Bruno, Thanks for the clarification. The thread you sent me seems to be referring to a Sign and Verify process whereby you Sign the message with your private key and the recipient can Verify it with your public key. This ensures the message was sent by the owner of the public/private key pair. I still don't see a need to distribute the private key to anyone. What am I missing?
-Roger On Wed, Aug 19, 2015 at 4:05 PM Bruno Barberi Gnecco < [email protected]> wrote: > Roger, I get that is the usual path, but actually, you can use > private keys for > encryption and public keys for decryption. > > > http://security.stackexchange.com/questions/9957/can-i-use-a-private-key-as-a-public-key-and-vice-versa > > As I mentioned in another reply, I'm trying to avoid the pair of > keys since I'll only be > sending data in one direction. > > > Bruno, > > It seems your logic is off. Public keys are used to encrypt a message. > Private keys are > > used to decrypt a message (not the other way around). > > > > You never have to send your private key to anyone. You only need > someone's public key to > > send them an encrypted message (and they need your public key to send > you an encrypted > > message). Private keys are never exchanged. > > > > Make sense? > > > > -Roger > > > > > > On Tue, Aug 18, 2015, 6:06 PM Bruno Barberi Gnecco < > [email protected] > > <mailto:[email protected]>> wrote: > > > > I wanted to avoid the clients having keys, to avoid the > hassle of managing > > those keys. If > > I could encrypt with my private key all I'd need would be to > distribute my public key to > > all clients. I know it is less safe -- anybody with the public key > would be able to > > decrypt it, so it doesn't provide more security than just signing -- > but it's a pure block > > of characters instead of a signed file that the user tries to open > and thinks "ah I can > > edit this". > > > > Thanks! > > > > > Your client need have a pair - his keys - and then he should > give you his public key. > > > If you encrypt the message with his key, he will read it using > his private key. > > > > > > If you sign the message with your private key, he will verify the > message using > > your public key. > > > > > > Users give to others only public keys, private keys are kept on > their side. > > > > > > Of course you may prepare key pair for your client and give them > to him, but to > > encrypt the message you need only his key. > > > > > > I have an impression you want to encrypt and sign using this same > keypair, and then > > use this same keypair to read/verify the message. It is not really a > good approach I > > think. > > > > > > -- > > > Pozdrawiam > > > Paweł Górny > > > > > > Sent from my BlackBerry Passport > > > Original Message > > > From: Bruno Barberi Gnecco > > > Sent: wtorek, 18 sierpnia 2015 23:50 > > > To: OpenPGP.js Mailing List > > > Reply To: OpenPGP.js Mailing List > > > Subject: Re: [openpgpjs] Decrypting with a public key > > > > > > Thanks for the fast response! > > > > > > But I don't want to send both the private and the public key to > the client. It would > > > easily defeat any security. > > > > > >> You should use > > >> > > >> signAndEncryptMessage > > >> > > >> http://openpgpjs.org/openpgpjs/doc/openpgp.js.html#line93 > > >> > > >> If you want to encrypt - you need public key of the recipient, > if you want to > > decrypt - > > >> your private key; > > >> If you want to sign - your private key. If you want to verify > signature - public > > key of > > >> the sender. > > >> > > >> W dniu 18.08.2015 o 23:09, Bruno Barberi Gnecco pisze: > > >>> Hi, > > >>> > > >>> I posted this as an issue but it seems more appropriate to this > list. > > >>> > > >>> Is it possible to encrypt with a private key and decrypt with a > public key? I > > want to send > > >>> data that is guaranteed to be from a sender and I'd rather not > send it as clear > > text, so > > >>> just signClearMessage() is not an option. > decryptAndVerifyMessage() requires both the > > >>> public and private keys, so also not an option. > > >>> > > >>> I can encrypt with a private key easily: > > >>> > > >>> var publicKey = > openpgp.key.readArmored(fs.readFileSync('public.key', 'utf-8')); > > >>> var privateKey = > openpgp.key.readArmored(fs.readFileSync('private.key', > > >>> 'utf-8')).keys[0]; > > >>> privateKey.decrypt(PASSPHRASE); > > >>> openpgp.encryptMessage(privateKey, > text).then(function(pgpMessage){ // yes, > > private }); > > >>> > > >>> But trying to decrypt with a public key does not work. This > returns Error: > > Private key is > > >>> not decrypted. > > >>> > > >>> pgpMessage = openpgp.message.readArmored(pgpMessage); > > >>> openpgp.decryptMessage(publicKey.keys[0], > pgpMessage).then(function(plain) { > > >>> .... > > >>> }); > > >>> > > >>> But publicKey.keys[0].decrypt(PASSPHRASE) throw Error: Nothing > to decrypt in a > > public key. > > >>> > > >>> Any tips? > > >>> > > >>> _______________________________________________ > > >>> > > >>> http://openpgpjs.org > > >>> Subscribe/unsubscribe:http://list.openpgpjs.org > > >> > > >> > > >> -- > > >> Paweł Górny > > >> mailto:[email protected] <mailto:[email protected]> > http://pawelgorny.com > > >> * only way to feel the noise is when it's good and loud * > > >> > > >> In reply please use the key: 0xF0F72044 > > >> > > >> > > >> > > >> _______________________________________________ > > >> > > >> http://openpgpjs.org > > >> Subscribe/unsubscribe: http://list.openpgpjs.org > > >> > > > > > > > > _______________________________________________ > > > > http://openpgpjs.org > > Subscribe/unsubscribe: http://list.openpgpjs.org > > > > > > > > _______________________________________________ > > > > http://openpgpjs.org > > Subscribe/unsubscribe: http://list.openpgpjs.org > > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org
_______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
