--- "Buicliu, Ion VSA:EX" <[EMAIL PROTECTED]> wrote:
> I am trying to do the following: > - create a private and public key (self-signed > certificate) > - encrypt a file and place on an ftp server > - the client will pick up the file and decrypt it > using the PUBLIC key > > Here is what I did to create the certificate: > openssl genrsa -out sfu.key 1024 > openssl req -new -key sfu.key -out sfu.csr > openssl x509 -req -days 30 -in sfu.csr -signkey > sfu.key -out sfu.cert > > Then encrypt: > openssl smime -encrypt -des3 -binary sfu.cert > <bfile >bfile.enc > > At this stage I was thinking that I would pass the > public cert > (sfu.cert) to the user and ask them to do the > decryption like this: > openssl smime -decrypt -inkey sfu.cert > <vsvic3f03.enc >vsvic3f03.out > > This doesn't work. The error is: "unable to load > signing key file" > > This is what works, using the private key: > openssl smime -decrypt -inkey sfu.key <vsvic3f03.enc > >vsvic3f03.out > > This is not what I want. > How can I encrypt a file, have it safe on a public > site (for ftp) and > have the client use a public key to decrypt it? I am afraid you are doing things against the recommendations of public key crypto. If you really want the client use a public key to decrypt it, then remember that what you have is a signature and that you are merely verifying it. Since public key is public. OTOH, if you want to do public key decryption then you could do first encrypt with the client's public key... Since I am not quite clear what is it that you want to accomplish, I can only tell you this much that if you encrypt with public key, you decrypt with private key and vice versa. regards, Girish > > I am a bit new at this, so I am eager to learn as > much as possible about > it. > Thank you. > > > Ion Buicliu > mailto:[EMAIL PROTECTED] > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
