skar wrote: > Thanks David and Dave :) So signing is the reverse of what I need. > I need to encrypt. In that case, I need to have only the private key > on the other side and have the public key with me to encrypt the data.
You're really not doing a good job of stating your requirements. But, again, it sounds like SSL does exactly what you want. > Is that possible? I can't use SSL/TLS alone, as I also want the data > to stay encrypted on the other side and be decrypted only when needed. So encrypt it before you send it over the SSL/TLS link. Use SSL/TLS to authenticate the end that's not originating the connection and to protect the data in transport. Use anything else you like to permit the data to stay encrypted on the other end -- what method is most appropriate for that depends on your requirements, when you haven't stated. (Who is supposed to be able to decrypt it and when? Is the key used to decrypt it a secret from the server? Must data from different sessions use the same key?) > Any good material that I can read to learn more on this? Not really. It's a skill and not really something you can read and pick up very well. The best bet may be this: 1) The client knows the server's public key (or a CA that signs the server's certificate). 2) The client connects to the server, establishes a TLS link, and verifies the public key. 3) You now have a secure TLS link between the server and the client, and the client knows it is talking to the server and only the server can decrypt the data. (The server has no idea who it is talking to yet.) 4) The client sends some kind of credentials to the server, so the server knows that it is talking to an authorized client. (This can even be a user name and password. Or the client can have a certificate. It depends.) 5) The client sends the server its public key over the SSL link. 6) The server then encrypts data with the client's public key and sends it over the SSL link. The data can then be encrypted with the client's private key whenever needed. You are not using a valuable resource though as we've gone several emails now and you're still telling us about new requirements that totally change the picture. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
