On Wed September 9 2009, skar wrote: > Dave Thompson wrote: > >> From: owner-openssl-us...@openssl.org On Behalf Of skar karthikeyan > >> Sent: Tuesday, 08 September, 2009 13:13 > >> > > > > > >> I want to send data from my machine to another one and the remote > >> machine should be able to decrypt and make sense of the data only if it > >> has the correct credentials, like a key file. > >> > > > > > >> I'm a new to openssl and public key systems. From what I understand > >> from the docs, I should be able to generate a key pair, 1 public and > >> another private. Now, I've created a private RSA key and extracted the > >> public key. Next, I signed the data using the private key and sent it > >> to the remote machine. I also copied the exported public key to the > >> remote machine too. The remote machine can verify the data and I can see > >> the data I originally signed. > >> > > > > This is exactly backwards. _signing_ provides integrity/authentication > > but NOT confidentiality/privacy. In other words, anyone can see the data, > > but the remote machine can be certain that the data came from your machine > > and nobody else. (Assuming you keep your privatekey secure; what it can > > actually be sure is that it came from someone possessing the privatekey.) > > > > PK _encryption_ works the other way. Only the _recipient_ has the > > privatekey, > > and the sender(s) (there may be more than one) have the publickey. In some > > situations the sender gets the recipient's publickey 'on demand' e.g. from > > a keyserver, from the recipient's certificate, etc.; in some situations > > (possibly including yours) it stored in advance. The sender encrypts using > > the recipient's publickey, and then only the recipient can decrypt it. > > > > > > > >> However, I've got 2 doubts: > >> > > > > > >> 1) Am I doing it right? Is the signed data secure and not accessible > >> > > > > > >> to anyone without the public/private key? Of course, hackers can always > >> break it, I understand that. But, otherwise I'm following the right > >> > > process/idiom? > > > > No, as above. If you do, and you use valid algorithms with sufficiently > > large key sizes, 'hackers' CAN'T break the cryptography itself, not within > > the lifetime of the universe, at least using currently known physics. > > Attackers may however be able to break other parts of your system though, > > by for example: getting malware (virus, trojan, etc.) onto your computer > > that > > finds and tells them your privatekey, or just your sensitive data directly; > > guessing your key if it was generated on a machine using a poor random > > number generator; guessing your data if it wasn't 'padded' with sufficent > > randomness, or again used a poor random number generator. > > > > > >> 2) If the data size is bigger, I get the error "data greater than > >> > > mod > > > >> len:rsa_eay.c:660:". How do I deal with this case? > >> > > > > In RSA you can't encrypt or sign a value larger than the modulus, > > and similar restrictions apply to other PK algorithms. In fact > > because you NEED padding for security, as above, the largest value > > you can use is less than the modulus by usually 10-20 bytes or so. > > > > Normally people don't use RSA or other PK directly. For encryption > > you generate a random symmetric key, use it to 'bulk' encrypt the data, > > and encrypt (only) the symmetric key using RSA; for decryption, you > > decrypt the symmetric key and use it to decrypt the data. For signing, > > you compute a (cryptographic) hash of the data, and sign the hash; > > to verify, you re-compute the hash and verify it. If you do want > > to use PK especially RSA directly, you won't be interoperable with > > anyone else, and (these parts of) your system will be slower. > > > Thanks David and Dave :) So signing is the reverse of what I need. I > need to encrypt. In that case, I need to have only the private key on > the other side and have the public key with me to encrypt the data. Is > that possible? I can't use SSL/TLS alone, as I also want the data to > stay encrypted on the other side and be decrypted only when needed. Any > good material that I can read to learn more on this? >
As others have posted, this sounds like a job for PGP (or gnu's version of it). It is included with, or available for; nearly every *nix ever shipped plus many other operating systems, including some proprietary systems. For instance, the file manager GUI in many Linux distributions will allow your client to select the filename, and just click "decrypt" - P.F.M. Nothing new needs to be invented, just let your server be the home of the encrypted file and the PGP key files. Mike > cheers, > skar. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
