4

This may sound weird: What if I don't let others know my public key, then use my private key to encrypt, and the public key to decrypt? Is this secure? Let me explain a little bit:

Common usuage: use private key to sign and disclose public key, then others can vefriy the data signature use public key

Weird usage: use private key to encrypt and don't disclose public key, in other end use public key to decrypt. notice here I will not disclose private key either so it's not swap In second scenario, if I can keep both keys secure(I mean don't disclose to otheres), does it secure?

Gerry
  • 113
  • 2
  • 6

3 Answers3

10

No, you generally cannot swap the public and private keys.

Your public key consists of a public exponent and a modulus. The modulus should be known to the person doing the encryption. The public exponent - in general - is a relatively small prime such as 3 or 65537 (Fourth number of Fermat). So given the modulus all an attacker has to do is guess the public key. It's very easy to factor pretty small exponents (I've written software to generate public keys given a private key). The exponent of the private key on the other hand consists of a number that is about as large as the modulus. It cannot be easily factored; the security of RSA relies on this fact.

Currently the majority of software uses RSA with a small public exponent. It is however possible to create an RSA exponent that is the same size as the private exponent. In that case you would have something close to two private keys. Note however that the public key is generally not required to be private. So software may not protect the public key as much as the private key (with regards to e.g. side channel analysis). Sometimes the software may also use padding required for signature generation instead of those for encryption if you present it a public key - mainly due to some weird signature functions required for SSLv3 and TLS 1.0.

So even if your software would accept the public key - RSA is modular exponentiation after all - then by all practical means it not going to be secure.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
1

If you keep both keys secret and use a random public exponent, you can use the private key to encrypt and the "public key" to decrypt. However, that is not necessarily a very good idea.

With both keys secret you would be better off using symmetric encryption, like AES. It is faster, more space efficient and requires only one key. You would probably need to use symmetric encryption anyway, in hybrid encryption with RSA, so you are not losing any security or trusting any additional algorithms.

Alternatively, if you want to use an RSA keypair, just use the public key to encrypt and the private key to decrypt. That lets you use a small public exponent, which normal tools will generate, making encryption faster.

otus
  • 32,462
  • 5
  • 75
  • 167
0

"Currently the majority of software uses RSA with a small public exponent"

If that is true, then the majority of the software is compromised. From https://www.tutorialspoint.com/cryptography/public_key_encryption.htm

"The strength of RSA encryption drastically goes down against attacks if the number p and q are not large primes and/ or chosen public key e is a small number."

nomail
  • 1