send encrypted data to remote server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

send encrypted data to remote server

skar karthikeyan
Hi,

I want to send data from my machine to another one and the remote machine should be able to decrypt and make sense of the data only if it has the correct credentials, like a key file.

I'm a new to openssl and public key systems. From what I understand from the docs, I should be able to generate a key pair, 1 public and another private. Now, I've created a private RSA key and extracted the public key. Next, I signed the data using the private key and sent it to the remote machine. I also copied the exported public key to the remote machine too. The remote machine can verify the data and I can see the data I originally signed.

However, I've got 2 doubts:

1) Am I doing it right? Is the signed data secure and not accessible to anyone without the public/private key? Of course, hackers can always break it, I understand that. But, otherwise I'm following the right process/idiom?
2) If the data size is bigger, I get the error "data greater than mod len:rsa_eay.c:660:". How do I deal with this case?

Thanks for the great s/w and thanks in advance for any help :)

cheers,
skar.
Reply | Threaded
Open this post in threaded view
|

RE: send encrypted data to remote server

JoelKatz

Skar Karthikeyan wrote:

> I want to send data from my machine to another one and the remote
> machine should be able to decrypt and make sense of the data only
> if it has the correct credentials, like a key file.

SSL is designed for applications like this.

> I'm a new to openssl and public key systems. From what I understand
> from the docs, I should be able to generate a key pair, 1 public and
> another private. Now, I've created a private RSA key and extracted the
> public key. Next, I signed the data using the private key and sent it
> to the remote machine. I also copied the exported public key to the
> remote machine too. The remote machine can verify the data and I can
> see the data I originally signed.

No, don't do that. Use SSL. If you try to invent your own way to do things,
it is very, very unlikely to be secure.

> However, I've got 2 doubts:

> 1) Am I doing it right? Is the signed data secure and not accessible
> to anyone without the public/private key? Of course, hackers can
> always break it, I understand that. But, otherwise I'm following the
> right process/idiom?

No. Signing data only prevents it from being tampered with, it does not hide
it.

> 2) If the data size is bigger, I get the error "data greater than
> mod len:rsa_eay.c:660:". How do I deal with this case?

You are using RSA as an encryption/signature algorithm. IS IT NOT ONE! It is
a primitive that can be used to make very good encryption and signature
algorithms by cryptography experts. You would be wise to use their work
rather than trying to re-invent it.

> Thanks for the great s/w and thanks in advance for any help :)

What you want is probably SSL, which is specifically designed to protect
data transported over a network from prying eyes and to authenticate the
endpoint(s). Don't use bits and pieces and try to get them to work together,
your odds of getting it right are vanishingly small.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: send encrypted data to remote server

Dave Thompson-4
In reply to this post by skar karthikeyan
> From: [hidden email] On Behalf Of skar karthikeyan
> Sent: Tuesday, 08 September, 2009 13:13

> I want to send data from my machine to another one and the remote
> machine should be able to decrypt and make sense of the data only if it
> has the correct credentials, like a key file.

> I'm a new to openssl and public key systems. From what I understand
> from the docs, I should be able to generate a key pair, 1 public and
> another private. Now, I've created a private RSA key and extracted the
> public key. Next, I signed the data using the private key and sent it
> to the remote machine. I also copied the exported public key to the
> remote machine too. The remote machine can verify the data and I can see
> the data I originally signed.

This is exactly backwards. _signing_ provides integrity/authentication
but NOT confidentiality/privacy. In other words, anyone can see the data,
but the remote machine can be certain that the data came from your machine
and nobody else. (Assuming you keep your privatekey secure; what it can
actually be sure is that it came from someone possessing the privatekey.)

PK _encryption_ works the other way. Only the _recipient_ has the
privatekey,
and the sender(s) (there may be more than one) have the publickey. In some
situations the sender gets the recipient's publickey 'on demand' e.g. from
a keyserver, from the recipient's certificate, etc.; in some situations
(possibly including yours) it stored in advance. The sender encrypts using
the recipient's publickey, and then only the recipient can decrypt it.


