I understand that private and public keys are mathematically related and data encrypted with one key can only be decrpyted with other. My question is that private key is always used to encrypt data whereas public key is always used to de-crypt it? Or can be be vice-vera and if so can you give some example application where its used in other direction (public key to encrypt and private key to decrypt)?
4 Answers
10
votes
Encryption is about keeping some data confidential; the data is transformed into an opaque blob and the reverse operation requires something that the attacker does not know, i.e. a "secret" or "private" information. The whole point of encryption is that decryption cannot be done with only public information; hence decryption uses the private key. However, there is no problem in letting anybody encrypt data, thus encryption can use the public key.
There are some algorithms (in practice, only one: RSA) which, from a casual glance, appear to be "revertible": you might think about using the private key for encryption, and the public key for decryption. As explained above, there goes confidentiality (if the decryption key is public, then anybody can decrypt, hence the encrypted data cannot be considered as confidential anymore). Such a "reversed encryption" may be used as the basis for a digital signature algorithm, in which there is no notion of confidentiality, but, instead, of verifiable proof of key owner action.
However there is more to RSA than the modular exponentiation. RSA encryption first transforms the input message into a big integer through an operation called "padding". RSA signature generation first transforms the input message into a big integer through another operation which is also called "padding"; but this is not at all the same padding. Padding is essential for security, and the needed characteristics are quite distinct between encryption and signature. For instance, an encryption padding needs a high level of added randomness, whereas a signature padding requires a lot of redundancy (and a hash function, in order to accommodate long input messages).
Talking of signatures as "encryption with the private key" is the way the RSA standard historically put it (hence names such as "md5WithRSAEncryption"), but it is inaccurate (paddings are, and must be, different) and overly specific (it applies only to RSA, not El Gamal, DSA, Diffie-Hellman, NTRU...). This is just a widespread confusion.
1
votes
1
votes
Not only can you use a public key for encryption, that is actually the normal mode of operation when you are encrypting for secrecy. This makes sense - anyone can encrypt with the public key, and only the proper recipient can decrypt using their private key.
In many public key systems, signing is mathematically similar to the opposite case - "encrypting with the private key" - but note that the signing operation is fundamentally distinct from the encryption operation. For example, with RSA, signing must use an invariant, verifiable padding method, whereas encryption should use random padding.
-1
votes
It's interchangeable.
Digital Signature -> Private key encrypts, public key decrypts so to verify sender.
Send a message -> Public key encrypts, private decrypts and owner reads the message.
EDIT: People seem to disagree with the "Interchangeable" definition. I need to clarify that I am talking about the mathematical perspective of the operation, not what is best in terms of security. Ofc, you should use keys for their intended operation.
However, Henrick Hellström response in SO thread explains why they are interchangeable mathematically : Are public key and private key interchangeable?
