Thank you Girish, I understand now. The combination: encrypt with public key - decrypt with private works.
What we are trying to do is to place an encrypted file on our ftp server for a specific user. The ftp server is behind a firewall, and the user can access and see only its account, and they are supposed to get the file and decrypt it. As far as we are concerned, we'd like to make sure that the file on our ftp server is as safe as possible. This can work if only that user has the private key to decrypt the file. I would like to hear any suggestions to make this file transfer as secure as possible. Ion Buicliu --- "Buicliu, Ion VSA:EX" <[EMAIL PROTECTED]> wrote: > I am trying to do the following: > - create a private and public key (self-signed > certificate) > - encrypt a file and place on an ftp server > - the client will pick up the file and decrypt it using the PUBLIC key > > Here is what I did to create the certificate: > openssl genrsa -out sfu.key 1024 > openssl req -new -key sfu.key -out sfu.csr openssl x509 -req -days 30 > -in sfu.csr -signkey sfu.key -out sfu.cert > > Then encrypt: > openssl smime -encrypt -des3 -binary sfu.cert <bfile >bfile.enc > > At this stage I was thinking that I would pass the public cert > (sfu.cert) to the user and ask them to do the decryption like this: > openssl smime -decrypt -inkey sfu.cert <vsvic3f03.enc >vsvic3f03.out > > This doesn't work. The error is: "unable to load signing key file" > > This is what works, using the private key: > openssl smime -decrypt -inkey sfu.key <vsvic3f03.enc > >vsvic3f03.out > > This is not what I want. > How can I encrypt a file, have it safe on a public site (for ftp) and > have the client use a public key to decrypt it? I am afraid you are doing things against the recommendations of public key crypto. If you really want the client use a public key to decrypt it, then remember that what you have is a signature and that you are merely verifying it. Since public key is public. OTOH, if you want to do public key decryption then you could do first encrypt with the client's public key... Since I am not quite clear what is it that you want to accomplish, I can only tell you this much that if you encrypt with public key, you decrypt with private key and vice versa. regards, Girish > > I am a bit new at this, so I am eager to learn as much as possible > about it. > Thank you. > > > Ion Buicliu > mailto:[EMAIL PROTECTED] > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