> However, I've got 2 doubts:

> 1) Am I doing it right? Is the signed data secure and not accessible

> to anyone without the public/private key? Of course, hackers can always
> break it, I understand that. But, otherwise I'm following the right
process/idiom?

No, as above. If you do, and you use valid algorithms with sufficiently
large key sizes, 'hackers' CAN'T break the cryptography itself, not within
the lifetime of the universe, at least using currently known physics.
Attackers may however be able to break other parts of your system though,
by for example: getting malware (virus, trojan, etc.) onto your computer
that
finds and tells them your privatekey, or just your sensitive data directly;
guessing your key if it was generated on a machine using a poor random
number generator; guessing your data if it wasn't 'padded' with sufficent
randomness, or again used a poor random number generator.

> 2) If the data size is bigger, I get the error "data greater than
mod
> len:rsa_eay.c:660:". How do I deal with this case?

In RSA you can't encrypt or sign a value larger than the modulus,
and similar restrictions apply to other PK algorithms. In fact
because you NEED padding for security, as above, the largest value
you can use is less than the modulus by usually 10-20 bytes or so.

Normally people don't use RSA or other PK directly. For encryption
you generate a random symmetric key, use it to 'bulk' encrypt the data,
and encrypt (only) the symmetric key using RSA; for decryption, you
decrypt the symmetric key and use it to decrypt the data. For signing,
you compute a (cryptographic) hash of the data, and sign the hash;
to verify, you re-compute the hash and verify it. If you do want
to use PK especially RSA directly, you won't be interoperable with
anyone else, and (these parts of) your system will be slower.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

skar karthikeyan
 Dave Thompson wrote:
	From: [hidden email] On Behalf Of skar karthikeyan
	Sent: Tuesday, 08 September, 2009 13:13
    

  
	I want to send data from my machine to another one and the remote 
machine should be able to decrypt and make sense of the data only if it 
has the correct credentials, like a key file.
    

  
	I'm a new to openssl and public key systems. From what I understand 
from the docs, I should be able to generate a key pair, 1 public and 
another private. Now, I've created a private RSA key and extracted the 
public key. Next, I signed the data using the private key and sent it 
to the remote machine. I also copied the exported public key to the 
remote machine too. The remote machine can verify the data and I can see 
the data I originally signed.
    

This is exactly backwards. _signing_ provides integrity/authentication 
but NOT confidentiality/privacy. In other words, anyone can see the data, 
but the remote machine can be certain that the data came from your machine 
and nobody else. (Assuming you keep your privatekey secure; what it can 
actually be sure is that it came from someone possessing the privatekey.)

PK _encryption_ works the other way. Only the _recipient_ has the
privatekey, 
and the sender(s) (there may be more than one) have the publickey. In some 
situations the sender gets the recipient's publickey 'on demand' e.g. from 
a keyserver, from the recipient's certificate, etc.; in some situations 
(possibly including yours) it stored in advance. The sender encrypts using 
the recipient's publickey, and then only the recipient can decrypt it.


  
	However, I've got 2 doubts:
    

  
	1) Am I doing it right? Is the signed data secure and not accessible
    

  
to anyone without the public/private key? Of course, hackers can always 
break it, I understand that. But, otherwise I'm following the right
    
process/idiom?

No, as above. If you do, and you use valid algorithms with sufficiently 
large key sizes, 'hackers' CAN'T break the cryptography itself, not within 
the lifetime of the universe, at least using currently known physics. 
Attackers may however be able to break other parts of your system though, 
by for example: getting malware (virus, trojan, etc.) onto your computer
that 
finds and tells them your privatekey, or just your sensitive data directly; 
guessing your key if it was generated on a machine using a poor random 
number generator; guessing your data if it wasn't 'padded' with sufficent 
randomness, or again used a poor random number generator.

