4

Let us say that I use the algorithm on this site to encrypt and decrypt data with public-private keys:

Public Key RSA Encryption in C# .NET on CodeProject

Now, let us say that someone encrypts his data using my public key using another algorithm and sends it to me. Using a different algorithm (like the one on the site), will I be able to decrypt the information back using my private key? Or is this impossible since the algorithms were different?

My point is, will the end result always be the same if different encryption algorithms are used, assuming that the keys used are correct?

Is there some standard way to encrypt information to make it decryptable across different machines, maybe different programming languages?

Ken Kin
  • 4,503
  • 3
  • 38
  • 76
Matthew
  • 4,477
  • 21
  • 70
  • 93
  • 2
    What other algorithm is the person using? As long as they are using RSA, it won't matter what language/implementation they use. – The Scrum Meister Apr 28 '13 at 09:14
  • 2
    You need to use the same algorithm. But there aren't that many different RSA schemes in common use, so you just need to specify which one you use. I'd go with one of the OAEP based padding schemes. – CodesInChaos Apr 28 '13 at 09:16
  • Yes but if you take a look at the code on the website, it divides the keysize by 8, subtracts 42 from it etc. It is modifying some parameters. Will the end result be the same or will I have to use the same algorithm to decrypt? – Matthew Apr 28 '13 at 09:16
  • 1
    @Matthew At a glance that code looks horrible. I wouldn't touch that. Use a proper hybrid scheme with RSA instead of trying to encrypt long messages with RSA. – CodesInChaos Apr 28 '13 at 09:18
  • @CodesInChaos Thank you so much. Do you know of any helpful resources with regards to the above please? – Matthew Apr 28 '13 at 09:19
  • 1
    As a beginner you might want to look into some PGP based APIs. I think BouncyCastle has something along these lines. But personally I don't use RSA for data encryption, so I didn't look into that in detail. I use my own [NaCl](http://nacl.cr.yp.to/) inspired crypto library. – CodesInChaos Apr 28 '13 at 09:22
  • 1
    You often start the conversation with assymetric crypto like RSA, which has a limit on how long messages it will encrypt with a n-bit key (proportional to |n|). You then negotiate a symmetric key that is used with a *chaining* block cipher such as AES (allowing you to encrypt the full message/data block). If you do not know the full length of message (think video streams), you instead use a stream cipher such as Salsa20 after the key negotiation phase. – Henrik Apr 28 '13 at 09:22
  • 1
    Here's a gist of the above you can follow along with: https://gist.github.com/haf/4745878 – Henrik Apr 28 '13 at 09:24

1 Answers1

8

A bit of discussion going, but here is my humble attempt to answer the questions:

Using a different algorithm (like the one on the site), will I be able to decrypt the information back using my private key? Or is this impossible since the algorithms were different?

You most certainly will not be able to decrypt the data. Generally, you need a full match for the algorithm and keys. What can be different however are: platforms, OSs, hardware, languages or programs used to encrypt/decrypt. This is because an algorithm acts as a public contract with well-defined spec and implementation can be different as long as all the public API render the same result.

My point is, will the end result always be the same if different encryption algorithms are used, assuming that the keys used are correct?

Nearly every time these will be different results (saying nearly, I am just unaware of any such algorithms). You need to have full match for algorithm and required keys.

Is there some standard way to encrypt information to make it decryptable across different machines, maybe different programming languages?

Yes RSA, for example, keep your private key safe and share your public key. This is what HTTPS does first. Everyone with a public key can decrypt data encrypted with private key.

Or, you can use AES, a symmetric algorithm with a single key to encrypt/decrypt. This is what HTTPS does second. Given you share the key only between trusted parties, both can encrypt and decrypt (but no one else can, given they have no key).

oleksii
  • 35,458
  • 16
  • 93
  • 163