Decrypting using same private key that is used to encrypt - encryption

In RSA,
I understand that if a data is encrypted using public key, corresponding private key can be used to decrypt it and vice versa. But :
Data encrypted using public key can be decrypted using same public key?
Data encrypted using private key can be decrypted using same private key?
This property is same for other public key algorithms too?

Data encrypted using public key can be decrypted using same public key?
No. That would defeat the purpose, because everyone knows the public key.
Data encrypted using private key can be decrypted using same private key?
No. That would defeat the purpose, because then you cannot send anyone an encrypted message (without knowing their private key, which by definition you don't).
Symmetric cryptography does work this way, though. There is only a single secret key, that you can use to encrypt your files before you put them on Dropbox, or that you can share with your friend to send messages that only the two of you can read.
Also, in some public key systems, it is possible to derive the public key from the private key (not the other way around, of course). But this does not really change the principle (because the public key is known to the owner of the private key anyway).
This property is same for other public key algorithms too?
The definition of public key cryptography is that there is a key pair, consisting of a private half and a public half, one of them being used to create the message, the other to read them.

Related

How to generate RSA public key from private key?

I was reading a question on SO and find out that we can generate the public key from private key using openssl in python. Now I wonder how this works(the mathematics part) and how can I implement the method in python or in C, without using the openssl or any other library ?
If the private key is stored in CRT format (Chinese Remainder Theorem), there is no math involved; the format includes the public exponent. This is how OpenSSL tools "create" a public key from a private key.
If the private is not stored in CRT format, it's generally not feasible to compute the public exponent given the private exponent. You can, however, guess common public exponents and easily verify your guess.
Mathematically, in order to quickly compute one exponent using the other, you need to know the totient, a number computed from the factors of the modulus. And of course the security of RSA is predicated on the infeasibility of factoring the modulus. This relationship is symmetrical; it doesn't matter whether you know the public exponent and try to compute the private exponent, or vice-versa.

RSA - Can you create a public key from a private key?

I am creating an encryption strategy for a lab project and want to know if there exists the capability to create a public key from just the private key?
Otherwise, can the public key only be created at the same time as the private key from some key generator?
P.S. A quick google didnt really help.
Private and public key are created together. Also, the standard storage format for a RSA private key includes all the public key fields, because it is useful for optimized implementations and masking (protection against some side-channel attacks). See the RSA standard itself: PKCS#1.
Edit: question has been edited, it was originally RSA-only. For other asymmetric algorithm, there is no requirement that the public key may be derived from the private key, nor is there any requirement of the contrary. For discrete logarithm-based algorithms (Diffie-Hellman, El-Gamal, DSA, and the elliptic curve variants of all of these), the public key is easily computed from the private key. It is possible to conceive a degenerate RSA in which knowledge of the private key does not allow reconstruction of the public key, but this requires not storing a few key elements which are needed for good performance (in full details, storing the RSA modulus factors allows for a 4x speed enhancement through the Chinese Remainder Theorem, so everybody stores the factors). On a more conceptual basis, the public key is, well, public, so it is assumed that "everybody" knows it; in practical terms, private key storage format almost always include provisions for storing the public key as well, or at least sufficient data to rebuild the public key.
Yes, you can do this (for some, probably not all, pkc schemes). From the ssh-keygen man file:
-y Read private key file and print public key.
Depends on the algorithm. With RSA, you cannot, with EC you can. However, the public key is usually always stored together with the private key (not the other way around, though, of course), so this is not really a problem (if you have the private key, the same file also includes the public key).
Extracting public RSA key from a private key from the command line
Command line comparison to show there is no difference between a public RSA key and an extracted key if you ignore whitespace.
Generate public private key pairing under home directory with no passphrase and no coment.
ssh-keygen -t rsa -f ~/id_rsa -N '' -C ""
Generate public key into file 'extracted_public_key'
ssh-keygen -y -f '/home/vagrant/id_rsa' > extracted_public_key
Diff public key with 'extracted_public_key' file ignoring white space.
diff -b id_rsa.pub extracted_public_key
Ignoring whitespace at the end of id_rsa.pub there is no difference between a public key and an extracted key.
Actually the public key is mostly generated with the private key together.
If you lost your public key but got the private key, you can still recover the public key from the private key.
All you have to do is to extract the public key from the private key like below:
Extracting the public key from the private key:
ssh-keygen -f~/.ssh/test_rsa -y > ~/.ssh/test_rsa.pub
-f option specifies the file of the key to list the fingerprint for
-y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the .pub file extension.
NOTE:
If the key has a password set, the password will be required to generate the public key.

Is it possible to generate a public key from private key?

If yes then they are really not a pair.
I was trying to figure out how ssh git#github.com resolves my name using my private key. SSH debug suggests public key is passed to server.
Yes, it is possible.
Sidebar: I'm not sure what you mean by, "they are really not a pair". A pair is when you have two things. A public key and a private key are two things, ergo, you have a pair. The fact that you can derive one from the other is immaterial.
I don't know how github does this, but my guess is simply that they use the public key to identify your account (your public key is unique, pretty much by definition).
I hope this answers your question. I have a feeling I'm not quite getting it.
No, it's not possible.
Neither private key, nor public key cannot be produced form the other one. Remember, private key is the same as public key by design and we call them public or private optionally (keeping one of them private and reveal the other).

How to export a public key in OpenSSL/libcrypto?

I've created an RSA key using:
RSA_generate_key(2048, RSA_F4, NULL, NULL);
Now I want to export the public key to another party B. Right now, I've just memcpy'd the entire RSA* struct and sent that over the wire, and B is able to use that to encrypt using RSA_public_encrypt().
But I think in this case I've actually exported the entire public/private key pair, and not just the public key. I want to only export the public component of the RSA key. How do I use OpenSSL APIs to do that?
Thanks
You probably want the functions d2i_RSAPublicKey and i2d_RSAPublicKey. i2d serializes a RSA key struct to a bytestring, and d2i does the reverse operation.

Is there a public / private key encryption scheme that will not change a message's length?

Is there a public / private key encryption scheme that will not change a message's length?
I would like to encrypt a message one packet at a time, but if the packet grows, it would no longer just be one packet long.
Here's a simple scheme: Use public / private key encryption to establish a symmetric key. Then do all of your encryption using that symmetric key.
If you also need to ensure message integrity and non-repudiation, then you can run the message through a hash function, which will map it to a fixed length. Then you can sign the hash.
Typically, you wouldn't want to use public keys to encrypt messages anyway. Public / private key pairs are harder to generate and more expensive to use for long encryption, compared to symmetric keys.

Resources