  
	2) If the data size is bigger, I get the error "data greater than
    
mod 
  
len:rsa_eay.c:660:". How do I deal with this case?
    

In RSA you can't encrypt or sign a value larger than the modulus, 
and similar restrictions apply to other PK algorithms. In fact 
because you NEED padding for security, as above, the largest value 
you can use is less than the modulus by usually 10-20 bytes or so.

Normally people don't use RSA or other PK directly. For encryption 
you generate a random symmetric key, use it to 'bulk' encrypt the data, 
and encrypt (only) the symmetric key using RSA; for decryption, you 
decrypt the symmetric key and use it to decrypt the data. For signing, 
you compute a (cryptographic) hash of the data, and sign the hash; 
to verify, you re-compute the hash and verify it. If you do want 
to use PK especially RSA directly, you won't be interoperable with 
anyone else, and (these parts of) your system will be slower.
  
Thanks David and Dave :) So signing is the reverse of what I need. I need to encrypt. In that case, I need to have only the private key on the other side and have the public key with me to encrypt the data. Is that possible? I can't use SSL/TLS alone, as I also want the data to stay encrypted on the other side and be decrypted only when needed. Any good material that I can read to learn more on this?

cheers,
skar.
-- 
--
The life so short, the craft so long to learn. 
Reply | Threaded
Open this post in threaded view
|

RE: send encrypted data to remote server

JoelKatz

skar wrote:

> Thanks David and Dave :) So signing is the reverse of what I need.
> I need to encrypt. In that case, I need to have only the private key
> on the other side and have the public key with me to encrypt the data.

You're really not doing a good job of stating your requirements. But, again,
it sounds like SSL does exactly what you want.

> Is that possible? I can't use SSL/TLS alone, as I also want the data
> to stay encrypted on the other side and be decrypted only when needed.

So encrypt it before you send it over the SSL/TLS link. Use SSL/TLS to
authenticate the end that's not originating the connection and to protect
the data in transport. Use anything else you like to permit the data to stay
encrypted on the other end -- what method is most appropriate for that
depends on your requirements, when you haven't stated. (Who is supposed to
be able to decrypt it and when? Is the key used to decrypt it a secret from
the server? Must data from different sessions use the same key?)

> Any good material that I can read to learn more on this?

Not really. It's a skill and not really something you can read and pick up
very well.

The best bet may be this:

1) The client knows the server's public key (or a CA that signs the server's
certificate).

2) The client connects to the server, establishes a TLS link, and verifies
the public key.

3) You now have a secure TLS link between the server and the client, and the
client knows it is talking to the server and only the server can decrypt the
data. (The server has no idea who it is talking to yet.)

4) The client sends some kind of credentials to the server, so the server
knows that it is talking to an authorized client. (This can even be a user
name and password. Or the client can have a certificate. It depends.)

5) The client sends the server its public key over the SSL link.

6) The server then encrypts data with the client's public key and sends it
over the SSL link. The data can then be encrypted with the client's private
key whenever needed.

You are not using a valuable resource though as we've gone several emails
now and you're still telling us about new requirements that totally change
the picture.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

skar karthikeyan
David Schwartz wrote:
> You're really not doing a good job of stating your requirements. But, again,
> it sounds like SSL does exactly what you want.
>
>  
> You are not using a valuable resource though as we've gone several emails
> now and you're still telling us about new requirements that totally change
> the picture.
>  
Sorry for being vague. And thanks for the pointers so far :)

I'll try to be more clear now. My requirement is this:

I have a file on my server which needs to reach several client machines
safely and to remain encrypted there. My s/w on those machines should be
able to decrypt the file and use the contents of the file, but it
shouldn't be easy to anyone else to decrypt the file or generate similar
encrypted files which fool my app on the client machines. I understand
that I need to use SSL/TLS sessions to send the file over. I can even
use off the shelf HTTP/IMAP/SMTP etc with SSL/TLS for that.

