RE: Sending Public Key
Thanks for all the help! We are going to look into OpenPGP and OpenSSL (since we may need it for our web server anyway). --jah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Shaw Sent: Tuesday, 13 February, 2007 09:43 To: gnupg-users@gnupg.org Subject: Re: Sending Public Key On Mon, Feb 12, 2007 at 12:53:38PM -0700, jason heddings wrote: Thanks for the reply (and keeping me from making a big mistake)... So, for doing basic data encryption / transmission, what's the right way to go? We just need to do public key encryption, send the data (via email or postal), decrypt on a backend. It sounds like straight OpenPGP will do the job for you. It is a well-understood and widely supported protocol for public key encryption. GnuPG can do what you need right out of the box, and can handle both email and postal easily. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Sending Public Key
Thanks for the reply... I think I'm missing something, then... Does that mean the operations provided by libgcrypt are not secure to use by themselves? --jah -Original Message- From: Janusz A. Urbanowicz [mailto:[EMAIL PROTECTED] On Behalf Of Janusz A. Urbanowicz Sent: Sunday, 11 February, 2007 10:59 To: jason heddings Cc: gnupg-users@gnupg.org Subject: Re: Sending Public Key On Sat, Feb 10, 2007 at 02:13:42PM -0700, jason heddings wrote: I'm making use of libgcrypt for a specific encryption application. I'm assuming that the following is secure: - Use libgcrypt to create a keypair - Save the S-exp to an internal, protected keystore - Base64 encode the public-key portion of the S-exp - Broadcast the base64-encoded key to associated clients - Use the broadcasted public-key to encrypt data - Send encrypted data back to a server containing the keystore - Only server can decrypt encrypted data using private keys Can someone please correct me if I am wrong? Is there a problem with this approach, or perhaps a better one? Without a detailed specification of the protocol it is almost impossible, but for starters, do not encrypt actual non-random data with a pubkey. It is always bad idea to roll your own crypto protocol, use SSL/TLS or OpenPGP or CMS, or XML cryptography if possible. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sending Public Key
On Mon, 12 Feb 2007 15:15, [EMAIL PROTECTED] said: I think I'm missing something, then... Does that mean the operations provided by libgcrypt are not secure to use by themselves? It is with all tools. It needs to be used properly. A chainsaw is a very powerful tool but not used properly you will do worse than without. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Sending Public Key
Thanks for the reply (and keeping me from making a big mistake)... So, for doing basic data encryption / transmission, what's the right way to go? We just need to do public key encryption, send the data (via email or postal), decrypt on a backend. Thanks for all the help here... Obviously I'm trying to forge new ground for our company. --jah -Original Message- From: Werner Koch [mailto:[EMAIL PROTECTED] Sent: Monday, 12 February, 2007 08:22 To: jason heddings Cc: 'Janusz A. Urbanowicz'; gnupg-users@gnupg.org Subject: Re: Sending Public Key On Mon, 12 Feb 2007 15:15, [EMAIL PROTECTED] said: I think I'm missing something, then... Does that mean the operations provided by libgcrypt are not secure to use by themselves? It is with all tools. It needs to be used properly. A chainsaw is a very powerful tool but not used properly you will do worse than without. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sending Public Key
On Sat, Feb 10, 2007 at 02:13:42PM -0700, jason heddings wrote: I'm making use of libgcrypt for a specific encryption application. I'm assuming that the following is secure: - Use libgcrypt to create a keypair - Save the S-exp to an internal, protected keystore - Base64 encode the public-key portion of the S-exp - Broadcast the base64-encoded key to associated clients - Use the broadcasted public-key to encrypt data - Send encrypted data back to a server containing the keystore - Only server can decrypt encrypted data using private keys Can someone please correct me if I am wrong? Is there a problem with this approach, or perhaps a better one? Without a detailed specification of the protocol it is almost impossible, but for starters, do not encrypt actual non-random data with a pubkey. It is always bad idea to roll your own crypto protocol, use SSL/TLS or OpenPGP or CMS, or XML cryptography if possible. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Sending Public Key
I'm making use of libgcrypt for a specific encryption application. I'm assuming that the following is secure: - Use libgcrypt to create a keypair - Save the S-exp to an internal, protected keystore - Base64 encode the public-key portion of the S-exp - Broadcast the base64-encoded key to associated clients - Use the broadcasted public-key to encrypt data - Send encrypted data back to a server containing the keystore - Only server can decrypt encrypted data using private keys Can someone please correct me if I am wrong? Is there a problem with this approach, or perhaps a better one? --jah ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users