-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 skar karthikeyan wrote: | My requirements are(again): | | 1) Content should be encrypted only on the server. And public key must | stay only on the server. No other person should have access to the | public key. | 2) Private key on the client machine should decrypt the file. It should | have only the private key, not the public key. That way, no hostile user | can create his own encrypted content and decrypt the file using the | private key. And without the private key, client shouldn't be able to | decrypt the file.
I think you have terrible mixed up you requirements and your (broken) solution. As far as I understood, you want: 1) Only one entity may be able to generate data. 2) Only a fixed set of entities may be able to read ~ the generated data. The answer to 1) is data signing done with the signers private key and verified by the signers public key that is distributed to all recipients. The answer to 2) is encryption. One of the possible ways to do that is encrypting the data for all public key of all recipients. The public keys of all recipients must be present when the data is encrypted. Both requirements can be fulfilled by using something like PKCS#7 signedAndEnvelopedData. If your requirements are really these two I mentioned please stick with an established method since you have obviously do not the expertise to develop an own one. Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKqA9v2iGqZUF3qPYRAtdCAJ0TH7WJbWHRKDqunTuH65dgCzwZEQCeItlC Xhg0PxZPZg0efFc7rgYJxa0= =VOeH -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
