skar: > Thanks for the advice. Hope this one is clear. > Here are the concrete requirements:
> 1) Content should be encrypted only on the server. > And public key must stay only on the server. No other > person should have access to the public key. That is not a requirement, that is an implementation. If you have to use public-key cyrptography, it would only be because that is the only way to meet your requirements. > 2) Private key on the client machine should decrypt the > file. It should have only the private key, not the > public key. That way, no hostile user can create his own > encrypted content and decrypt the file using the private key. This is a completely nonsensical implementation. Whatever your requirements are (which for some reason you refuse to state) this *can't* be a sensible way to meet them. > And it basically boils down to separating the public and private > keys and finding a way to not have the public key inside the > private key, which is the default in openssl. Do you understand why the public key is so named? It doesn't seem so. I don't think public key crypography is the right way to meet when I'm guessing your requirements are. I strongly urge you to have a talk with someone knowledgeable in cryptography and design a scheme with them. Honestly, this conversation is not going well and is very, *very* unlikely to result in you having a good idea of a way to meet your actual requirements, whatever they are. Sorry to be blunt, but getting a scheme that's actually secure is not easy. You have to make sure your scheme isn't vulnerable to weaknesses of which you are not aware, and if you refuse to do it the same way everyone else does, that won't happen. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
