Dave Thompson wrote: >> From: owner-openssl-us...@openssl.org On Behalf Of skar karthikeyan >> Sent: Tuesday, 08 September, 2009 13:13 >> > > >> I want to send data from my machine to another one and the remote >> machine should be able to decrypt and make sense of the data only if it >> has the correct credentials, like a key file. >> > > >> I'm a new to openssl and public key systems. From what I understand >> from the docs, I should be able to generate a key pair, 1 public and >> another private. Now, I've created a private RSA key and extracted the >> public key. Next, I signed the data using the private key and sent it >> to the remote machine. I also copied the exported public key to the >> remote machine too. The remote machine can verify the data and I can see >> the data I originally signed. >> > > This is exactly backwards. _signing_ provides integrity/authentication > but NOT confidentiality/privacy. In other words, anyone can see the data, > but the remote machine can be certain that the data came from your machine > and nobody else. (Assuming you keep your privatekey secure; what it can > actually be sure is that it came from someone possessing the privatekey.) > > PK _encryption_ works the other way. Only the _recipient_ has the > privatekey, > and the sender(s) (there may be more than one) have the publickey. In some > situations the sender gets the recipient's publickey 'on demand' e.g. from > a keyserver, from the recipient's certificate, etc.; in some situations > (possibly including yours) it stored in advance. The sender encrypts using > the recipient's publickey, and then only the recipient can decrypt it. > > > >> However, I've got 2 doubts: >> > > >> 1) Am I doing it right? Is the signed data secure and not accessible >> > > >> to anyone without the public/private key? Of course, hackers can always >> break it, I understand that. But, otherwise I'm following the right >> > process/idiom? > > No, as above. If you do, and you use valid algorithms with sufficiently > large key sizes, 'hackers' CAN'T break the cryptography itself, not within > the lifetime of the universe, at least using currently known physics. > Attackers may however be able to break other parts of your system though, > by for example: getting malware (virus, trojan, etc.) onto your computer > that > finds and tells them your privatekey, or just your sensitive data directly; > guessing your key if it was generated on a machine using a poor random > number generator; guessing your data if it wasn't 'padded' with sufficent > randomness, or again used a poor random number generator. > > >> 2) If the data size is bigger, I get the error "data greater than >> > mod > >> len:rsa_eay.c:660:". How do I deal with this case? >> > > In RSA you can't encrypt or sign a value larger than the modulus, > and similar restrictions apply to other PK algorithms. In fact > because you NEED padding for security, as above, the largest value > you can use is less than the modulus by usually 10-20 bytes or so. > > Normally people don't use RSA or other PK directly. For encryption > you generate a random symmetric key, use it to 'bulk' encrypt the data, > and encrypt (only) the symmetric key using RSA; for decryption, you > decrypt the symmetric key and use it to decrypt the data. For signing, > you compute a (cryptographic) hash of the data, and sign the hash; > to verify, you re-compute the hash and verify it. If you do want > to use PK especially RSA directly, you won't be interoperable with > anyone else, and (these parts of) your system will be slower. > Thanks David and Dave :) So signing is the reverse of what I need. I need to encrypt. In that case, I need to have only the private key on the other side and have the public key with me to encrypt the data. Is that possible? I can't use SSL/TLS alone, as I also want the data to stay encrypted on the other side and be decrypted only when needed. Any good material that I can read to learn more on this?
cheers, skar. -- -- The life so short, the craft so long to learn.