Now the remaining part is, how do I encrypt a file on my machine, so
that only the client machines with the right key can decrypt them? I
could keep the public key with me and have the private key on the client
machines. But I don't know of a way to have only the private key alone,
as openssl also allows extracting the public key from the private key.
More over, I'd be giving away the private key away while keeping the
public key for myself, which is ridiculous. Any ideas?

cheers,
skar.

--
--
The life so short, the craft so long to learn.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

Scott Gifford
skar <[hidden email]> writes:

[...]

> I have a file on my server which needs to reach several client machines
> safely and to remain encrypted there.

You may want to consider using PGP for this, it sounds like your
scenario is exactly what it was designed for.  Each client would
generate its own private and public key, then the sender would add the
public keys to its PGP keychain and encrypt and sign a message to all
of them.  PGP would take care of making this work (IIRC it would
encrypt the file using a symmetric key, then include copies of the
symmetric key encrypted with each recipient's public key).

An alternative would be to use straight symmetric cryptography, where
there is one secret key which is known by the server and all the
clients.  Then you could just encrypt the data with something like:

    openssl enc -aes-256-cbc

and on the other end use:

    openssl dec -aes-256-cbc

Hope this helps!

-----Scott.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

skar karthikeyan


On Wed, Sep 9, 2009 at 6:43 PM, Scott Gifford <[hidden email]> wrote:
skar <[hidden email]> writes:

[...]

 
You may want to consider using PGP for this, it sounds like your
scenario is exactly what it was designed for.  Each client would
generate its own private and public key, then the sender would add the
public keys to its PGP keychain and encrypt and sign a message to all
of them.  PGP would take care of making this work (IIRC it would
encrypt the file using a symmetric key, then include copies of the
symmetric key encrypted with each recipient's public key).

Thanks. However, I feel openssl would do the job itself. For eg, I can create a private key with:

##snip######
openssl genrsa -out 1pri.pem 4096
Generating RSA private key, 4096 bit long modulus
............................................................................................++
..++
e is 65537 (0x10001)
# openssl rsa -in 1pri.pem -out 1pub.pem -pubout
writing RSA key

##snip######

Now, I can distribute the private keys to the client machines and keep the public in the server.  However, it's possible to extract the public key from the private key. Which means, anyone with access to the client machine can extract the public key and can create other encrypted messages/content which can be decrypted using the private key there.

I just want to have the private key without the public key in it.

That way, I can just send the private key alone to the client machines and only I will have access to the public key. So, only I can create files that can be decrypted using the private key. Basically, it reverses the usage, the name public and private means. But it works for my requirement, provided it's possible to have a private key with no public key in it :)

There's a tutorial about using the modulus/exponent directly to encrypt/decrypt over at http://www.dsm.fordham.edu/~mathai/openssl.html. So, it must definitely be possible to do it.

cheers,
skar.
Reply | Threaded
Open this post in threaded view
|

RE: send encrypted data to remote server

JoelKatz
In reply to this post by skar karthikeyan

skar wrote:

> Now the remaining part is, how do I encrypt a file on my machine, so
> that only the client machines with the right key can decrypt them? I
> could keep the public key with me and have the private key on the client
> machines. But I don't know of a way to have only the private key alone,
> as openssl also allows extracting the public key from the private key.
> More over, I'd be giving away the private key away while keeping the
> public key for myself, which is ridiculous. Any ideas?

Have the client send the server its public key. The server can then encrypt
the file so that only the client can access it. Alternatively, you can just
have the client software decrypt the file.

It's hard to say because you still haven't stated any of your requirements.

Either the client or the server has to encrypt the file such that the client
can decrypt it. Which one and what algorithm depends on why you are trying
to do this, and it's not clear why.

One way would be for the client to generate a random 128-bit key and send it
to the server. The server can encrypt the data using this random 128-bit key
and send it to the client. The client can then write out a header including
the 128-bit key (encrypted however you like) before the data received from
the server.

Another way would be for the file to be pre-encrypted on the server. The
server can send the key to the client before it sends the file. The client
can then store the key (encrypted however you like) along with the file.

