Dnia Wed, Aug 04, 2010 at 08:48:48AM -0700, Vikas patial napisał(a): What you try to do is named Key Escrow. It is built into MS Windows since version 2000.
> Thanks a lot guys for helping me ... > > @ Wojciech > I went though the document and will use PBKDF1 from PKCS #5 for key > derivation,its also supported in cryptopp so its great. Good. > I would seek if it is possible to do what i am trying to do with crypto > ++ in a better way,all ideas are welcome. > > My task is to securely store some keys which my software uses on the > pc, so in case the Client forgets these keys ( he types them to access > data and can change them ) then a administrator can recover them.But > these keys should not be recoverable by anyone other than the admin. Your admin has keypair generated in GnuPG. Public key of named admin is um - public and is given to all clients. Your app should encrypt to this public key data you want to escrow (your symmetric key). Thats all. And all your client data depends of admin's honesty. GnuPG for MS Win: http://www.gpg4win.org Library. http://www.gnupg.org/download/index.en.html#gpgme > Symmetric Cryptography requires the key to be stored somewhere so i > choose Asymmetric cryptography ( RSA 2048 ) , where in the > administrator has the private key while all clients have public key > for encryption.But as i do not store the private key anywhere i needed > a deterministic way of generating it incase it is required again for > recovering the public key encrypted keys. Deriving, testing, attacking and proving each schema or protocol like PKCS#5 above took many years and minds of highly skilled cryptographers. There is NO place for homebrew solutions. Aka any "good idea of not storing deterministic randomness" is doomed even before born. Plain _using_ ready libraries need understanding how crypto works. So read books you were given and dig the net for articles about crypto. For now use simpliest but tested solutions. Pozdrawiam, Ohir. -- Wojciech S. Czarnecki << ^oo^ >> OHIR-RIPE -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
