PyCrypto: decrypt with only public key in file (no private + public key)

Hello to all.

I'm trying to play around for a bit with RSA public and private keys and encryption / decryption using PyCrypto and I ran into a problem and it seems a bit weird to me (it probably makes a lot of sense as it works now, but I'm not very understand RSA asymmetric encryption and why it puzzles me). This is the inability I have encountered to decrypt something that only has a public key.

Here's the thing: I have a server and a client. I want the server to "recognize" and register the client and display it in the "known devices" list. The client will have the server's public key and the server will have the client's public key, so when the client contacts the server, it will encrypt its data with its client's private key and the server's public key. By doing this, only the relevant server will be able to open the data (with its private key) and be able to verify that the sender is in fact a client that claims to be ... well ... or at least that's what I think, because I pretty new to this asymmetric encryption. The idea is that when one of these clients wakes up, it will send its public key (encrypted with the server's public key, of course, but probablythis is not relevant at the moment ...): "Hey I'm a new client and this is my public key. Register this key with my UUID" and the server will obey by associating this public key with the client UUID and use that key to decrypt data coming from this client. I just want to transfer the client's public key, keeping the secret secret, secret, secret (it's private, isn't it?)

I'm doing some tests with openssl and very simple Python scripts that use PyCrypto (actually, not even in the server / client architecture or whatever ... just trying to encrypt anything with the private key and decrypt it with the public key)

First of all, I created a public / private key with:

openssl genrsa -out ~/myTestKey.pem -passout pass:"f00bar" -des3 2048


Ok, the first thing that puzzles me a bit ... It only generates one file with private and public keys ... Well ... O'right ... whatever. I can extract the public key:

openssl rsa -pubout -in ~/myTestKey.pem -passin pass:"f00bar" -out ~/


So, I thought I had a pair of private (private + public, in fact) and public keys in ~/myTestKey.pem

and ~/

respectively. Well ... apparently I'm doing something wrong because PyCrypto doesn't like this build. And I do not know why.

I have two very simple test scripts: "

" and "

". "

" must encrypt something with the private key and "

" decrypt it with the public key. I know ... I'm a paragon of originality ...

So, I encrypt the string "Loren ipsum" with my "

" (with the private key):

----------- ----------------


from Crypto.PublicKey import RSA

def encrypt(message):
    privatekey = open(externKey, "r")
    encryptor = RSA.importKey(privatekey, passphrase="f00bar")
    encriptedData=encryptor.encrypt(message, 0)
    file = open("/tmp/cryptThingy.txt", "wb")

if __name__ == "__main__":
    encryptedThingy=encrypt("Loren ipsum")


And it works great. Well ... I guess so because /tmp/cryptThingy.txt

I get a lot of " " shit in the file . It looks really, really encrypted to me.

But when I try to decrypt it using only the file containing only the public key ...

----------- ---------------


from Crypto.PublicKey import RSA

def decrypt():
    publickey = open(externKey, "r")
    decryptor = RSA.importKey(publickey, passphrase="f00bar")

    file = open("/tmp/cryptThingy.txt", "rb")
    retval = decryptor.decrypt(
    return retval

if __name__ == "__main__":
    print "Decrypted: %s" % decryptedThingy


... PyCrypto shouts to me:

  File "/usr/local/lib/python2.7/dist-packages/pycrypto-2.5-py2.7-linux-i686.egg/Crypto/PublicKey/", line 107, in _decrypt
    mp = self.key._decrypt(cp)
TypeError: Private key not available in this object


Yes, of course it is not available! I've retrieved the public key! It took me 2 hours to find how to do it right!

What am I missing? As I said, I'm pretty new to this closed / closed asymmetric key encryption, so I may have a basic "concept error" ... Any hint would be appreciated.

Thanks in advance!


source to share

1 answer

You got it wrong, you encrypt with the public key and decrypt with the private key.

A widely used public encryption key, while the private decryption key is known only to the recipient. Messages are encrypted with the recipient's public key and can only be decrypted using the corresponding private key. Source

The idea is that you provide the sending side with a public key (which anyone can have, so you can distribute it publicly), then you encrypt the data with it and then decrypt it at your end using your private key (which only you have). This way, the data remains safe.

You can encrypt anything with the private key, since the private key contains the information needed to create the public key, but it would be unusual to do this since normally the person encrypting the data does not have the private key.



All Articles