Skar Karthikeyan wrote: > I want to send data from my machine to another one and the remote > machine should be able to decrypt and make sense of the data only > if it has the correct credentials, like a key file.
SSL is designed for applications like this. > I'm a new to openssl and public key systems. From what I understand > from the docs, I should be able to generate a key pair, 1 public and > another private. Now, I've created a private RSA key and extracted the > public key. Next, I signed the data using the private key and sent it > to the remote machine. I also copied the exported public key to the > remote machine too. The remote machine can verify the data and I can > see the data I originally signed. No, don't do that. Use SSL. If you try to invent your own way to do things, it is very, very unlikely to be secure. > However, I've got 2 doubts: > 1) Am I doing it right? Is the signed data secure and not accessible > to anyone without the public/private key? Of course, hackers can > always break it, I understand that. But, otherwise I'm following the > right process/idiom? No. Signing data only prevents it from being tampered with, it does not hide it. > 2) If the data size is bigger, I get the error "data greater than > mod len:rsa_eay.c:660:". How do I deal with this case? You are using RSA as an encryption/signature algorithm. IS IT NOT ONE! It is a primitive that can be used to make very good encryption and signature algorithms by cryptography experts. You would be wise to use their work rather than trying to re-invent it. > Thanks for the great s/w and thanks in advance for any help :) What you want is probably SSL, which is specifically designed to protect data transported over a network from prying eyes and to authenticate the endpoint(s). Don't use bits and pieces and try to get them to work together, your odds of getting it right are vanishingly small. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
