RSAKey::applyToValue description wrong?


#1

In the description for RSAKey::applyToValue it states:

Call this on the public key object to encode some data, then use the matching private key object to decode it.

Shouldn't this be reversed?  You distribute the public keys to be able to decode.


#2

No, you encode using the receiver's public key. His private key is usually unknown to you.

You distribute your public key in order to receive encrypted messages.


#3

...but you are right, in the OnlineUnlockStatus the public key is used to decrypt. Is this a correct use?

The public and the private keys are not interchangeable, because the public key can be derrived from the private key (with little effort), but not vice versa.

But can you encrypt using a private key and decrypt with a public key?

from modules/juce_tracktion_marketplace/marketplace/juce_OnlineUnlockStatus.cpp:

void OnlineUnlockStatus::load()
{
    [...]

    KeyFileUtils::KeyFileData data;
    data = KeyFileUtils::getDataFromKeyFile (KeyFileUtils::getXmlFromKeyFile (status[keyfileDataProp], getPublicKey()));

    [...]
 }

[...]
static XmlElement getXmlFromKeyFile (String keyFileText, RSAKey rsaPublicKey)
{
    return decryptXML (keyFileText.fromLastOccurrenceOf ("#", false, false).trim(), rsaPublicKey);
}