Jim Starkey wrote:

>
> The key formats from RSA PKCS #1 are:
>
> My point is that the RSAPrivateKey format contains the public key.

Yes, and this seems to have been the format since about 1990.

> If you want to encrypt with a key you want to keep
> secret and decrypt with a corresponding public key, you are going to be
> disappointed, at best.

This is fairly normal, person owning privatekey calculates a signature
and anyone with access to the public key can then verify it.

hash = calcsignature(data, privatekey)

bool result = verifysignature(data, hash, publickey);

no exposure, and no disapointment.

> At worst, if you assume you can just use the
> public key to encrypt and expose the private key to decrypt, you are
> making a very serious mistake.
>

Again fairly normal, person having the public key encrypts a message
that only the person with the private key can decrypt.

encyptdata = encrypt(data, publickey)

data = decrypt(encryptdata, privatekey)

Again, no exposure, and no disappointment.

> This is completely insecure, because the private
> key format contains all elements of the public key.
>

Well, the public key is the *public* key, so everyone already had access
to it already, including the guy who has the private key. - so no loss
of security there.

I can see where your coming from, in your world, you are thinking in
terms of a plain RSA keypair, perhaps giving each key to two parties
where neither knows the others related key. But in terms of PKI (Public
Key Infrastructure), and PKCS (Public Key Cryptography Standard) one key
is definately designated *public* (ie everyone has access to it) and the
other key is designated *private* (ie only the recipient knows it's value).

And as long as you don't give the private key to anyone else, everything
else then follows as normal (and secure) PKI operating procedure.


Cheers

Mark