I suggest you find someone familiar with encryption and have a dialogue with
them until a solution emerges. It's just going to take ridiculously long
going back and forth this way because you don't seem to have any kind of
statement of your requirements.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

skar karthikeyan


On Wed, Sep 9, 2009 at 8:54 PM, David Schwartz <[hidden email]> wrote:

 
I suggest you find someone familiar with encryption and have a dialogue with
them until a solution emerges. It's just going to take ridiculously long
going back and forth this way because you don't seem to have any kind of
statement of your requirements.

Thanks for the advice. Hope this one is clear. Here are the concrete requirements:

1) Content should be encrypted only on the server. And public key must stay only on the server. No other person should have access to the public key. 
2) Private key on the client machine should decrypt the file. It should have only the private key, not the public key. That way, no hostile user can create his own encrypted content and decrypt the file using the private key.

I don't think there's anything more to what I need. And it basically boils down to separating the public and private keys and finding a way to not have the public key inside the private key, which is the default in openssl.

cheers,
skar.
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

Michael S. Zick-4
In reply to this post by skar karthikeyan
On Wed September 9 2009, skar wrote:

>  Dave Thompson wrote:
> >> From: [hidden email] On Behalf Of skar karthikeyan
> >> Sent: Tuesday, 08 September, 2009 13:13
> >>    
> >
> >  
> >> I want to send data from my machine to another one and the remote
> >> machine should be able to decrypt and make sense of the data only if it
> >> has the correct credentials, like a key file.
> >>    
> >
> >  
> >> I'm a new to openssl and public key systems. From what I understand
> >> from the docs, I should be able to generate a key pair, 1 public and
> >> another private. Now, I've created a private RSA key and extracted the
> >> public key. Next, I signed the data using the private key and sent it
> >> to the remote machine. I also copied the exported public key to the
> >> remote machine too. The remote machine can verify the data and I can see
> >> the data I originally signed.
> >>    
> >
> > This is exactly backwards. _signing_ provides integrity/authentication
> > but NOT confidentiality/privacy. In other words, anyone can see the data,
> > but the remote machine can be certain that the data came from your machine
> > and nobody else. (Assuming you keep your privatekey secure; what it can
> > actually be sure is that it came from someone possessing the privatekey.)
> >
> > PK _encryption_ works the other way. Only the _recipient_ has the
> > privatekey,
> > and the sender(s) (there may be more than one) have the publickey. In some
> > situations the sender gets the recipient's publickey 'on demand' e.g. from
> > a keyserver, from the recipient's certificate, etc.; in some situations
> > (possibly including yours) it stored in advance. The sender encrypts using
> > the recipient's publickey, and then only the recipient can decrypt it.
> >
> >
> >  
> >> However, I've got 2 doubts:
> >>    
> >
> >  
> >> 1) Am I doing it right? Is the signed data secure and not accessible
> >>    
> >
> >  
> >> to anyone without the public/private key? Of course, hackers can always
> >> break it, I understand that. But, otherwise I'm following the right
> >>    
> > process/idiom?
> >
> > No, as above. If you do, and you use valid algorithms with sufficiently
> > large key sizes, 'hackers' CAN'T break the cryptography itself, not within
> > the lifetime of the universe, at least using currently known physics.
> > Attackers may however be able to break other parts of your system though,
> > by for example: getting malware (virus, trojan, etc.) onto your computer
> > that
> > finds and tells them your privatekey, or just your sensitive data directly;
> > guessing your key if it was generated on a machine using a poor random
> > number generator; guessing your data if it wasn't 'padded' with sufficent
> > randomness, or again used a poor random number generator.
> >
> >  
> >> 2) If the data size is bigger, I get the error "data greater than
> >>    
> > mod
> >  
> >> len:rsa_eay.c:660:". How do I deal with this case?
> >>    
> >
> > In RSA you can't encrypt or sign a value larger than the modulus,
> > and similar restrictions apply to other PK algorithms. In fact
> > because you NEED padding for security, as above, the largest value
> > you can use is less than the modulus by usually 10-20 bytes or so.
> >
> > Normally people don't use RSA or other PK directly. For encryption
> > you generate a random symmetric key, use it to 'bulk' encrypt the data,
> > and encrypt (only) the symmetric key using RSA; for decryption, you
> > decrypt the symmetric key and use it to decrypt the data. For signing,
> > you compute a (cryptographic) hash of the data, and sign the hash;
> > to verify, you re-compute the hash and verify it. If you do want
> > to use PK especially RSA directly, you won't be interoperable with
> > anyone else, and (these parts of) your system will be slower.
> >  
> Thanks David and Dave :) So signing is the reverse of what I need. I
> need to encrypt. In that case, I need to have only the private key on
> the other side and have the public key with me to encrypt the data. Is
> that possible? I can't use SSL/TLS alone, as I also want the data to
> stay encrypted on the other side and be decrypted only when needed. Any
> good material that I can read to learn more on this?
>

