skar wrote: > Now the remaining part is, how do I encrypt a file on my machine, so > that only the client machines with the right key can decrypt them? I > could keep the public key with me and have the private key on the client > machines. But I don't know of a way to have only the private key alone, > as openssl also allows extracting the public key from the private key. > More over, I'd be giving away the private key away while keeping the > public key for myself, which is ridiculous. Any ideas?
Have the client send the server its public key. The server can then encrypt the file so that only the client can access it. Alternatively, you can just have the client software decrypt the file. It's hard to say because you still haven't stated any of your requirements. Either the client or the server has to encrypt the file such that the client can decrypt it. Which one and what algorithm depends on why you are trying to do this, and it's not clear why. One way would be for the client to generate a random 128-bit key and send it to the server. The server can encrypt the data using this random 128-bit key and send it to the client. The client can then write out a header including the 128-bit key (encrypted however you like) before the data received from the server. Another way would be for the file to be pre-encrypted on the server. The server can send the key to the client before it sends the file. The client can then store the key (encrypted however you like) along with the file. I suggest you find someone familiar with encryption and have a dialogue with them until a solution emerges. It's just going to take ridiculously long going back and forth this way because you don't seem to have any kind of statement of your requirements. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
