How to encrypt data using private key

[Antosser]

I am making an ETEE chat app. For a receiver to verify that the sender has a private key for their public key, the sender needs to encrypt a hash using their private key, so the receiver can decrypt it with the senders public key.
However, the rsa::RsaPrivateKey does not implement the encrypt method. Is there a solution for this or is it still Work In Progress?

[Antosser]

Complete error message here:

error[E0599]: no method named `encrypt` found for struct `rsa::RsaPrivateKey` in the current scope
  --> src/server/main.rs:55:18
   |
54 |               encrypted_checksum: sender_private_key
   |  _________________________________-
55 | |                 .encrypt(
   | |                 -^^^^^^^ help: there is a method with a similar name: `decrypt`
   | |_________________|
   | 

For more information about this error, try `rustc --explain E0599`.
error: could not compile `secure-chat` (bin "server") due to previous error

[tarcieri]

This is a somewhat similar use case to #231. We've been somewhat reluctant to support these use cases without higher-level protocols due to misuse potential.

Is this a completely ad hoc protocol, or is it an implementation of a particular digital signature algorithm?

[Antosser]

This isn't for a particular algorithm, I am just inventing my own minimalistic protocol for a chat app

[Antosser]

Is the process of encrypting with a public key the same as encrypting with a private key? If so, I could cast the private key to a public key, so I can use the encrypt method. Or, if that would be the case, it would be much easier for you to copy/paste the encrypt/decrypt methods.

[tarcieri]

I am just inventing my own minimalistic protocol for a chat app

Perhaps instead you could use either the RSASSA-PKCS#1v15 or RSASSA-PSS signature algorithms, which are standardized digital signature algorithms, rather than trying to roll your own digital signature algorithm.

Is the process of encrypting with a public key the same as encrypting with a private key? If so, I could cast the private key to a public key, so I can use the encrypt method.

Yes and no. The core algorithm is the same (modular exponentiation), however the data structures for a public and private key are quite different and not interchangeable.

Or, if that would be the case, it would be much easier for you to copy/paste the encrypt/decrypt methods.

It would be much easier for you to use standard algorithms that solve this particular problem.

[tarcieri]

Closing with the suggestion to use standard algorithms we already implement

[Antosser]

You said I could use PKCS 1v15 to create signatures, but in the docs for the rsa library, the verifying key is derived from the singing by which is derived from the private key which the receiver does not have. How does this actually work?

[tarcieri]

Please see #231

[Antosser]

Please see #231

I couldn't find an answer there. Is Signcryption already possible? I couldn't find any mentions of it in the docs

[tarcieri]

We don't currently implement it, no. However, that is a construction that actually has the properties you are asking about.

[Antosser]

You said I could use PKCS 1v15 to create signatures, but in the docs for the rsa library, the verifying key is derived from the singing by which is derived from the private key which the receiver does not have. How does this actually work?

How do I solve this issue? Could you link something that explains how this works? It's not obvious from the docs

[tarcieri]

I'm not sure what about "we don't currently implement it" is unclear. You are asking for a feature we don't have yet.

The solution is for someone to implement #231. Until that happens, the feature doesn't exist, and if it does't exist you can't use it yet.

[tarcieri]

@Antosser I wrote up why a simple repurposing of PKCS#1v1.5 with the encryption and decryption roles reversed is insecure in this comment: #231 (comment)