RSA Encryption without Session Keys - (I know it's a bad idea)   

I'm looking into replacing openssl in my application with CryptoAPI.
The problem I've run into is my application uses openssl to encrypt
passwords with a public key. This "encrypted" password is transmitted
to a server that decrypts the password with the appropriate private
key. I understand the correct thing to do would be to generate a
symmetric session key, encrypt the password with the session key,
encrypt the session key with the public key, and then transmit both
the encrypted key and message to the server. However, I can't do that,
I've been told to maintain backward compatibility, i.e., I can't touch
the server.

The samples that illustrate RSA usage all seem to follow the method of
generating a symmetric key. Is there a sample available that just
demonstrates a straight public-key encryption of a message without a
symmetric key? Am I mistaken in assuming that CryptoAPI seems oriented
towards the generation of symmetric session keys when using asymmetric
encryption? Is there a way I can use my public-key as  my session key?

Any hints/help would be appreciated.

Thanks,

S

date: Wed, 18 Jun 2008 07:30:08 -0700 (PDT)   author:   windcliff

RE: RSA Encryption without Session Keys - (I know it's a bad idea)   

Hi,

With Crypto API, you can encrypt a password the same way you encrypt a 
session key as long as the length of the password is smaller than the length 
of the modulus minus 11.  The functions involved are the usual 
CryptGetUserKey and CryptEncrypt. I have put a code sample that shows how 
this can be implemented. You can get it from the following link : 

http://www.idrix.fr/Root/Samples/rsa_encrypt.cpp

I hope this will help.
Cheers,
-- 
Mounir IDRASSI
IDRIX
http://www.idrix.fr

to reach : mounir_idrix_fr (replace the underscores with the at and dot 
characters respectively)


"windcliff" wrote:

> I'm looking into replacing openssl in my application with CryptoAPI.
> The problem I've run into is my application uses openssl to encrypt
> passwords with a public key. This "encrypted" password is transmitted
> to a server that decrypts the password with the appropriate private
> key. I understand the correct thing to do would be to generate a
> symmetric session key, encrypt the password with the session key,
> encrypt the session key with the public key, and then transmit both
> the encrypted key and message to the server. However, I can't do that,
> I've been told to maintain backward compatibility, i.e., I can't touch
> the server.
> 
> The samples that illustrate RSA usage all seem to follow the method of
> generating a symmetric key. Is there a sample available that just
> demonstrates a straight public-key encryption of a message without a
> symmetric key? Am I mistaken in assuming that CryptoAPI seems oriented
> towards the generation of symmetric session keys when using asymmetric
> encryption? Is there a way I can use my public-key as  my session key?
> 
> Any hints/help would be appreciated.
> 
> Thanks,
> 
> S
>

date: Wed, 18 Jun 2008 08:39:01 -0700   author:   Mounir IDRASSI am

Re: RSA Encryption without Session Keys - (I know it's a bad idea)   

Thanks for the sample. One question though, how do I tie a public key
obtained from certificate in the certificate store to the concept of a
'container'?

On Jun 18, 11:39 am, Mounir IDRASSI <mooni...@newsgroups.nospam>
wrote:
> Hi,
>
> With Crypto API, you can encrypt a password the same way you encrypt a
> session key as long as the length of the password is smaller than the length
> of the modulus minus 11.  The functions involved are the usual
> CryptGetUserKey and CryptEncrypt. I have put a code sample that shows how
> this can be implemented. You can get it from the following link :
>
> http://www.idrix.fr/Root/Samples/rsa_encrypt.cpp
>
> I hope this will help.
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
> "windcliff" wrote:
> > I'm looking into replacing openssl in my application with CryptoAPI.
> > The problem I've run into is my application uses openssl to encrypt
> > passwords with a public key. This "encrypted" password is transmitted
> > to a server that decrypts the password with the appropriate private
> > key. I understand the correct thing to do would be to generate a
> > symmetric session key, encrypt the password with the session key,
> > encrypt the session key with the public key, and then transmit both
> > the encrypted key and message to the server. However, I can't do that,
> > I've been told to maintain backward compatibility, i.e., I can't touch
> > the server.
>
> > The samples that illustrate RSA usage all seem to follow the method of
> > generating a symmetric key. Is there a sample available that just
> > demonstrates a straight public-key encryption of a message without a
> > symmetric key? Am I mistaken in assuming that CryptoAPI seems oriented
> > towards the generation of symmetric session keys when using asymmetric
> > encryption? Is there a way I can use my public-key as  my session key?
>
> > Any hints/help would be appreciated.
>
> > Thanks,
>
> > S

date: Wed, 18 Jun 2008 15:31:16 -0700 (PDT)   author:   windcliff

Re: RSA Encryption without Session Keys - (I know it's a bad idea)   

