> From: owner-openssl-us...@openssl.org On Behalf Of skar karthikeyan > Sent: Tuesday, 08 September, 2009 13:13
> I want to send data from my machine to another one and the remote > machine should be able to decrypt and make sense of the data only if it > has the correct credentials, like a key file. > I'm a new to openssl and public key systems. From what I understand > from the docs, I should be able to generate a key pair, 1 public and > another private. Now, I've created a private RSA key and extracted the > public key. Next, I signed the data using the private key and sent it > to the remote machine. I also copied the exported public key to the > remote machine too. The remote machine can verify the data and I can see > the data I originally signed. This is exactly backwards. _signing_ provides integrity/authentication but NOT confidentiality/privacy. In other words, anyone can see the data, but the remote machine can be certain that the data came from your machine and nobody else. (Assuming you keep your privatekey secure; what it can actually be sure is that it came from someone possessing the privatekey.) PK _encryption_ works the other way. Only the _recipient_ has the privatekey, and the sender(s) (there may be more than one) have the publickey. In some situations the sender gets the recipient's publickey 'on demand' e.g. from a keyserver, from the recipient's certificate, etc.; in some situations (possibly including yours) it stored in advance. The sender encrypts using the recipient's publickey, and then only the recipient can decrypt it. > However, I've got 2 doubts: > 1) Am I doing it right? Is the signed data secure and not accessible > to anyone without the public/private key? Of course, hackers can always > break it, I understand that. But, otherwise I'm following the right process/idiom? No, as above. If you do, and you use valid algorithms with sufficiently large key sizes, 'hackers' CAN'T break the cryptography itself, not within the lifetime of the universe, at least using currently known physics. Attackers may however be able to break other parts of your system though, by for example: getting malware (virus, trojan, etc.) onto your computer that finds and tells them your privatekey, or just your sensitive data directly; guessing your key if it was generated on a machine using a poor random number generator; guessing your data if it wasn't 'padded' with sufficent randomness, or again used a poor random number generator. > 2) If the data size is bigger, I get the error "data greater than mod > len:rsa_eay.c:660:". How do I deal with this case? In RSA you can't encrypt or sign a value larger than the modulus, and similar restrictions apply to other PK algorithms. In fact because you NEED padding for security, as above, the largest value you can use is less than the modulus by usually 10-20 bytes or so. Normally people don't use RSA or other PK directly. For encryption you generate a random symmetric key, use it to 'bulk' encrypt the data, and encrypt (only) the symmetric key using RSA; for decryption, you decrypt the symmetric key and use it to decrypt the data. For signing, you compute a (cryptographic) hash of the data, and sign the hash; to verify, you re-compute the hash and verify it. If you do want to use PK especially RSA directly, you won't be interoperable with anyone else, and (these parts of) your system will be slower. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
