On Wed, Sep 9, 2009 at 6:43 PM, Scott Gifford <sgiff...@suspectclass.com>wrote:
> skar <skar.karthike...@gmail.com> writes: > > [...] > > > You may want to consider using PGP for this, it sounds like your > scenario is exactly what it was designed for. Each client would > generate its own private and public key, then the sender would add the > public keys to its PGP keychain and encrypt and sign a message to all > of them. PGP would take care of making this work (IIRC it would > encrypt the file using a symmetric key, then include copies of the > symmetric key encrypted with each recipient's public key). > Thanks. However, I feel openssl would do the job itself. For eg, I can create a private key with: ##snip###### openssl genrsa -out 1pri.pem 4096 Generating RSA private key, 4096 bit long modulus ............................................................................................++ ..++ e is 65537 (0x10001) # openssl rsa -in 1pri.pem -out 1pub.pem -pubout writing RSA key ##snip###### Now, I can distribute the private keys to the client machines and keep the public in the server. However, it's possible to extract the public key from the private key. Which means, anyone with access to the client machine can extract the public key and can create other encrypted messages/content which can be decrypted using the private key there. * * I just want to have the private key without the public key in it. That way, I can just send the private key alone to the client machines and only I will have access to the public key. So, only I can create files that can be decrypted using the private key. Basically, it reverses the usage, the name public and private means. But it works for my requirement, provided it's possible to have a private key with no public key in it :) There's a tutorial about using the modulus/exponent directly to encrypt/decrypt over at http://www.dsm.fordham.edu/~mathai/openssl.html. So, it must definitely be possible to do it. cheers, skar.