As others have posted, this sounds like a job for PGP (or gnu's version of it).
It is included with, or available for; nearly every *nix ever shipped
plus many other operating systems, including some proprietary systems.

For instance, the file manager GUI in many Linux distributions will allow
your client to select the filename, and just click "decrypt" - P.F.M.

Nothing new needs to be invented, just let your server be the home of the
encrypted file and the PGP key files.

Mike
 
> cheers,
> skar.
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

skar karthikeyan

As others have posted, this sounds like a job for PGP (or gnu's version of it).
It is included with, or available for; nearly every *nix ever shipped
plus many other operating systems, including some proprietary systems.

For instance, the file manager GUI in many Linux distributions will allow
your client to select the filename, and just click "decrypt" - P.F.M.

Nothing new needs to be invented, just let your server be the home of the
encrypted file and the PGP key files.

Thanks for the help. I did try gnupg too. It also has the same problem, where it allows access to the public key if you have the private key. That would break my need, where I need to be only one with access to the public key, so that only I can create encrypted content. All the clients can have the private key(and private key only) so that they can decrypt the content. If they don't have the private key, they shouldn't be able to decrypt it. Both GnuPG and OpenSSL support sending encrypted content to a guy with the private key. But they both allow the guy(in my case, the client machine) with the private key to create his own encrypted content, since the public key is embedded within the private key. I'd like to remove that public key and have only the private key.

My requirements are(again):

1) Content should be encrypted only on the server. And public key must stay only on the server. No other person should have access to the public key.
2) Private key on the client machine should decrypt the file. It should have only the private key, not the public key. That way, no hostile user can create his own encrypted content and decrypt the file using the private key. And without the private key, client shouldn't be able to decrypt the file.

cheers,
skar. 
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

Paul Allen-4
On Wed, 2009-09-09 at 09:50 -0700, skar karthikeyan wrote:

> My requirements are(again):
>
> 1) Content should be encrypted only on the server. And public key must
> stay only on the server. No other person should have access to the
> public key.
> 2) Private key on the client machine should decrypt the file. It
> should have only the private key, not the public key. That way, no
> hostile user can create his own encrypted content and decrypt the file
> using the private key. And without the private key, client shouldn't
> be able to decrypt the file.

IMHO, this is a statement of how an implementation must solve your
problem, not a statement of the problem you are trying to solve.

I suggest that you forget for the moment everything you think you
know about public and private keys, state your problem, and then listen
to the responses you get.

Paul Allen

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

Goetz Babin-Ebell
In reply to this post by skar karthikeyan
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

skar karthikeyan wrote:
| My requirements are(again):
|
| 1) Content should be encrypted only on the server. And public key must
| stay only on the server. No other person should have access to the
| public key.
| 2) Private key on the client machine should decrypt the file. It should
| have only the private key, not the public key. That way, no hostile user
| can create his own encrypted content and decrypt the file using the
| private key. And without the private key, client shouldn't be able to
| decrypt the file.

