On Fri, Apr 21, 2006, Rory Vieira wrote: > Bernhard Froehlich wrote: > > >Rory Vieira wrote: > > > >>Hi, > >> > >>For our customers we make backups (like everyone else). > >>However, legal restrictions apply to the specific branche we work in. > >>We are required to encrypt the data. > >> > >>... > >> > >>Thanks in advance... > > > >As far as I know there is no tool in openssl you can just drop in to > >use a public key to encrypt a stream. If someone knows better please > >tell. > > > >There is the smime-tool which can encrypt files, but I don't think > >this is what you want/need. > >One way to work around this problem (other than writing your own tool) > >might be a sequence of shell commands which may work like this: > > > > * Generate a key from /dev/random and store it in a file > > * Use this key to do openssl des3 ... like you did before > > * Encrypt the key using openssl smime with you client's certificate > > * Delete the unencrypted key (this might not be as trivial as it > > sounds if secutity requirements are high) > > > >This way your customer could use the reverse procedure (decrypt key > >with openssl smime and decrypt data with the key) to recover the data. > > > >Hope it helps, > >Ted > >;) > > > This is great. So much thanks from me (and my customers LOL). > This is just what I needed. Shame I couldn't come up with it myself :D >
A refinement of this would be to use 'openssl rand' to create the key and the 'rsautl' utility to encrypt and decrypt it using the appropriate public and private key. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
