Search code examples
encryptionrsasigningcrypto++

Crypto++ RSA - Encrypt and sign with the same key pair

I have a program A which needs to send messages to a program B1. The messages must be crypted, and also signed. Which means only B1 can decode, and he must be sure that the message comes from A.

Also, B1 should not be able to encrypt messages and take the role of A towards another instance B2 of the same program.

Theoretically, it should be possible to use a single RSA key pair, with a key for A and a key for B1. Once decoded by B, if the recovered message is validated (such as by a hash function), it must have been sent by A which did not disclose its key to anybody. In that case, both keys are private (which means they have to be exchanged in a secure channel)

1) Is this recommended or is there a strong argument in favor of having separate encryption and signing steps with independent key pairs?

2) Practically, in the Crypto++ library, the PrivateKey class also contains the public key. Is there a way to load a private key only?

Solution

  • Is this recommended or is there a strong argument in favor of having separate encryption and signing steps with independent key pairs?

    This is kind of a broad topic. There are a number of things you can do depending on your threat model and risk posture. You should probably start by researching key management and separation.

    Since it appears you have selected RSA, then you might want to take a look at Bleichenbacher 1998 “Million message attack” on RSA on Crypto.SE and follow its improvements to 30,000 messages (IIRC). This is where your threat models and risk posture factor into things.

    Practically, in the Crypto++ library, the PrivateKey class also contains the public key. Is there a way to load a private key only?

    I think you have a misunderstanding of the keys. The public key cannot be disgorged from the private key.

    The public key is the {n,e} pair, and the private key is either {n,e,d} or {n,e,d,p,q,dp,dp,u}. If you remove n and e, then the private key won't work. If you remove e alone, then you need to factor n to recover e. Also see RSA function generates public key (e) always to 17 on Stack Overflow.