Roger, I get that is the usual path, but actually, you can use private keys for encryption and public keys for decryption.
http://security.stackexchange.com/questions/9957/can-i-use-a-private-key-as-a-public-key-and-vice-versa As I mentioned in another reply, I'm trying to avoid the pair of keys since I'll only be sending data in one direction. > Bruno, > It seems your logic is off. Public keys are used to encrypt a message. > Private keys are > used to decrypt a message (not the other way around). > > You never have to send your private key to anyone. You only need someone's > public key to > send them an encrypted message (and they need your public key to send you an > encrypted > message). Private keys are never exchanged. > > Make sense? > > -Roger > > > On Tue, Aug 18, 2015, 6:06 PM Bruno Barberi Gnecco <[email protected] > <mailto:[email protected]>> wrote: > > I wanted to avoid the clients having keys, to avoid the hassle > of managing > those keys. If > I could encrypt with my private key all I'd need would be to distribute > my public key to > all clients. I know it is less safe -- anybody with the public key would > be able to > decrypt it, so it doesn't provide more security than just signing -- but > it's a pure block > of characters instead of a signed file that the user tries to open and > thinks "ah I can > edit this". > > Thanks! > > > Your client need have a pair - his keys - and then he should give you > his public key. > > If you encrypt the message with his key, he will read it using his > private key. > > > > If you sign the message with your private key, he will verify the > message using > your public key. > > > > Users give to others only public keys, private keys are kept on their > side. > > > > Of course you may prepare key pair for your client and give them to > him, but to > encrypt the message you need only his key. > > > > I have an impression you want to encrypt and sign using this same > keypair, and then > use this same keypair to read/verify the message. It is not really a good > approach I > think. > > > > -- > > Pozdrawiam > > Paweł Górny > > > > Sent from my BlackBerry Passport > > Original Message > > From: Bruno Barberi Gnecco > > Sent: wtorek, 18 sierpnia 2015 23:50 > > To: OpenPGP.js Mailing List > > Reply To: OpenPGP.js Mailing List > > Subject: Re: [openpgpjs] Decrypting with a public key > > > > Thanks for the fast response! > > > > But I don't want to send both the private and the public key to the > client. It would > > easily defeat any security. > > > >> You should use > >> > >> signAndEncryptMessage > >> > >> http://openpgpjs.org/openpgpjs/doc/openpgp.js.html#line93 > >> > >> If you want to encrypt - you need public key of the recipient, if you > want to > decrypt - > >> your private key; > >> If you want to sign - your private key. If you want to verify > signature - public > key of > >> the sender. > >> > >> W dniu 18.08.2015 o 23:09, Bruno Barberi Gnecco pisze: > >>> Hi, > >>> > >>> I posted this as an issue but it seems more appropriate to this list. > >>> > >>> Is it possible to encrypt with a private key and decrypt with a > public key? I > want to send > >>> data that is guaranteed to be from a sender and I'd rather not send > it as clear > text, so > >>> just signClearMessage() is not an option. decryptAndVerifyMessage() > requires both the > >>> public and private keys, so also not an option. > >>> > >>> I can encrypt with a private key easily: > >>> > >>> var publicKey = > openpgp.key.readArmored(fs.readFileSync('public.key', 'utf-8')); > >>> var privateKey = > openpgp.key.readArmored(fs.readFileSync('private.key', > >>> 'utf-8')).keys[0]; > >>> privateKey.decrypt(PASSPHRASE); > >>> openpgp.encryptMessage(privateKey, text).then(function(pgpMessage){ > // yes, > private }); > >>> > >>> But trying to decrypt with a public key does not work. This returns > Error: > Private key is > >>> not decrypted. > >>> > >>> pgpMessage = openpgp.message.readArmored(pgpMessage); > >>> openpgp.decryptMessage(publicKey.keys[0], > pgpMessage).then(function(plain) { > >>> .... > >>> }); > >>> > >>> But publicKey.keys[0].decrypt(PASSPHRASE) throw Error: Nothing to > decrypt in a > public key. > >>> > >>> Any tips? > >>> > >>> _______________________________________________ > >>> > >>> http://openpgpjs.org > >>> Subscribe/unsubscribe:http://list.openpgpjs.org > >> > >> > >> -- > >> Paweł Górny > >> mailto:[email protected] <mailto:[email protected]> > http://pawelgorny.com > >> * only way to feel the noise is when it's good and loud * > >> > >> In reply please use the key: 0xF0F72044 > >> > >> > >> > >> _______________________________________________ > >> > >> http://openpgpjs.org > >> Subscribe/unsubscribe: http://list.openpgpjs.org > >> > > > > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org > > > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org > _______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