Hi,

I guess you are asking how to get the HCRYPTKEY handle necessary for calling 
CryptEncrypt et CryptDecrypt. Well, there are two cases here : 
If you want to do encryption, you certainly have only the certificate 
without the private key. In this case, extract the public key from the 
certificate, create a new container with CryptAcquireContext and 
CRYPT_NEWKEYSET, and then call CryptImportKey to have the handle on the 
public key. When you finish, delete the created container.
If you want to do decryption, then usually the certificate associated with 
the private key is in the user certificate store. In this case, once you have 
acquired the PCCERT_CONTEXT pointer from the store, you call 
CertGetCertificateContextProperty with dwPropId as CERT_KEY_PROV_INFO_PROP_ID 
in order to get the provider name, container name and the key spec associated 
with this certificate. With these information, it's easy to make the 
necessary calls to acquire the handle of the private key and perform the 
decryption.

I hope this answers your question.
Cheers,

-- 
Mounir IDRASSI
IDRIX
http://www.idrix.fr

to reach : mounir_idrix_fr (replace the underscores with the at and dot 
characters respectively)


"windcliff" wrote:

> Thanks for the sample. One question though, how do I tie a public key
> obtained from certificate in the certificate store to the concept of a
> 'container'?
> 
> On Jun 18, 11:39 am, Mounir IDRASSI <mooni...@newsgroups.nospam>
> wrote:
> > Hi,
> >
> > With Crypto API, you can encrypt a password the same way you encrypt a
> > session key as long as the length of the password is smaller than the length
> > of the modulus minus 11.  The functions involved are the usual
> > CryptGetUserKey and CryptEncrypt. I have put a code sample that shows how
> > this can be implemented. You can get it from the following link :
> >
> > http://www.idrix.fr/Root/Samples/rsa_encrypt.cpp
> >
> > I hope this will help.
> > Cheers,
> > --
> > Mounir IDRASSI
> > IDRIXhttp://www.idrix.fr
> >
> > to reach : mounir_idrix_fr (replace the underscores with the at and dot
> > characters respectively)

date: Thu, 19 Jun 2008 02:59:00 -0700   author:   Mounir IDRASSI am

Re: RSA Encryption without Session Keys - (I know it's a bad idea)   

Just one small note: It's easier to use the CRYPT_VERIFYCONTEXT flag in 
CryptAcquireContext (instead of CRYPT_NEWKEYSET). This creates a temporary 
container which is gone when you call CryptReleaseContext, so you don't have 
to explicitly deletee the container (with another CryptAcquireContext call 
with CRYPT_DELETEKEYSET)

Laszlo Elteto
SafeNet, Inc.

"Mounir IDRASSI" wrote:

> Hi,
> 
> I guess you are asking how to get the HCRYPTKEY handle necessary for calling 
> CryptEncrypt et CryptDecrypt. Well, there are two cases here : 
> If you want to do encryption, you certainly have only the certificate 
> without the private key. In this case, extract the public key from the 
> certificate, create a new container with CryptAcquireContext and 
> CRYPT_NEWKEYSET, and then call CryptImportKey to have the handle on the 
> public key. When you finish, delete the created container.
> If you want to do decryption, then usually the certificate associated with 
> the private key is in the user certificate store. In this case, once you have 
> acquired the PCCERT_CONTEXT pointer from the store, you call 
> CertGetCertificateContextProperty with dwPropId as CERT_KEY_PROV_INFO_PROP_ID 
> in order to get the provider name, container name and the key spec associated 
> with this certificate. With these information, it's easy to make the 
> necessary calls to acquire the handle of the private key and perform the 
> decryption.
> 
> I hope this answers your question.
> Cheers,
> 
> -- 
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
> 
> to reach : mounir_idrix_fr (replace the underscores with the at and dot 
> characters respectively)
> 
> 
> "windcliff" wrote:
> 
> > Thanks for the sample. One question though, how do I tie a public key
> > obtained from certificate in the certificate store to the concept of a
> > 'container'?
> > 
> > On Jun 18, 11:39 am, Mounir IDRASSI <mooni...@newsgroups.nospam>
> > wrote:
> > > Hi,
> > >
> > > With Crypto API, you can encrypt a password the same way you encrypt a
> > > session key as long as the length of the password is smaller than the length
> > > of the modulus minus 11.  The functions involved are the usual
> > > CryptGetUserKey and CryptEncrypt. I have put a code sample that shows how
> > > this can be implemented. You can get it from the following link :
> > >
> > > http://www.idrix.fr/Root/Samples/rsa_encrypt.cpp
> > >
> > > I hope this will help.
> > > Cheers,
> > > --
> > > Mounir IDRASSI
> > > IDRIXhttp://www.idrix.fr
> > >
> > > to reach : mounir_idrix_fr (replace the underscores with the at and dot
> > > characters respectively)

date: Thu, 19 Jun 2008 08:02:00 -0700   author:   lelteto

Re: RSA Encryption without Session Keys - (I know it's a bad idea)   