I think you have terrible mixed up you requirements and your (broken)
solution.
As far as I understood, you want:

1) Only one entity may be able to generate data.
2) Only a fixed set of entities may be able to read
~   the generated data.

The answer to 1) is data signing done with the signers private key
and verified by the signers public key that is distributed to all
recipients.
The answer to 2) is encryption. One of the possible ways to do that
is encrypting the data for all public key of all recipients.
The public keys of all recipients must be present when the
data is encrypted.

Both requirements can be fulfilled by using
something like PKCS#7 signedAndEnvelopedData.

If your requirements are really these two I mentioned please stick
with an established method since you have obviously do not the expertise
to develop an own one.


Bye

Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKqA9v2iGqZUF3qPYRAtdCAJ0TH7WJbWHRKDqunTuH65dgCzwZEQCeItlC
Xhg0PxZPZg0efFc7rgYJxa0=
=VOeH
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: send encrypted data to remote server

JoelKatz
In reply to this post by skar karthikeyan

skar:

> Thanks for the advice. Hope this one is clear.
> Here are the concrete requirements:

> 1) Content should be encrypted only on the server.
> And public key must stay only on the server. No other
> person should have access to the public key.

That is not a requirement, that is an implementation. If you have to use
public-key cyrptography, it would only be because that is the only way to
meet your requirements.

> 2) Private key on the client machine should decrypt the
> file. It should have only the private key, not the
> public key. That way, no hostile user can create his own
> encrypted content and decrypt the file using the private key.

This is a completely nonsensical implementation. Whatever your requirements
are (which for some reason you refuse to state) this *can't* be a sensible
way to meet them.

> And it basically boils down to separating the public and private
> keys and finding a way to not have the public key inside the
> private key, which is the default in openssl.

Do you understand why the public key is so named? It doesn't seem so.

I don't think public key crypography is the right way to meet when I'm
guessing your requirements are. I strongly urge you to have a talk with
someone knowledgeable in cryptography and design a scheme with them.
Honestly, this conversation is not going well and is very, *very* unlikely
to result in you having a good idea of a way to meet your actual
requirements, whatever they are.

Sorry to be blunt, but getting a scheme that's actually secure is not easy.
You have to make sure your scheme isn't vulnerable to weaknesses of which
you are not aware, and if you refuse to do it the same way everyone else
does, that won't happen.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: send encrypted data to remote server

skar karthikeyan
In reply to this post by Goetz Babin-Ebell
Goetz Babin-Ebell wrote:

> I think you have terrible mixed up you requirements and your (broken)
> solution.
> As far as I understood, you want:
>
> 1) Only one entity may be able to generate data.
> 2) Only a fixed set of entities may be able to read
> ~   the generated data.
>
> The answer to 1) is data signing done with the signers private key
> and verified by the signers public key that is distributed to all
> recipients.
> The answer to 2) is encryption. One of the possible ways to do that
> is encrypting the data for all public key of all recipients.
> The public keys of all recipients must be present when the
> data is encrypted.
 Yup, you got it right. I guess I'll go with the above ideas. Thanks a
lot for the pointers. I was trying to achieve this in a single step,
with only I having the public key and all the clients have the private
key. That way, both the requirement are satisfied. Of course, it mixes
up the names and sounds ridiculous. But names are just strings and in
PKI, if you encrypt with 1 key, the other key is the only way to get
back at the original content. So theoretically, the single step must be
possible.

But, both GnuPG and OpenSSL doesn't give me 2 files, with the private
and public keys, just on their own. The public key is always embedded
into the private key also. It seems
http://search.cpan.org/~vipul/Crypt-RSA-1.99/lib/Crypt/RSA.pm fits my
requirements perfectly and it works fine.

Thanks to your help once again and also to other guys, David Schwartz
and Paul Allen too :)

cheers,
skar.
--
--
The life so short, the craft so long to learn.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]