Bruno, It seems your logic is off. Public keys are used to encrypt a message. Private keys are used to decrypt a message (not the other way around).
You never have to send your private key to anyone. You only need someone's public key to send them an encrypted message (and they need your public key to send you an encrypted message). Private keys are never exchanged. Make sense? -Roger On Tue, Aug 18, 2015, 6:06 PM Bruno Barberi Gnecco <[email protected]> wrote: > I wanted to avoid the clients having keys, to avoid the hassle of > managing those keys. If > I could encrypt with my private key all I'd need would be to distribute my > public key to > all clients. I know it is less safe -- anybody with the public key would > be able to > decrypt it, so it doesn't provide more security than just signing -- but > it's a pure block > of characters instead of a signed file that the user tries to open and > thinks "ah I can > edit this". > > Thanks! > > > Your client need have a pair - his keys - and then he should give you > his public key. > > If you encrypt the message with his key, he will read it using his > private key. > > > > If you sign the message with your private key, he will verify the > message using your public key. > > > > Users give to others only public keys, private keys are kept on their > side. > > > > Of course you may prepare key pair for your client and give them to him, > but to encrypt the message you need only his key. > > > > I have an impression you want to encrypt and sign using this same > keypair, and then use this same keypair to read/verify the message. It is > not really a good approach I think. > > > > -- > > Pozdrawiam > > Paweł Górny > > > > Sent from my BlackBerry Passport > > Original Message > > From: Bruno Barberi Gnecco > > Sent: wtorek, 18 sierpnia 2015 23:50 > > To: OpenPGP.js Mailing List > > Reply To: OpenPGP.js Mailing List > > Subject: Re: [openpgpjs] Decrypting with a public key > > > > Thanks for the fast response! > > > > But I don't want to send both the private and the public key to the > client. It would > > easily defeat any security. > > > >> You should use > >> > >> signAndEncryptMessage > >> > >> http://openpgpjs.org/openpgpjs/doc/openpgp.js.html#line93 > >> > >> If you want to encrypt - you need public key of the recipient, if you > want to decrypt - > >> your private key; > >> If you want to sign - your private key. If you want to verify signature > - public key of > >> the sender. > >> > >> W dniu 18.08.2015 o 23:09, Bruno Barberi Gnecco pisze: > >>> Hi, > >>> > >>> I posted this as an issue but it seems more appropriate to this list. > >>> > >>> Is it possible to encrypt with a private key and decrypt with a public > key? I want to send > >>> data that is guaranteed to be from a sender and I'd rather not send it > as clear text, so > >>> just signClearMessage() is not an option. decryptAndVerifyMessage() > requires both the > >>> public and private keys, so also not an option. > >>> > >>> I can encrypt with a private key easily: > >>> > >>> var publicKey = openpgp.key.readArmored(fs.readFileSync('public.key', > 'utf-8')); > >>> var privateKey = openpgp.key.readArmored(fs.readFileSync('private.key', > >>> 'utf-8')).keys[0]; > >>> privateKey.decrypt(PASSPHRASE); > >>> openpgp.encryptMessage(privateKey, text).then(function(pgpMessage){ // > yes, private }); > >>> > >>> But trying to decrypt with a public key does not work. This returns > Error: Private key is > >>> not decrypted. > >>> > >>> pgpMessage = openpgp.message.readArmored(pgpMessage); > >>> openpgp.decryptMessage(publicKey.keys[0], > pgpMessage).then(function(plain) { > >>> .... > >>> }); > >>> > >>> But publicKey.keys[0].decrypt(PASSPHRASE) throw Error: Nothing to > decrypt in a public key. > >>> > >>> Any tips? > >>> > >>> _______________________________________________ > >>> > >>> http://openpgpjs.org > >>> Subscribe/unsubscribe:http://list.openpgpjs.org > >> > >> > >> -- > >> Paweł Górny > >> mailto:[email protected] http://pawelgorny.com > >> * only way to feel the noise is when it's good and loud * > >> > >> In reply please use the key: 0xF0F72044 > >> > >> > >> > >> _______________________________________________ > >> > >> http://openpgpjs.org > >> Subscribe/unsubscribe: http://list.openpgpjs.org > >> > > > > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org
_______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