On Jun 18, 11:39 am, Mounir IDRASSI <mooni...@newsgroups.nospam>
wrote:
> Hi,
>
> With Crypto API, you can encrypt a password the same way you encrypt a
> session key as long as the length of the password is smaller than the length
> of the modulus minus 11.  The functions involved are the usual
> CryptGetUserKey and CryptEncrypt. I have put a code sample that shows how
> this can be implemented. You can get it from the following link :
>
> http://www.idrix.fr/Root/Samples/rsa_encrypt.cpp
>
> I hope this will help.
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
> "windcliff" wrote:
> > I'm looking into replacing openssl in my application with CryptoAPI.
> > The problem I've run into is my application uses openssl to encrypt
> > passwords with a public key. This "encrypted" password is transmitted
> > to a server that decrypts the password with the appropriate private
> > key. I understand the correct thing to do would be to generate a
> > symmetric session key, encrypt the password with the session key,
> > encrypt the session key with the public key, and then transmit both
> > the encrypted key and message to the server. However, I can't do that,
> > I've been told to maintain backward compatibility, i.e., I can't touch
> > the server.
>
> > The samples that illustrate RSA usage all seem to follow the method of
> > generating a symmetric key. Is there a sample available that just
> > demonstrates a straight public-key encryption of a message without a
> > symmetric key? Am I mistaken in assuming that CryptoAPI seems oriented
> > towards the generation of symmetric session keys when using asymmetric
> > encryption? Is there a way I can use my public-key as  my session key> > Any hints/help would be appreciated.
>
> > Thanks,
>
> > S

Is it possible to do CBC with plain RSA without a session key?

Thanks,

S

date: Mon, 14 Jul 2008 09:15:52 -0700 (PDT)   author:   windcliff

Re: RSA Encryption without Session Keys - (I know it's a bad idea)   

On Jun 18, 11:39 am, Mounir IDRASSI <mooni...@newsgroups.nospam>
wrote:
> Hi,
>
> With Crypto API, you can encrypt a password the same way you encrypt a
> session key as long as the length of the password is smaller than the length
> of the modulus minus 11.  The functions involved are the usual
> CryptGetUserKey and CryptEncrypt. I have put a code sample that shows how
> this can be implemented. You can get it from the following link :
>
> http://www.idrix.fr/Root/Samples/rsa_encrypt.cpp
>
> I hope this will help.
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
> "windcliff" wrote:
> > I'm looking into replacing openssl in my application with CryptoAPI.
> > The problem I've run into is my application uses openssl to encrypt
> > passwords with a public key. This "encrypted" password is transmitted
> > to a server that decrypts the password with the appropriate private
> > key. I understand the correct thing to do would be to generate a
> > symmetric session key, encrypt the password with the session key,
> > encrypt the session key with the public key, and then transmit both
> > the encrypted key and message to the server. However, I can't do that,
> > I've been told to maintain backward compatibility, i.e., I can't touch
> > the server.
>
> > The samples that illustrate RSA usage all seem to follow the method of
> > generating a symmetric key. Is there a sample available that just
> > demonstrates a straight public-key encryption of a message without a
> > symmetric key? Am I mistaken in assuming that CryptoAPI seems oriented
> > towards the generation of symmetric session keys when using asymmetric
> > encryption? Is there a way I can use my public-key as  my session key> > Any hints/help would be appreciated.
>
> > Thanks,
>
> > S

Dumb question: Does CryptoAPI support RSA  CBC without using session
keys? More specifically, why am I limited to input length of modulus
minus 11?

Thanks,

S

date: Mon, 14 Jul 2008 09:19:59 -0700 (PDT)   author:   windcliff

Re: RSA Encryption without Session Keys - (I know it's a bad idea)   

Hi,

This limitation of RSA input is by design of the PKCS#1 standard. If you 
omit the padding, you still can't go beyond the modulus length. 
You have to know that RSA is not intended to encrypt data with arbitrary 
length. In practice, it's always used to encrypt (or sign) a small chunk of 
data (like a digest or a session key). Of course, you can divide manually 
your data to pieces smaller than the modulus and perform encryption on each 
of them, but from the security point of view this is less secure than 
encrypting all the data using a block cipher and a session key and then using 
RSA to encrypt the session key.

Cheers,
-- 
Mounir IDRASSI
IDRIX
http://www.idrix.fr

to reach : mounir_idrix_fr (replace the underscores with the at and dot 
characters respectively)


"windcliff" wrote:
> Dumb question: Does CryptoAPI support RSA + CBC without using session
> keys? More specifically, why am I limited to input length of modulus
> minus 11?
> 
> Thanks,
> 
> S
>

date: Tue, 15 Jul 2008 01:11:02 -0700   author:   Mounir IDRASSI am