Private Key Encrypt and Public key DecryptionIn Java C#

1
votes

I have C# desktop application which required license to start the application, So the same it will call Java application running on Cloud which will generate the license.

So i have thought to use RSA to encrypt and decrypt license information like License validity.

I have refereed below link :-

RSA .NET encryption Java decryption

Java RSA Encrypt - Decrypt .NET

The problem is I want to encrypt License information in Java using Private key and decrypt in C# using public key.

Yes this is opposite scenario, i will put public key in desktop application that client will have it. Which can read the data, i don't want to disclose private as any one can generated license as they want using private key. I didn't got any solution which can help to achieve this in cross platform.

Is it possible ? I can use AES as well but again the same key for encrption and decryption.

EDIT :

What my application is currently going :-

it will take some unique machine id and generating license (From Java send to desktop) and inside the license we we have this unique id. So when application start that time we check if machine id in license and machine id of current system are same or not.

I am not sure how digital Signature will work in this case? can you please point me any code example. (which can work cross platform)

3
javac#securityencryptioncryptography
well, why does the license have to be encrypted? have you read about digital signatures?DarkSquirrel42
Thanks for reply, i have added some information in EDIT section.Simran

3 Answers

1
votes

RSA (or any other asymmetric encryption scheme) does not work that way. You always encrypt using the public key and decrypt using the private key.

What you probably want is to apply a digital signature to your licence instead of encrypting it. Such a signature is created using the private key and can be verified in the client with just the public key.

Using a signature works like this:

  1. You build your licence file on the server (which contains the machine id and unique id as you said, probably some dates)
  2. You calculate a signature for that file using your private key.
  3. You send the licence plus the signature to the desktop app
  4. The desktop app uses the public key to the server key it already has to verify, that the signature really signed the licence it received
  5. If this signature verification succeeded, it can accept the values of the licence file for authentic and parse and use them
0
votes

Example:

let's say you have a license like this:

<license>
 <hardwareId>someValue</hardwareId>
 <serial>123456789</serial>
 <feature1 enabled="true" someOtherFeatureParameter="42"/>
</license>

you can put this into a normal xml file, stored somewhere in a known path on the machine (your installation directory ... the users profile ... whatever)

now while this is nice and shiny, storing all license related information, it does not protect you against a malicious user editing (or creating in the first place) said file, enabling features they didn't pay for (or even creating a license file they didn't pay for) ...

what does this have to do with digital signatures? ... a digital signature is exactly that what makes tampering with the license a bit harder ...

embed a public key into your application and place a signature in a second file (or put the signature together with the license into the xml file)

the thing about a digital signature is:

if you change even just one bit of the signed data, the signature becomes invalid

so all your application has to do is to verify if the signature is valid, and only then accpet the information in the license file

to create a signature, you need the private key that corresponds to the public key the signature will be verified with. Since you do not ship the private key with your application, the user does not have that...

of course this system can be broken by replacing the embedded publik key with a new one, but that is a bit more effort than editing a text/xml file ...

0
votes

The public key can only encrypt, you cant figure out the actual context of the files.

However you can implement an encryption within the clients-application, and every clie,t makes his own private and public key.

then the app send a request for the servers publickey, and sent its own publickey (possibly encrypted) to the server. now both can en-and decrypt the information only. You only have to make sure to implement simething to verify your server to the client.

lg!