[pycrypto] Pycrypto question.

Lorenz Quack don at amberfisharts.com
Sun May 2 14:52:21 CST 2010

```On 05/02/2010 10:36 PM, Glenn Linderman wrote:
> On 5/2/2010 1:13 PM, Lorenz Quack wrote:
>> Hi Jd,
>>
>> On 05/02/2010 10:02 PM, jd wrote:
>>
>>> Hi everyone,
>>>
>>> I am trying to implement a simple pub/private key scheme. Want to encrypt bunch of things and decrypt it using public
>>> key (which will be distributed).
>>>
>> You seem to have some misconceptions about how public key cryptography works.
>> I suggest you (re-)read up on it. Wikipedia will probably cover the basics.
>> For starters, by definition you use the *public* key for encrypt and the privat one for decryption.
>>
>
> Indeed, Wikipedia has an article. And in the first paragraph [1] they
> describe one use case for encrypting by public key, and decrypting by
> private key, and another use case for encrypting by private key, and
> decrypting by public key. It might be appropriate to figure out what use
> case the OP has before declaring definitions for a particular use case.
> Now as far as what the APIs are called, that might be a different story :)
>
> [1] *Public-key cryptography* is a cryptographic
> <http://en.wikipedia.org/wiki/Cryptography> approach which involves the
> use of asymmetric key algorithms instead of or in addition to symmetric
> key algorithms <http://en.wikipedia.org/wiki/Symmetric_key_algorithm>.
> Unlike symmetric key algorithms, it does not require a secure
> <http://en.wikipedia.org/wiki/Secure_channel> initial exchange
> <http://en.wikipedia.org/wiki/Key_exchange> of one or more secret keys
> <http://en.wikipedia.org/wiki/Secret_key> to both sender and receiver.
> The asymmetric key algorithms are used to create a mathematically
> related key pair: a secret private key and a published public key. Use
> of these keys allows protection of the authenticity
> <http://en.wikipedia.org/wiki/Authenticity> of a message by creating a
> digital signature <http://en.wikipedia.org/wiki/Digital_signature> of a
> message using the private key, which can be verified using the public
> key. It also allows protection of the confidentiality
> <http://en.wikipedia.org/wiki/Confidentiality> and integrity
> <http://en.wikipedia.org/wiki/Integrity> of a message, by public key
> encryption <http://en.wikipedia.org/wiki/Encryption>, encrypting the
> message using the public key, which can only be decrypted using the
> private key.
>

Granted "definition" may have been a poor choice of word.
But AFAIK the use case of "encrypting" via the private key is generally called signing.
So I assumed that the OP had the wrong idea about how the scheme is used because he didn't
use the generally accept terminology. If that was presumptuous I hereby apologize.

So, to come back to the OPs question:
if you use a RSA key to encrypt a message like you did in your example internally it uses the public
part of the key pair for encryption. you would then have to use the private part to decypt it.
If on the other hand you really want to encrypt with the private part and decrypt with the public part
then know that this is usually refered to as signing and verifying (verification?).
There is also and API for this in PyCrypto.

Hope this is clearer and more helpful than my last message.

have a nice day
//Lorenz
```