Thanks a lot for helping me out. Im going back to reading now :). On Aug 4, 9:30 pm, "Wojciech S. Czarnecki" <[email protected]> wrote: > Dnia Wed, Aug 04, 2010 at 08:48:48AM -0700, Vikas patial napisa (a): > > What you try to do is named Key Escrow. > It is built into MS Windows since version 2000. > > > Thanks a lot guys for helping me ... > > > @ Wojciech > > I went though the document and will use PBKDF1 from PKCS #5 for key > > derivation,its also supported in cryptopp so its great. > > Good. > > > I would seek if it is possible to do what i am trying to do with crypto > > ++ in a better way,all ideas are welcome. > > > My task is to securely store some keys which my software uses on the > > pc, so in case the Client forgets these keys ( he types them to access > > data and can change them ) then a administrator can recover them.But > > these keys should not be recoverable by anyone other than the admin. > > Your admin has keypair generated in GnuPG. Public key of named admin > is um - public and is given to all clients. Your app should > encrypt to this public key data you want to escrow (your symmetric > key). Thats all. And all your client data depends of admin's honesty. > > GnuPG for MS Win: > http://www.gpg4win.org > > Library. > http://www.gnupg.org/download/index.en.html#gpgme > > > Symmetric Cryptography requires the key to be stored somewhere so i > > choose Asymmetric cryptography ( RSA 2048 ) , where in the > > administrator has the private key while all clients have public key > > for encryption.But as i do not store the private key anywhere i needed > > a deterministic way of generating it incase it is required again for > > recovering the public key encrypted keys. > > Deriving, testing, attacking and proving each schema or protocol > like PKCS#5 above took many years and minds of highly skilled > cryptographers. > There is NO place for homebrew solutions. Aka any "good idea of not > storing deterministic randomness" is doomed even before born. > > Plain _using_ ready libraries need understanding how crypto > works. So read books you were given and dig the net for articles > about crypto. For now use simpliest but tested solutions. > > Pozdrawiam, Ohir. > > -- > > Wojciech S. Czarnecki > << ^oo^ >> OHIR-RIPE
-- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
