Goetz Babin-Ebell wrote: > I think you have terrible mixed up you requirements and your (broken) > solution. > As far as I understood, you want: > > 1) Only one entity may be able to generate data. > 2) Only a fixed set of entities may be able to read > ~ the generated data. > > The answer to 1) is data signing done with the signers private key > and verified by the signers public key that is distributed to all > recipients. > The answer to 2) is encryption. One of the possible ways to do that > is encrypting the data for all public key of all recipients. > The public keys of all recipients must be present when the > data is encrypted. Yup, you got it right. I guess I'll go with the above ideas. Thanks a lot for the pointers. I was trying to achieve this in a single step, with only I having the public key and all the clients have the private key. That way, both the requirement are satisfied. Of course, it mixes up the names and sounds ridiculous. But names are just strings and in PKI, if you encrypt with 1 key, the other key is the only way to get back at the original content. So theoretically, the single step must be possible.
But, both GnuPG and OpenSSL doesn't give me 2 files, with the private and public keys, just on their own. The public key is always embedded into the private key also. It seems http://search.cpan.org/~vipul/Crypt-RSA-1.99/lib/Crypt/RSA.pm fits my requirements perfectly and it works fine. Thanks to your help once again and also to other guys, David Schwartz and Paul Allen too :) cheers, skar. -- -- The life so short, the craft so long to learn. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
