但不加密? [英] Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?
问题描述
我尝试使用RSA来实现以下方案,但并不成功。
Sever使用公钥加密消息,客户端删除消息
使用私钥。
我不希望客户端能够加密消息。
但是,使用Crypto API我需要传入私有和公共
密钥对以解密消息。
当客户端同时具有私钥和公钥时,它可以使用公共的
密钥加密消息,这是我不想允许的。
有谁知道是否有任何不对称的加密API来实现这个
计划?
非常感谢提前,
Andy
我不确定我理解你的要求。难道不是每个人都有
公钥吗?它的公共可用性不是非对称的本质加密吗?如果您担心任意客户可能会签署明文消息并欺骗制作人的身份,请提供签名。
-
Mickey Williams
作者,Microsoft Visual C#.NET核心参考,MS Press
www.servergeek.com
" Andy Chau" <吴***** @ hotmail.com>在消息中写道
news:uF ************** @ TK2MSFTNGP10.phx.gbl ...我尝试使用RSA实现以下方案,但并不成功。
Sever使用公钥加密消息,客户端使用私钥解密消息
>我不希望客户端能够加密消息。
但是,使用Crypto API我需要传入private和
公钥对,以便解密消息。
当客户端同时拥有私钥和公钥时,它只需使用
公钥来加密消息,这是我不想允许的。
<有没有人知道是否有任何非对称加密API来实现这个计划?
非常感谢提前,
Andy
" Andy Chau" <吴***** @ hotmail.com>在消息新闻中写道:uF ************** @ TK2MSFTNGP10.phx.gbl ...我尝试使用RSA实现以下方案但是没有成功。
当客户端同时拥有私钥和公钥时,它只需使用公共密钥来加密消息,这是我不想允许的。
使用公钥加密消息给该公钥的所有者
正是公钥密码所要做的! (以及使用
相应的私钥代表
私钥的所有者生成数字签名。)
你需要清楚地理解这一点,然后仔细考虑你真正想要做的事情。使用加密方式并不是一种好的安全措施。
并不意味着使用..通常带有相关的可用性;-)
实际上,事实上,一些CA发行人公布了所有订户的公钥
恕我直言是一个轻微的安全风险(可能没有设想当PKI是
架构)如下:
- 因为任何有权访问收件人公钥的人都可以轻松地向这些收件人生成加密的
邮件,所以可以发送加密的恶意邮件。可以通过大多数邮件网关过滤器。
THUS ..除非你是显而易见的,否则不要打开任何加密的电子邮件
期待它:-)
想想吧......加密的恶意垃圾邮件...... maluse的下一个前沿。
- Michel Gallant
安全视觉MVP
http://pages.istar.ca/~neutron
" Andy Chau" <吴***** @ hotmail.com>在消息新闻中写道:uF ************** @ TK2MSFTNGP10.phx.gbl ...我尝试使用RSA实现以下方案但是没有成功。
当客户端同时拥有私钥和公钥时,它只需使用公共密钥来加密消息,这是我不想允许的。
使用公钥加密消息给该公钥的所有者
正是公钥密码所要做的! (以及使用
相应的私钥代表
私钥的所有者生成数字签名。)
你需要清楚地理解这一点,然后仔细考虑你真正想要做的事情。使用加密方式并不是一种好的安全措施。
并不意味着使用..通常带有相关的可用性;-)
实际上,事实上,一些CA发行人公布了所有订户的公钥
恕我直言是一个轻微的安全风险(可能没有设想当PKI是
架构)如下:
- 因为任何有权访问收件人公钥的人都可以轻松地向这些收件人生成加密的
邮件,所以可以发送加密的恶意邮件。可以通过大多数邮件网关过滤器。
THUS ..除非你是显而易见的,否则不要打开任何加密的电子邮件
期待它:-)
想想吧......加密的恶意垃圾邮件...... maluse的下一个前沿。
- Michel Gallant
安全视觉MVP
http://pages.istar.ca/~neutron
I try to use RSA to implement the following scheme but wasn''t sucessful.
Sever encrypt a message using a public key, the client decrpyt the message
using a private key.
I don''t want the client to be able to encrypt a message.
However, using the Crypto API I need to pass in both the private and public
key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don''t want to allow.
Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?
Thanks very much in advance,
Andy
I''m not sure I understand what you''re asking for. Doesn''t everyone have the
public key? Isn''t its public availablility the very essence of asymmetric
encryption? If you''re worried that an arbitrary client might be able to sign
a plain-text message and spoof the producer''s identity, provide a signature.
--
Mickey Williams
Author, "Microsoft Visual C# .NET Core Reference", MS Press
www.servergeek.com
"Andy Chau" <wu*****@hotmail.com> wrote in message
news:uF**************@TK2MSFTNGP10.phx.gbl...I try to use RSA to implement the following scheme but wasn''t sucessful.
Sever encrypt a message using a public key, the client decrpyt the message
using a private key.
I don''t want the client to be able to encrypt a message.
However, using the Crypto API I need to pass in both the private and public key pairs in order to decrypt the message.
When the client has both private and public key, it can just use the public key to encrypt the message which is what I don''t want to allow.
Does anyone know if there is any asymmetric crypto API to implmenet this
scheme?
Thanks very much in advance,
Andy
"Andy Chau" <wu*****@hotmail.com> wrote in message news:uF**************@TK2MSFTNGP10.phx.gbl...I try to use RSA to implement the following scheme but wasn''t sucessful.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don''t want to allow.
Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).
You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)
Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON''T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)
Think of it ... encrypted malicious spam .. the next frontier of maluse.
- Michel Gallant
Security Visual MVP
http://pages.istar.ca/~neutron
"Andy Chau" <wu*****@hotmail.com> wrote in message news:uF**************@TK2MSFTNGP10.phx.gbl...I try to use RSA to implement the following scheme but wasn''t sucessful.
When the client has both private and public key, it can just use the public
key to encrypt the message which is what I don''t want to allow.
Using a public key to encrypt a message to the owner of that public key
is exactly what public key ciphers are MEANT to do! (as well as using
the corresponding private key to generate digital signatures on behalf of
the owner of the private key).
You need to clearly understand this and then think through what you really
want to do. It is not good security practice to use encryption in ways it
was not meant to be used .. usually with associated vulernabilities ;-)
Actually, the fact that some CA issuers publish the public keys of all subscribers
IMHO is a slight security risk (probably not envisioned when PKI was
architected) as follows:
- since anyone with access to public keys of recipients can easily generate encrypted
messages to any of these recipients, it is possible to send encrypted malicious
mail which can pass through most mail gateways filters.
THUS .. DON''T OPEN ANY ENCRYPTED EMAIL UNLESS YOU ARE EXPLICITLY
EXPECTING IT :-)
Think of it ... encrypted malicious spam .. the next frontier of maluse.
- Michel Gallant
Security Visual MVP
http://pages.istar.ca/~neutron
这篇关于是否有任何非对称加密API允许解密邮件但不加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
