> As others have posted, this sounds like a job for PGP (or gnu's version of > it). > It is included with, or available for; nearly every *nix ever shipped > plus many other operating systems, including some proprietary systems. > > For instance, the file manager GUI in many Linux distributions will allow > your client to select the filename, and just click "decrypt" - P.F.M. > > Nothing new needs to be invented, just let your server be the home of the > encrypted file and the PGP key files. >
Thanks for the help. I did try gnupg too. It also has the same problem, where it allows access to the public key if you have the private key. That would break my need, where I need to be only one with access to the public key, so that only I can create encrypted content. All the clients can have the private key(and private key only) so that they can decrypt the content. If they don't have the private key, they shouldn't be able to decrypt it. Both GnuPG and OpenSSL support sending encrypted content to a guy with the private key. But they both allow the guy(in my case, the client machine) with the private key to create his own encrypted content, since the public key is embedded within the private key. I'd like to remove that public key and have only the private key. My requirements are(again): 1) Content should be encrypted only on the server. And public key must stay only on the server. No other person should have access to the public key. 2) Private key on the client machine should decrypt the file. It should have only the private key, not the public key. That way, no hostile user can create his own encrypted content and decrypt the file using the private key. And without the private key, client shouldn't be able to decrypt the file. cheers, skar.
